Wednesday, August 10, 2016

OAM: User Profile Services through REST in OAM Mobile and Social

                In today's post, we are going to cover about the user profile services that are provided by OAM Mobile and Social component. From the Latest OAM versions in release2, Mobile and Social component comes with OOB capabilities in exposing the user profile services as REST services. This will help the applications to easily access the user data from Identity stores configured in OAM through REST services without going through additional development for user operations. In addition to these user profile services, Mobile and Social also provides services for Authentications and Authorizations.

Our example today specifically covers about simple configuration of these user profile services with your desired endpoint.

  • OAM BP07
  • OUD
  • RHEL6/OEL6
  •  Login to OAM Console and click on Configuration on top right
  • Go to Available Services and scroll down to see "Mobile and Social"
  • By default this "Mobile and Social" component is disabled as shown below. Click on "Enable Service"
  • Click on "Enable Service" on the confirmation box. This will make the "Mobile and Social" services available for use.
  • Now Click on  "Mobile Security" in the top navigation and Go to "Mobile and Social".
  • Lets create a Service Provider first which is of type User Profile Service provider. Click on "Create User Profile Service Provider"
  • Provide the Name of Service Provider and Identity Directory Service as shown below
    • Name : IdentitySP
    • Identity Directory Service Name : OUDIDSProfile
  • Make sure the IDSProfile with the name "OUDIDSProfile" is configured properly with the Users and Groups DN information.
  • Click on Save to create this Service Provider.
  • Next we will create a Service Profile in which we configure the above created Service Provider.
  • Click on "Create User Profile Service" to create the Service profile of type "User Profile" 
  • Provide the values as shown in below screenshot. In this configuration, you can define your desired endpoint name as given below.
  • Also specify the Service Provider that was created in earlier steps and check the "Service Enabled" to enable these services.
  • Click on Create to save this "IdentitySP" service profile configuration.
  • Next step is to add this new Service profile as part of a Service Domain. 
  • Click on "Default" service domain and click on Edit to add the service profile
  • Click on Add and provide this new Service Profile Name in the list. 
  • That's all the configuration. Now your services are ready for access.
  • Lets validate this REST service endpoint. Using "Postman" chrome extension, we can validate this REST services.
  • Invoke the REST endpoint by providing
    • Operation : GET
    • URL : http://<OAMHost>:<OAMPort>/oic_rest/rest/IdentitySP/people/<userid>
  • In my example, testuser1 is the user profile that I would like to access. so URL will be
    • http://oamhost:14100/oic_rest/rest/IdentitySP/people/testuser1
  •  As shown above, all the configured IDSProfile attributes can be retrieved using this UserProfile services through REST endpoints provided by OAM Mobile and Social.
  • Some more URIs for more operations like
    • Read all users:
    • Read all groups: http://oamhost:14100/oic_rest/rest/IdentitySP/groups
    • Read user groups : http://oamhost:14100/oic_rest/rest/IdentitySP/people/testuser1/memberOf
    • Read group memebers : http://oamhost:14100/oic_rest/rest/IdentitySP/groups/test/members  
For more information related to these REST services, you can refer to Oracle docs here. 
Thank you for visiting.