setAuthentication

Purpose

Sets the authentication settings of default authentication profile of the tenant to edit it.

HTTP Method

POST

URL

https://app.infiniteblue.com/rest/api/setAuthentication

URL Parameters

sessionId

The session ID obtained from the body of the response when calling login.

output

Optional parameter specifying the output format, one of: xml (default) or json.

authType

Specifies the authentication type. Valid values are:

The following are the parameters for Password authentication.

  • formula

    The custom validation formula.

  • useSecQuestions

    A true value specifies that users must create and answer security questions.

  • mustAnswerQuestionsInProfile

    The number of security questions a user must answer. Valid values are 2, 3, and 4.

  • mustAnswerPreviouslyAnswered

    The number of previously answered security questions a user must answer to be authenticated. Valid values are 1 and 2.

  • securityLevel

    The security level as a number, where 1=low, 2=medium, and 3=high.

  • expirPolicy

    The number of days before a password expires. Set to 0 for no password expiration (the default) and a value of at least the value of the shared property MinExpirationPolicy (30 by default) otherwise. For OpenEdge authentication, the parameter managePassword must be true in order to set this parameter.

  • questionX

    Security questions, where X is a number between 0 and 11. A maximum of 12 security questions is allowed.

  • useKnowledgeFactorToken

    This must be set to true to use a knowledge factor token. See User authentication and password management for more information.

  • knowledgeFactorToken

    This must be a mandatory field from the User object definition that can be configured as a token. See User authentication and password management for more information.

  • passwordActivationContextExpiry

    The password activation link expiry time. See User authentication and password management for more information.

  • newUserPasswordActivationContextExpiry

    This is the activation link expiry time. See User authentication and password management for more information.

The following are the parameters for LDAP authentication.

  • targetURL

    This is the mandatory target URL.

  • securityAuthentication

    The authentication mechanism to implement. See Configuring LDAP Authentication for details.

  • securityPrincipal

    The name of the user or program doing the authentication. Typically, this is a query string to search the LDAP database.

  • securityCredential

    The credentials of the user or program doing the authentication.

  • additionalParamKeys

    A JSON array of keys for additional parameters. Only one additional parameter is currently allowed.

  • additionalParamValues

    A JSON array of values for additional parameters. Only one additional parameter is currently allowed.

The following are the parameters for HTTP POST authentication.

  • targetURL

    This is the mandatory target URL.

  • responseText

    This is the mandatory text that must be present in HTTP response to indicate whether the authentication was successful.

  • httpBody

    The template for the body of the HTTP POST request (typically a SOAP call). This must include tokens for user input.

  • headerKeys

    A JSON array of header keys. The first header key for HTTP POST must always be Content-Type. Only five headers are currently allowed.

  • headerValues

    A JSON array of header values. The first header value for HTTP POST must be the content type. Only five headers are currently allowed.

The following are the parameters for HTTP GET authentication.

  • targetURL

    This is the mandatory target URL.

  • responseText

    This is the mandatory text that must be present in HTTP response to indicate whether the authentication was successful.

  • httpBody

    The template for the body of the HTTP POST request (typically a SOAP call). This must include tokens for user input.

  • headerKeys

    A JSON array of header keys. The first header key for HTTP POST must always be Content-Type. Only five headers are currently allowed.

  • headerValues

    A JSON array of header values. The first header value for HTTP POST must be the content type. Only five headers are currently allowed.

The following are the parameters for OpenEdge authentication.

  • realmURL

    This is the mandatory realm URL. See Configuring OpenEdge Authentication for details.

  • realmClass

    This is the mandatory realm class. See Configuring OpenEdge Authentication for details.

  • openEdgeDomain

    The name of the domain to which the OpenEdge user must belong. See Configuring OpenEdge Authentication for details.

  • openEdgeAccessCode

    The code or key required for an OpenEdge user to access the OpenEdge domain. See Configuring OpenEdge Authentication for details.

  • noHostVerify

    If true, OpenEdge authentication will not validate the hostname of the OpenEdge realm URL. See Configuring OpenEdge Authentication for details.

  • managePassword

    Enables password management options. See Configuring OpenEdge Authentication for details.

  • passwordGuidelines

    The text on the Change Password page that describes password guidelines. The managePassword parameter must be true in order to set this parameter.

  • suLoginname

    The Super Admin login name.

  • suPassword

    The Super Admin password.

  • guestLoginname

    The guest login name.

  • guestPassword

    The guest password.

  • certJarFileContent

    The certificate JAR file content. It should be a Base64 encoded string.

  • certJarFileName

    The certificate JAR file name.

  • certJarFileContentType

    The certificate JAR file content type.

  • tokenFileContent

    The token file content. It should be a Base64 encoded string.

  • tokenFileName

    The token file name.

  • tokenFileContentType

    The token file content type.

The following are the parameters for LDAP Advanced authentication.

  • targetURL

    This is the mandatory target URL.

  • baseDistinguishedName

    The root distinguished name (DN) to use while running queries against your directory server. See Configuring LDAP Advanced Authentication for more information.

  • additionalUserDN

    The value to be used in addition to the base DN when searching for and loading users. See Configuring LDAP Advanced Authentication for more information.

  • authenticationType

    The authentication mechanism to implement. See Configuring LDAP Advanced Authentication for more information.

  • searchCapabilities

    The LDAP authentication requirements to search for and get results from a search query. Valid values are Anonymous and Authenticated. See Configuring LDAP Advanced Authentication for more information.

  • adminSecurityPrincipal

    The admin security principal. This parameter is only applicable if searchCapabilities is Authenticated. See Configuring LDAP Advanced Authentication for more information.

  • adminSecurityCredential

    The admin security credential. This parameter is only applicable if searchCapabilities is Authenticated. See Configuring LDAP Advanced Authentication for more information.

  • userNameAttribute

    The attribute field to use when loading the user name. See Configuring LDAP Advanced Authentication for more information.

  • additionalParamKeys

    A JSON array of keys for additional parameters. Only one additional parameter is currently allowed.

  • additionalParamValues

    A JSON array of values for additional parameters. Only one additional parameter is currently allowed.

The following are the parameters for SAML authentication.

  • samlAttributeMap

    These are the mandatory URL encoded values. Providing the loginName attribute mapping is compulsory.

  • idpCertificateFileContent

    This is the mandatory content of the IDP metadata file.

    Note: Before encoding the URL, the file content should be encoded to base 64 with ISO-8859-1 charset.

  • issuer

    This is the mandatory value of the entityID attribute of the EntityDescriptor element in the IdP metadata file.

  • entityId

    This is the mandatory entity ID of the service provider. This is the value of the entityID attribute of the EntityDescriptor element in the SP metadata file.

  • samlAuthnContextComparison

    This must be set to one of the four comparison values (better, exact, maximum and minimum). If no value is set or some random value is set, the value will automatically default to the value minimum. See Configuring SAML/ADFS Authentication for a Tenant for more information.

  • samlIdpLoginUrl

    The URL the users of the tenant should use to initiate SAML login. This is the value of the Location attribute in the SingleSignOnService element for the HTTP-POST binding in the IdP metadata file.

  • samlIdpLogoutUrl

    A custom URL can be configured by the SAML customer administrator to redirect the user after logout.

  • idpFileContentType

    The file type of the IdP content, that is, MIME. As an XML file will be sent, it is indicated as application/xml.

  • samlAssertionConsumerIndex

    The index of the URLs to be used in the SP metadata. In general, multiple URLs are not supported by most of the IdPs, so you can set this to the default of 0.

  • samlAuthClasses

    User provided SAML authentication context classes names as comma separated values. For example:

    SAMLAuthClasses=PasswordProtectedTransport,Password,Public Key -X.509

  • requestSignatureMethod

    A signature method alogorithm to be used to sign the request being sent to the IDP. The supported algorithms are RSA-SHA1 and RSA-SHA256. The default value is RSA-SHA1.

Permissions Required

Full administrative privileges.

Response

The authentication for the tenant in JSON format.

Sample JSON output 

{"status":"ok" }

Sample invalid response 

{
"status":"fail",
"message":"You cannot edit the authentication type which is not a default authentication profile."
}