Creating an SSO User via Webservice
- Raymond Cascella (DLC) (Unlicensed)
- Vinesh Malviya
- Scott Hoppe
- Ezra Wolfe (DLC - Disabled) (Unlicensed)
Following steps to be followed for creating SSO user via Webservice
Step1:
We need to Create User first
Endpoint - user.json
Method - POST
Below payload will create a user with the roles “course author” (105847459) and “reviewer” (175031666), by sending the corresponding role ids (rid) as an array of values.
{
"name": "newuser_username",
"mail": "newuser@dlc-solutions.com",
"status": 1,
"roles": [
{
"id": 105847459
},
{
"id": 175031666
}]
}If user created successfully following response will be received
{"uri":"http://your-domain.com/user/123","id":"123","resource":"user"}Step 2:
Create Profile of user
Note:- A profile to an account requires the user id (uid) to be assigned to the user field in the profile data. In the previous creation request the uid value returned is 123 (Passing "user": 123)
Endpoint - profile2.json
Method - POST
{
"user": 123,
"label": "Profile",
"type": "profile",
"field_first_name": "John",
"field_middle_name": "Middle",
"field_last_name": "Smith",
"field_profile_location":
{
"street": "123 S Broad Street",
"additional": "Suite 2260",
"city": "Philadelphia",
"province": "PA",
"postal_code": "19109",
"country": "us"
}
}A successful profile creation request returns the following:
{"uri":"http://your-domain.com/profile2/72","id":"72","resource":"profile2"}
Related document - Creating a user via web service
Step 3:
There is an additional step to connect an account to an SSO service.
Before calling below Endpoint we need to verify is user already mapped or not using
http://your-domain.com/authmap.json?uid=123[We are passing the user id which was created, if it returns empty list we call Endpoint]
Endpoint - authmap.json
Method - POST
The required values for creating the mapping for connecting account to SSO, are the EthosCE user ID (UID), the external identity provider's user ID (authname), and the authentication service name. The authentication service name may vary per customer, and can be provided by a Product Specialist. In the example below, customers using SAML SSO, have a value of simplesamlphp_auth.
123 --> This is the user id returned when user was created
ethosce_authname --> SSO USER NAME we want to MAP
modulename will be simplesamlphp_auth for all entries
Eg. if SSO username is TU06503
A successful return will provide an array detailing the new authmap record information
For above response below are details of each attribute
id: The authentication ID key tracked by the database.
uri: The unique URI used to view or update the resource
resource: The entity type created