API

This page will describe all available functions which can be used on a OpenAM instance.

python-openam is an python wrapper for the OpenAM Rest API.

class openam.Openam(openam_url='', resource=1.0, protocol=1.0, timeout=10, cookiename='iplanetDirectoryPro')[source]

OpenAM Rest Interface.

__init__(openam_url='', resource=1.0, protocol=1.0, timeout=10, cookiename='iplanetDirectoryPro')[source]

Will initialize the openam module.

Parameters:
  • openam_url (str) – The complete URL to the OpenAM server.
  • resource (str) – The username to login.
  • protocol (str) – The password for the user configured in username.
  • timeout (int) – HTTP requests timeout in seconds.
  • cookiename (str) – The name of the cookie.
authenticate(realm=None, username=None, password=None, login_params=None)[source]

Will authenticate the configured user on OpenAM.

When successful, a http header is added to the current headers with the the value of the ‘cookiename’ (Default is set to ‘iplanetDirectoryPro’) name and has the value from the retrieved tokenId.

Parameters:
  • realm (str) – The name of the realm on which the user needs to auhtenticate on. (Optional, when realms are used.)
  • username (str) – The username which is used to authenticate against OpenAM.
  • password (str) – The password for the user configured on ‘username’
  • login_params (str) – Extra arguments that are appended to the authenticate uri. Can be used for authenticating against a module or specific chain. Example: ?authIndexType=module&authIndexValue=myLdapModule
Return type:

dict
Returns:

A dict with the keys ‘succesUrl’ and ‘tokenId’.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> am.authenticate(username="amadmin", password="password_openam")
{u'successUrl': u'/openam/console', u'tokenId': u'AQIC5wM2LY4SfcxpamATDDJ7bGltWGY0fjfPO12mGFymFk8.*AAJTSQA.. '}
>>> am.logout()
change_password(username=None, user_data=None)[source]

Change the password for the given user.

Parameters:
  • username (str) – The username of the identity.
  • user_data (dict) – The old and new password.
Return type:

bool
Returns:

True when successful password change, otherwise a False.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> user_data = {"currentpassword": "secret12", "userpassword": "secret13"}
>>> am.change_password(username="bjensen", user_data=user_data)
True
>>> am.logout()
create_identity(realm=None, type='users', user_data=None)[source]

Create an identity. This can be one of the following types.

  • users
  • agents
  • groups

It can be configured by using the correct value in type. When something else is used other than the 3 mentioned types, users will be used.

Parameters:
  • realm (str) – The name of the realm.
  • type (str) – The type of identity you want to create.
  • user_data (dict) – All necessary information needed to create an identity.
Return type:

json
Returns:

All information regarding the created identity.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> user_data = {"username": "bjensen", "userpassword": "secret12", "mail": "bjensen@example.com"}
>>> am.create_identity(user=user_data)
{u'username': u'bjensen', u'dn': [u'uid=bjensen,ou=people,dc=openam,dc=forgerock,dc=org'], u'realm': u'/'..}
>>> am.create_identity(user=user_data)
{u'reason': u'Conflict', u'code': 409, u'message': u'Resource already exists'}
>>> am.logout()
create_realm(realm_data=None)[source]

Creating a realm.

Parameters:

realm_data (dict) – Realm data that is needed for creating the realm.
Return type:

dict
Returns:

All information regarding the created realm.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> realm_data = {"realm": "myRealm"}
>>> am.create_realm(realm_data=realm_data)
{u'realmCreated': u'/myRealm'}
>>> am.logout()
create_resourcetype(realm=None, resource_data=None)[source]

Creating a resouretype.

Parameters:
  • realm (str) – The name of the realm.
  • resource_data (dict) – All information needed for creating the resourcetype.
Return type:

dict
Returns:

Information about the just created resourcetype.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> create_resourcetype = {
>>>     "name": "My Resource Type",
>>>     "actions": {
>>>         "LEFT": "true",
>>>         "RIGHT": "true",
>>>         "UP": "true",
>>>         "DOWN": "true"
>>>     },
>>>     "patterns": [
>>>         "http://device/location/*"
>>>     ]
>>> }
>>> am.create_resourcetype(resource_data=create_resourcetype)
{u'description': None, u'lastModifiedDate': 1472947547951, u'actions': {u'DOWN': True ...
>>> am.logout()
delete_identity(realm=None, type='users', username=None)[source]

Delete an identity. This can be one of the following types.

  • users
  • agents
  • groups
Parameters:
  • realm (str) – The name of the realm.
  • type (str) – The type of identity you want to delete.
  • username (str) – The username/agentname/groupname that needs to be deleted.
Return type:

json
Returns:

Information if the deleting went successful.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.delete_identity(username="bjensen")
{u'success': u'true'}
>>> am.logout()
delete_realm(realm=None)[source]

Deleting a realm.

Parameters:

realm (str) – The name of the realm.
Return type:

dict
Returns:

Information if delete is successful.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.delete_realm(realm="myRealm")
{u'success': u'true'}
>>> am.logout()
delete_resourcetype(realm=None, uuid=None)[source]

Deleting a resourcetype by providing a uuid.

Parameters:
  • realm (str) – The name of the realm.
  • uuid (str) – The unique uuid.
Return type:

dict
Returns:

Not much.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.delete_resourcetype(uuid="c1d1c11b-f101-4ecd-ab6f-26044e027f87")
{}
>>> am.logout()
get_identity(realm=None, type='users', username=None, fields=None)[source]

Get an identity. This can be one of the following types.

  • users
  • agents
  • groups
Parameters:
  • realm (str) – The name of the realm.
  • type (str) – The type of identity you want to search.
  • username (str) – username/agentname/groupname to lookup.
  • fields (str) – The fields you want to retrieve. When None is given, all information is returned.
Return type:

json
Returns:

False when no user is found, otherwise information about the identity.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.get_identity(username="demo")
{u'username': u'demo', u'dn': [u'uid=demo,ou=people,dc=openam,dc=forgerock,dc=org'], u'realm': u'/',  ...
>>> am.logout()
get_realm(realm=None)[source]

Get information of the given realm.

Parameters:

realm (str) – The name of the realm.
Return type:

dict
Returns:

All information about the realm.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.get_realm(realm="myRealm")
{u'serviceNames': [u'sunAMDelegationService', u'iPlanetAMAuthService', u'iPlanetAMPolicyConfigService', .. }
>>> am.logout()
get_resourcetype(realm=None, uuid=None)[source]

Get all information about a specific resourcetype.

Parameters:
  • realm – The name of the realm.
  • uuid (str) – The unique uuid.
Typr realm:

str
Return type:

dict
Returns:

All information about one resourcetype.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.get_resourcetype(uuid='20a13582-1f32-4f83-905f-f71ff4e2e00d')
{u'description': u'The built-in delegation Resource Type available to OpenAM Policies.', u'lastModifiedDate': 1422892465848, ...
>>> am.logout()
get_serverinfo(property=None)[source]

Get all - or when provided with the property - server related information.

Parameters:

property (str) – The type of information needed. When none is provided, all available configuration is returned (*).
Return type:

dict
Returns:

Server specific information from OpenAM.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> am.authenticate(username="amadmin", password="password_openam")
>>> am.get_serverinfo(property="cookieDomains")
{u'domains': [u'.example.com']}
>>> am.logout()
list_identities(realm=None, type='users', query=None)[source]

List or search an identity. This can be one of the following types.

  • users
  • agents
  • groups
Parameters:
  • realm (str) – The name of the realm.
  • type (str) – The type of identity you want to search.
  • query (str) – Search pattern for finding the correct username/agentname/groupname.
Return type:

json
Returns:

Information of the found identities.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.list_identities(query="demo")
{u'totalPagedResultsPolicy': u'NONE', u'pagedResultsCookie': None, u'totalPagedResults': -1, u'result': [{u'username': u'demo', u'dn' ...
>>> am.logout()
list_realms(realm=None)[source]

Get information on all (sub) realms that are configured.

Parameters:

realm (str) – The name of the realm.
Return type:

dict
Returns:

Information with all realms.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.list_realms()
{u'totalPagedResultsPolicy': u'NONE', u'pagedResultsCookie': None, u'totalPagedResults': -1, u'result': [u'/', u'/myRealm']
>>> am.logout()
list_resourcetypes(realm=None, query=None)[source]

Listing all resourcetypes that are available.

Parameters:
  • realm (str) – The name of the realm.
  • query (str) –
Return type:

dict
Returns:

Information about all resourcetypes.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.list_resourcetypes()
{u'totalPagedResultsPolicy': u'NONE', u'pagedResultsCookie': None, u'totalPagedResults': -1, u'result': [{u'description': u'The built-in delegation ..' ..
>>> am.logout()
logout()[source]

Will logout the current user from OpenAM.

Return type:

bool
Returns:

True if logout was successful, False when won’t.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> am.authenticate(username="amadmin", password="password_openam")
>>> am.logout()
True
session_information(action=None, token=None)[source]

Will give information about the provided session.

Parameters:
  • action (str) –
  • token (str) – The token id.
Return type:

dict
Returns:

Information about the session.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.session_information(action="getMaxTime", token=auth_data['tokenId'])
{u'maxtime': 7199}
>>> am.logout()
token_validation(realm=None, token=None)[source]

Validate if the session is active.

Parameters:
  • realm (str) – The name of the realm.
  • token (str) – The token id.
Return type:

dict
Returns:

Information if token is active or not.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> am.token_validation(token=auth_data['tokenId'])
{u'valid': True, u'realm': u'/', u'uid': u'amadmin'}
>>> am.logout()
update_identity(realm=None, type='users', username=None, user_data=None)[source]

Update an identity. This can be one of the following types.

  • users
  • agents
  • groups
Parameters:
  • realm (str) – The name of the realm.
  • type (str) – The type of identity you want to update.
  • username (str) – The username/agentname/groupname that needs to be updated.
  • user_data (dict) – The information you want to update.
Return type:

json
Returns:

All information regarding the updated identity.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> user_data = { "mail": "demo@example.com" }
>>> am.update_identity(username="demo", user_data=user_data)
{u'username': u'demo', u'dn': [u'uid=demo,ou=people,dc=openam,dc=forgerock,dc=org'], u'realm': u'/',  ...
>>> am.logout()
update_realm(realm=None, realm_data=None)[source]

Updating a realm.

Parameters:
  • realm (str) – The name of the realm.
  • realm_data – Realm data that is needed for updating the realm.
Return type:

dict
Returns:

Information if the update is successful.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> realm_data = {"sunOrganizationStatus": "Inactive"}
>>> am.update_realm(realm="myRealm", realm_data=realm_data)
{u'realmUpdated': u'/myRealm'}
>>> am.logout()
update_resourcetype(realm=None, uuid=None, resource_data=None)[source]

Updating a resourcetype.

Parameters:
  • realm (str) – The name of the realm.
  • uuid (str) – The unique uuid.
  • resource_data (dict) – All information needed for updating the resourcetype.
Return type:

dict
Returns:

Information about the updated resourcetype.
Example:
>>> import openam
>>> am = openam.Openam(openam_url="http://openam.example.com:8080/openam/")
>>> auth_data = am.authenticate(username="amadmin", password="password_openam")
>>> resource_data = {
>>>     "uuid": "c1d1c11b-f101-4ecd-ab6f-26044e027f87",
>>>     "name": "My Updated Resource Type",
>>>     "actions": {
>>>         "LEFT": "false",
>>>         "RIGHT": "false",
>>>         "UP": "false",
>>>         "DOWN": "false"
>>>     },
>>>     "patterns": [
>>>         "http://device/location/*"
>>>     ]
>>> }
{u'description': None, u'lastModifiedDate': 1472947723472, u'actions': { ... }, u'name': u'My Updated Resource Type',
>>> am.logout()
xacml_export_policies(realm=None, query=None)[source]
Parameters:
  • realm
  • query
Returns:
xacml_import_policy(realm=None, policy_data=None, dryrun=None)[source]
Parameters:
  • realm
  • policy_data
  • dryrun
Returns: