Download OpenAPI specification:Download
The Manager API allows an administrator to modify the LemonLDAP::NG configuration programmatically. It is not meant to be accessed by end users. The client libraries mentionned in examples can be generated from doc/sources/manager-api/openapi-spec.yaml
SAML Service provider to add
confKey required | string (confKey) ^\w[\w\.\-]*$ |
metadata required | string |
exportedAttributes | object |
macros | object |
object (samlOptions) |
{- "confKey": "string",
- "metadata": "<?xml version=\"1.0\"?><EntityDescriptor...",
- "exportedAttributes": { },
- "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "checkSSOMessageSignature": 1,
- "sessionNotOnOrAfterTimeout": 72000,
- "signSLOMessage": -1,
- "enableIDPInitiatedURL": true,
- "oneTimeUse": true,
- "checkSLOMessageSignature": 1,
- "encryptionMode": "none",
- "notOnOrAfterTimeout": 72000,
- "authnLevel": 0,
- "rule": "string",
- "forceUTF8": 1,
- "signSSOMessage": -1,
- "nameIDSessionKey": "string",
- "nameIDFormat": "unspecified"
}
}
{- "error": "string"
}
Takes a search pattern to be tested against existing service providers
pattern required | string Examples:
Search pattern |
[- {
- "confKey": "string",
- "metadata": "<?xml version=\"1.0\"?><EntityDescriptor...",
- "exportedAttributes": { },
- "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "checkSSOMessageSignature": 1,
- "sessionNotOnOrAfterTimeout": 72000,
- "signSLOMessage": -1,
- "enableIDPInitiatedURL": true,
- "oneTimeUse": true,
- "checkSLOMessageSignature": 1,
- "encryptionMode": "none",
- "notOnOrAfterTimeout": 72000,
- "authnLevel": 0,
- "rule": "string",
- "forceUTF8": 1,
- "signSSOMessage": -1,
- "nameIDSessionKey": "string",
- "nameIDFormat": "unspecified"
}
}
]
entityId required | string Example: entityId=http://mysp.example.com/saml/metadata Entity ID to search |
{- "confKey": "string",
- "metadata": "<?xml version=\"1.0\"?><EntityDescriptor...",
- "exportedAttributes": { },
- "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "checkSSOMessageSignature": 1,
- "sessionNotOnOrAfterTimeout": 72000,
- "signSLOMessage": -1,
- "enableIDPInitiatedURL": true,
- "oneTimeUse": true,
- "checkSLOMessageSignature": 1,
- "encryptionMode": "none",
- "notOnOrAfterTimeout": 72000,
- "authnLevel": 0,
- "rule": "string",
- "forceUTF8": 1,
- "signSSOMessage": -1,
- "nameIDSessionKey": "string",
- "nameIDFormat": "unspecified"
}
}
Returns a single Service Provider
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of SAML Service Provider |
{- "confKey": "string",
- "metadata": "<?xml version=\"1.0\"?><EntityDescriptor...",
- "exportedAttributes": { },
- "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "checkSSOMessageSignature": 1,
- "sessionNotOnOrAfterTimeout": 72000,
- "signSLOMessage": -1,
- "enableIDPInitiatedURL": true,
- "oneTimeUse": true,
- "checkSLOMessageSignature": 1,
- "encryptionMode": "none",
- "notOnOrAfterTimeout": 72000,
- "authnLevel": 0,
- "rule": "string",
- "forceUTF8": 1,
- "signSSOMessage": -1,
- "nameIDSessionKey": "string",
- "nameIDFormat": "unspecified"
}
}
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of SAML Service Provider that needs to be replaced |
metadata required | string |
macros | object |
exportedAttributes | object |
object (samlOptions) |
{- "metadata": "<?xml version=\"1.0\"?><EntityDescriptor...",
- "macros": {
- "myMacroName": "$macro(rule)"
}, - "exportedAttributes": { },
- "options": {
- "checkSSOMessageSignature": 1,
- "sessionNotOnOrAfterTimeout": 72000,
- "signSLOMessage": -1,
- "enableIDPInitiatedURL": true,
- "oneTimeUse": true,
- "checkSLOMessageSignature": 1,
- "encryptionMode": "none",
- "notOnOrAfterTimeout": 72000,
- "authnLevel": 0,
- "rule": "string",
- "forceUTF8": 1,
- "signSSOMessage": -1,
- "nameIDSessionKey": "string",
- "nameIDFormat": "unspecified"
}
}
{- "error": "string"
}
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of SAML Service Provider that needs to be updated |
metadata | string |
macros | object |
exportedAttributes | object |
object (samlOptions) |
{- "metadata": "<?xml version=\"1.0\"?><EntityDescriptor...",
- "macros": {
- "myMacroName": "$macro(rule)"
}, - "exportedAttributes": { },
- "options": {
- "checkSSOMessageSignature": 1,
- "sessionNotOnOrAfterTimeout": 72000,
- "signSLOMessage": -1,
- "enableIDPInitiatedURL": true,
- "oneTimeUse": true,
- "checkSLOMessageSignature": 1,
- "encryptionMode": "none",
- "notOnOrAfterTimeout": 72000,
- "authnLevel": 0,
- "rule": "string",
- "forceUTF8": 1,
- "signSSOMessage": -1,
- "nameIDSessionKey": "string",
- "nameIDFormat": "unspecified"
}
}
{- "error": "string"
}
OpenID Connect Relaying Party to add
confKey required | string (confKey) ^\w[\w\.\-]*$ |
clientId required | string |
redirectUris required | Array of strings <uri> [ items <uri > non-empty ] |
exportedVars | object |
extraClaims | object |
macros | object |
object (OidcOptions) | |
scopeRules | object |
{- "confKey": "string",
- "clientId": "string",
- "exportedVars": {
- "email": "mail",
- "family_name": "sn",
- "name": "cn"
}, - "extraClaims": {
- "myscope": "myattr1 myattr2 myattr3"
}, - "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "logoutUrl": "string",
- "logoutBypassConfirm": true,
- "clientSecret": "pa$$word",
- "displayName": "string",
- "allowOffline": true,
- "accessTokenSignAlg": "none",
- "userInfoSignAlg": "",
- "accessTokenJWT": true,
- "accessTokenClaims": true,
- "authnLevel": 0,
- "rule": "string",
- "IDTokenSignAlg": "none",
- "refreshToken": true,
- "public": true,
- "postLogoutRedirectUris": [
- "string"
], - "logoutType": "front",
- "accessTokenExpiration": 0,
- "IDTokenForceClaims": true,
- "additionalAudiences": [
- "string"
], - "requirePKCE": true,
- "offlineSessionExpiration": 0,
- "redirectUris": [
- "string"
], - "bypassConsent": true,
- "logoutSessionRequired": true,
- "clientId": "string",
- "IDTokenExpiration": 0,
- "authorizationCodeExpiration": 0,
- "icon": "string",
- "userIDAttr": "string"
}, - "scopeRules": {
- "write": "requested and inGroup('writers')"
}
}
{- "error": "string"
}
Takes a search pattern to be tested against existing service providers
pattern required | string (confKey) ^\w[\w\.\-]*$ Examples:
Search pattern |
[- {
- "confKey": "string",
- "clientId": "string",
- "exportedVars": {
- "email": "mail",
- "family_name": "sn",
- "name": "cn"
}, - "extraClaims": {
- "myscope": "myattr1 myattr2 myattr3"
}, - "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "logoutUrl": "string",
- "logoutBypassConfirm": true,
- "clientSecret": "pa$$word",
- "displayName": "string",
- "allowOffline": true,
- "accessTokenSignAlg": "none",
- "userInfoSignAlg": "",
- "accessTokenJWT": true,
- "accessTokenClaims": true,
- "authnLevel": 0,
- "rule": "string",
- "IDTokenSignAlg": "none",
- "refreshToken": true,
- "public": true,
- "postLogoutRedirectUris": [
- "string"
], - "logoutType": "front",
- "accessTokenExpiration": 0,
- "IDTokenForceClaims": true,
- "additionalAudiences": [
- "string"
], - "requirePKCE": true,
- "offlineSessionExpiration": 0,
- "redirectUris": [
- "string"
], - "bypassConsent": true,
- "logoutSessionRequired": true,
- "clientId": "string",
- "IDTokenExpiration": 0,
- "authorizationCodeExpiration": 0,
- "icon": "string",
- "userIDAttr": "string"
}, - "scopeRules": {
- "write": "requested and inGroup('writers')"
}
}
]
clientId required | string Example: clientId=my_client_id Client ID to search |
{- "confKey": "string",
- "clientId": "string",
- "exportedVars": {
- "email": "mail",
- "family_name": "sn",
- "name": "cn"
}, - "extraClaims": {
- "myscope": "myattr1 myattr2 myattr3"
}, - "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "logoutUrl": "string",
- "logoutBypassConfirm": true,
- "clientSecret": "pa$$word",
- "displayName": "string",
- "allowOffline": true,
- "accessTokenSignAlg": "none",
- "userInfoSignAlg": "",
- "accessTokenJWT": true,
- "accessTokenClaims": true,
- "authnLevel": 0,
- "rule": "string",
- "IDTokenSignAlg": "none",
- "refreshToken": true,
- "public": true,
- "postLogoutRedirectUris": [
- "string"
], - "logoutType": "front",
- "accessTokenExpiration": 0,
- "IDTokenForceClaims": true,
- "additionalAudiences": [
- "string"
], - "requirePKCE": true,
- "offlineSessionExpiration": 0,
- "redirectUris": [
- "string"
], - "bypassConsent": true,
- "logoutSessionRequired": true,
- "clientId": "string",
- "IDTokenExpiration": 0,
- "authorizationCodeExpiration": 0,
- "icon": "string",
- "userIDAttr": "string"
}, - "scopeRules": {
- "write": "requested and inGroup('writers')"
}
}
Returns a single Service Provider
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of OpenID Connect Relaying Party |
{- "confKey": "string",
- "clientId": "string",
- "exportedVars": {
- "email": "mail",
- "family_name": "sn",
- "name": "cn"
}, - "extraClaims": {
- "myscope": "myattr1 myattr2 myattr3"
}, - "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "logoutUrl": "string",
- "logoutBypassConfirm": true,
- "clientSecret": "pa$$word",
- "displayName": "string",
- "allowOffline": true,
- "accessTokenSignAlg": "none",
- "userInfoSignAlg": "",
- "accessTokenJWT": true,
- "accessTokenClaims": true,
- "authnLevel": 0,
- "rule": "string",
- "IDTokenSignAlg": "none",
- "refreshToken": true,
- "public": true,
- "postLogoutRedirectUris": [
- "string"
], - "logoutType": "front",
- "accessTokenExpiration": 0,
- "IDTokenForceClaims": true,
- "additionalAudiences": [
- "string"
], - "requirePKCE": true,
- "offlineSessionExpiration": 0,
- "redirectUris": [
- "string"
], - "bypassConsent": true,
- "logoutSessionRequired": true,
- "clientId": "string",
- "IDTokenExpiration": 0,
- "authorizationCodeExpiration": 0,
- "icon": "string",
- "userIDAttr": "string"
}, - "scopeRules": {
- "write": "requested and inGroup('writers')"
}
}
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of OpenID Connect Relaying Party that needs to be updated |
clientId | string |
exportedVars | object |
extraClaims | object |
macros | object |
object (OidcOptions) | |
scopeRules | object |
{- "clientId": "string",
- "exportedVars": {
- "email": "mail",
- "family_name": "sn",
- "name": "cn"
}, - "extraClaims": {
- "myscope": "myattr1 myattr2 myattr3"
}, - "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "logoutUrl": "string",
- "logoutBypassConfirm": true,
- "clientSecret": "pa$$word",
- "displayName": "string",
- "allowOffline": true,
- "accessTokenSignAlg": "none",
- "userInfoSignAlg": "",
- "accessTokenJWT": true,
- "accessTokenClaims": true,
- "authnLevel": 0,
- "rule": "string",
- "IDTokenSignAlg": "none",
- "refreshToken": true,
- "public": true,
- "postLogoutRedirectUris": [
- "string"
], - "logoutType": "front",
- "accessTokenExpiration": 0,
- "IDTokenForceClaims": true,
- "additionalAudiences": [
- "string"
], - "requirePKCE": true,
- "offlineSessionExpiration": 0,
- "redirectUris": [
- "string"
], - "bypassConsent": true,
- "logoutSessionRequired": true,
- "clientId": "string",
- "IDTokenExpiration": 0,
- "authorizationCodeExpiration": 0,
- "icon": "string",
- "userIDAttr": "string"
}, - "scopeRules": {
- "write": "requested and inGroup('writers')"
}
}
{- "error": "string"
}
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of OpenID Connect Relaying Party that needs to be replaced |
clientId required | string |
exportedVars | object |
extraClaims | object |
macros | object |
object (OidcOptions) | |
scopeRules | object |
{- "clientId": "string",
- "exportedVars": {
- "email": "mail",
- "family_name": "sn",
- "name": "cn"
}, - "extraClaims": {
- "myscope": "myattr1 myattr2 myattr3"
}, - "macros": {
- "myMacroName": "$macro(rule)"
}, - "options": {
- "logoutUrl": "string",
- "logoutBypassConfirm": true,
- "clientSecret": "pa$$word",
- "displayName": "string",
- "allowOffline": true,
- "accessTokenSignAlg": "none",
- "userInfoSignAlg": "",
- "accessTokenJWT": true,
- "accessTokenClaims": true,
- "authnLevel": 0,
- "rule": "string",
- "IDTokenSignAlg": "none",
- "refreshToken": true,
- "public": true,
- "postLogoutRedirectUris": [
- "string"
], - "logoutType": "front",
- "accessTokenExpiration": 0,
- "IDTokenForceClaims": true,
- "additionalAudiences": [
- "string"
], - "requirePKCE": true,
- "offlineSessionExpiration": 0,
- "redirectUris": [
- "string"
], - "bypassConsent": true,
- "logoutSessionRequired": true,
- "clientId": "string",
- "IDTokenExpiration": 0,
- "authorizationCodeExpiration": 0,
- "icon": "string",
- "userIDAttr": "string"
}, - "scopeRules": {
- "write": "requested and inGroup('writers')"
}
}
{- "error": "string"
}
CAS Application to add
confKey required | string (confKey) ^\w[\w\.\-]*$ |
exportedVars | object Default: {"cn":"cn","mail":"mail","uid":"uid"} |
macros | object |
object (casOptions) |
{- "confKey": "string",
- "exportedVars": {
- "cn": "cn",
- "mail": "mail",
- "uid": "uid"
}, - "macros": {
- "myMacroName": "$macro(rule)"
},
}
{- "error": "string"
}
Takes a search pattern to be tested against existing applications
pattern required | string Examples:
Search pattern |
[- {
- "confKey": "string",
- "exportedVars": {
- "cn": "cn",
- "mail": "mail",
- "uid": "uid"
}, - "macros": {
- "myMacroName": "$macro(rule)"
},
}
]
serviceUrl required | string Example: serviceUrl=http://mycasapp.example.com/ Service URL to search |
{- "confKey": "string",
- "exportedVars": {
- "cn": "cn",
- "mail": "mail",
- "uid": "uid"
}, - "macros": {
- "myMacroName": "$macro(rule)"
},
}
Returns a single Application
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of CAS Application |
{- "confKey": "string",
- "exportedVars": {
- "cn": "cn",
- "mail": "mail",
- "uid": "uid"
}, - "macros": {
- "myMacroName": "$macro(rule)"
},
}
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of CAS Application that needs to be replaced |
macros | object |
exportedVars | object Default: {"cn":"cn","mail":"mail","uid":"uid"} |
object (casOptions) |
{- "macros": {
- "myMacroName": "$macro(rule)"
}, - "exportedVars": {
- "cn": "cn",
- "mail": "mail",
- "uid": "uid"
},
}
{- "error": "string"
}
confKey required | string (confKey) ^\w[\w\.\-]*$ Configuration key of CAS Application that needs to be updated |
macros | object |
exportedVars | object Default: {"cn":"cn","mail":"mail","uid":"uid"} |
object (casOptions) |
{- "macros": {
- "myMacroName": "$macro(rule)"
}, - "exportedVars": {
- "cn": "cn",
- "mail": "mail",
- "uid": "uid"
},
}
{- "error": "string"
}