Skip to main content
Version: 2.82.x.x LTS

Accessing nevisIDM over REST from nevisAuth ScriptState

The nevisIDM REST services can be accessed from within the nevisAuth AuthState ScriptState with an API included in the package nevisidmcl. To make the API available in the ScriptState, the classpath of the AuthEngine must be extended with the path/opt/nevisidmcl/nevisauth/lib. The API can be used to cover use-cases which are not supported out-of-the-box by the nevisIDM authentication plug-ins.

API

The API is located in the package ch.nevis.idm.client and supports the following elements:

IdmRestClient

The IdmRestClient can be used to access nevisIDM as the nevisauth user. The supported methods are listed in the following table.

MethodInputsOutputDescription
String get
(String url)
String url: URL of the REST endpoint.String containing the JSON response body.Performs a GET request to the input URL. Throws an IdmRestClientException if the return code is greater than or equal to 400.
String patch
(String url, String body)
String url: URL of the REST endpoint.
String body: JSON request body to be used in the PATCH request.
String containing the JSON response body.Performs a PATCH request to the input URL with the input request body. Throws an IdmRestClientException if the return code is greater than or equal to 400.
String post
(String url, String body)
String url: URL of the REST endpoint.
String body: JSON request body to be used in the POST request.
String containing the location header, if available.Performs a POST request to the input URL with the input request body. Throws an IdmRestClientException if the return code is greater than or equal to 400.
void put
(String url)
String url: URL of the REST endpoint.-Performs a PUT request to the input URL. Throws an IdmRestClientException if the return code is greater than or equal to 400.
void delete
(String url)
String url: URL of the REST endpoint.-Performs a DELETE request to the input URL. Throws an IdmRestClientException if the return code is greater than or equal to 400.

IdmRestClientFactory

The IdmRestClientFactory is a factory to get an instance of an IdmRestClient.

MethodOutputDescription
IdmRestClient getInstance()An IdmRestClient instance.A factory to get an instance of an IdmRestClient.

IdmRestClientException

The IdmRestClientException is a runtime exception that is thrown in case of failures in the IdmRestClient.

AuthTokenProvider

The AuthTokenProvider creates a signed token with the provided lifetime for the nevisauth user in nevisIDM.

MethodInputOutputDescription
String getAuthTokenString(long timeToLive)long timeToLive: The lifetime of the signed token in seconds.String containing a signed token for the nevisauth user in nevisIDM.Creates a signed token for the nevisauth user in nevisIDM. The lifetime of the token corresponds with the value provided in timeToLive. Throws an AuthTokenProviderException in case of failure.

AuthTokenProviderFactory

The AuthTokenProviderFactory is a factory to get an instance of an AuthTokenProvider.

MethodOutputDescription
AuthTokenProvider getInstance()An AuthTokenProvider instance.A factory to get an instance of an AuthTokenProvider.

AuthTokenProviderException

The AuthTokenProviderException is a runtime exception that is thrown in case of failures in the AuthTokenProvider.

Example

The following code block shows a simple GET REST request example to retrieve all pending terms of a user.

NevisAuth ScriptState Configuration

 <AuthState name="IdmLoginRestGetTerms" class="ch.nevis.idm.authstate.IdmPasswordVerifyState" authLevel="auth.weak">
<ResultCond name="ok" next="IdmRestGetTerms"/>
<ResultCond name="default" next="IdmLoginRestGetTerms"/>
<Response value="AUTH_CONTINUE">
<Gui name="AuthUidPwDialog" label="login.uidpw.label">
<GuiElem name="lasterror" type="error" label="${notes.lasterrorinfo}" value="${notes.lasterror}"/>
<GuiElem name="client" type="text" label="client.label" value="${notes.client}"/>
<GuiElem name="isiwebuserid" type="text" label="userid.label" value="${notes.loginid}"/>
<GuiElem name="isiwebpasswd" type="pw-text" label="password.label"/>
<GuiElem name="submit" type="button" label="submit.button.label" value="Login"/>
</Gui>
</Response>
</AuthState>

<AuthState name="IdmRestGetTerms" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<ResultCond name="ok" next="AuthDone"/>
<ResultCond name="failed" next="AuthError"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/get-terms.groovy"/>
<property name="parameter.baseUrl" value="https://<your-host>:8989/nevisidm/api" />
</AuthState>

Script get-terms.groovy

import ch.nevis.idm.client.IdmRestClient
import ch.nevis.idm.client.IdmRestClientFactory
import groovy.json.JsonSlurper

IdmRestClient idmRestClient = new IdmRestClientFactory().getInstance()

String baseUrl = parameters.get('baseUrl')
String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
String endPoint = "$baseUrl/core/v1/$clientExtId/users/$userExtId/terms-pending"

String result
try {
result = idmRestClient.get(endPoint)
} catch(Exception e) {
LOG.error(e)
response.setResult('failed')
return
}
def json = new JsonSlurper().parseText(result)
String pendingTermsExtIds = json['items'].extId.join(',')
session.put('ch.adnovum.nevisidm.user.pendingTermsExtIds', pendingTermsExtIds)
response.setResult('ok')