def configure_fed(self,
webseal_id,
federation_id=None,
reuse_certs=False,
reuse_acls=False,
runtime_hostname=None,
runtime_port=None,
runtime_username=None,
runtime_password=None):
data = DataObject()
data.add_value_string("federation_id", federation_id)
data.add_value("reuse_certs", reuse_certs)
data.add_value("reuse_acls", reuse_acls)
runtime_data = DataObject()
runtime_data.add_value_string("hostname", runtime_hostname)
runtime_data.add_value_string("port", runtime_port)
runtime_data.add_value_string("username", runtime_username)
runtime_data.add_value_string("password", runtime_password)
data.add_value_not_empty("runtime", runtime_data.data)
endpoint = "%s/%s/fed_config" % (REVERSEPROXY, webseal_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def create_smtp(
self, name=None, description=None,connect_timeout=None,
connection_host_name=None, connection_host_port=None,
connection_ssl=None, connection_user=None, connection_password=None):
connection_data = DataObject()
connection_data.add_value_string("hostName", connection_host_name)
connection_data.add_value("hostPort", connection_host_port)
connection_data.add_value("ssl", connection_ssl)
connection_data.add_value("user", connection_user)
connection_data.add_value("password", connection_password)
manager_data = DataObject()
manager_data.add_value("connectTimeout", connect_timeout)
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("type", "smtp")
data.add_value_not_empty("connection", connection_data.data)
data.add_value_not_empty("connectionManager", manager_data.data)
endpoint = SERVER_CONNECTION_SMTP + "/v1"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def create_attribute(
self, category=None, matcher=None, issuer=None, description=None,
name=None, datatype=None, uri=None, storage_session=None,
storage_behavior=None, storage_device=None, type_risk=None,
type_policy=None):
storage_data = DataObject()
storage_data.add_value("session", storage_session)
storage_data.add_value("behavior", storage_behavior)
storage_data.add_value("device", storage_device)
type_data = DataObject()
type_data.add_value("risk", type_risk)
type_data.add_value("policy", type_policy)
data = DataObject()
data.add_value_string("category", category)
data.add_value_string("matcher", matcher)
data.add_value_string("issuer", issuer)
data.add_value_string("description", description)
data.add_value_string("name", name)
data.add_value_string("datatype", datatype)
data.add_value_string("uri", uri)
data.add_value("predefined", False)
data.add_value_not_empty("storageDomain", storage_data.data)
data.add_value_not_empty("type", type_data.data)
response = self.client.post_json(ATTRIBUTES, data.data)
response.success = response.status_code == 201
return response
def create_isam_runtime(
self, name=None, description=None, locked=None,
connection_bind_dn=None,
connection_bind_pwd=None, connection_ssl_truststore=None,
connection_ssl_auth_key=None,
connection_ssl=None, connect_timeout=None, servers=None):
connection_data = DataObject()
connection_data.add_value_string("bindDN", connection_bind_dn)
connection_data.add_value_string("bindPwd", connection_bind_pwd)
connection_data.add_value_string(
"sslTruststore", connection_ssl_truststore)
connection_data.add_value_string("sslAuthKey", connection_ssl_auth_key)
connection_data.add_value("ssl", connection_ssl)
manager_data = DataObject()
manager_data.add_value("connectTimeout", connect_timeout)
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("type", "isamruntime")
data.add_value("locked", locked)
data.add_value("servers", servers)
data.add_value_not_empty("connection", connection_data.data)
data.add_value_not_empty("connectionManager", manager_data.data)
endpoint = SERVER_CONNECTION_ISAM_RUNTIME + "/v1"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def create_web_service(
self, name=None, description=None, locked=None, connection_url=None,
connection_user=None, connection_password=None,
connection_ssl_truststore=None, connection_ssl_auth_key=None,
connection_ssl=None):
connection_data = DataObject()
connection_data.add_value_string("url", connection_url)
connection_data.add_value_string("user", connection_user)
connection_data.add_value_string("password", connection_password)
connection_data.add_value_string(
"sslTruststore", connection_ssl_truststore)
connection_data.add_value_string("sslAuthKey", connection_ssl_auth_key)
connection_data.add_value("ssl", connection_ssl)
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("type", "ws")
data.add_value("locked", locked)
data.add_value_not_empty("connection", connection_data.data)
endpoint = SERVER_CONNECTION_WEB_SERVICE + "/v1"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def create_ci(
self, name=None, description=None, locked=None,
connection_host_name=None, connection_client_id=None,
connection_client_secret=None, connection_ssl_truststore=None):
connection_data = DataObject()
connection_data.add_value_string("adminHost", connection_host_name)
connection_data.add_value("clientId", connection_client_id)
connection_data.add_value("clientSecret", connection_client_secret)
connection_data.add_value("ssl", True)
connection_data.add_value("sslTruststore", connection_ssl_truststore)
connection_data.add_value("usersEndpoint", "/v2.0/Users")
# yes, I know this is a token endpoint. The parameter name was poorly selected
connection_data.add_value("authorizeEndpoint", "/v1.0/endpoint/default/token")
connection_data.add_value("authenticatorsEndpoint", "/v1.0/authenticators")
connection_data.add_value("authnmethodsEndpoint", "/v1.0/authnmethods")
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("type", "ci")
data.add_value_string("locked", locked)
data.add_value_not_empty("connection", connection_data.data)
endpoint = SERVER_CONNECTION_CI + "/v1"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def combine_keytab(self, new_name=None, keytab_files=[]):
data = DataObject()
data.add_value_string("new_name", new_name)
data.add_value_not_empty("keytab_files", keytab_files)
response = self.client.put_json(KERBEROS_KEYTAB, data.data)
response.success = response.status_code == 200
return response
def create(self, name=None, content=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_not_empty("content", content)
response = self.client.post_json(PASSWORD_STRENGTH, data.data)
response.success = response.status_code == 200
return response
def create(self, name=None, groups=[], attributes=[]):
data = DataObject()
data.add_value_string("name", name)
data.add_value_not_empty("group", grups)
data.add_value_not_empty("attributes", attributes)
response = self.client.post_json(POLICY, data.data)
response.success = response.status_code == 200
return response
def update(self, name, groups=[], attributes=[]):
data = DataObject()
data.add_value_not_empty("groups", groups)
data.add_value_not_empty("attributes", attributes)
endpoint = POLICY + "/{}".format(name)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def create(self, _id=None, subsection=None, name=None, value=None):
data = DataObject()
data.add_value_not_empty("name", name)
data.add_value_not_empty("subsection", subsection)
data.add_value_string("value", value)
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def create_record(self, address, hostname_list):
hostnames = []
for entry in hostname_list:
hostnames.append({"name": str(entry)})
data = DataObject()
data.add_value_string("addr", address)
data.add_value_not_empty("hostnames", hostnames)
response = self.client.post_json(HOST_RECORDS, data.data)
response.success = response.status_code == 200
return response
def create_user(self, user=None, password=None, groups=[]):
data = DataObject()
data.add_value_string('id', user)
data.add_value_string('password', password)
if groups:
groups_data = DataObject()
for group in groups:
groups_data.add_value('id', group)
data.add_value_not_empty('groups', groups_data.data)
endpoint = SYSACCOUNT_USERS + '/v1'
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update(self, enforce_config=False, roles=[]):
auth_config = DataObject()
auth_config.add_value_boolean("enforcing", enforce_config)
auth_roles = DataObject()
auth_roles.add_value_not_empty("roles", roles)
data = DataObject()
data.add_value("config", auth_config.data)
data.add_value_not_empty("roles", auth_roles.data)
endpoint = MANAGEMENT_AUTHORIZATION + '/v1'
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def create_oidc_federation(self,
name=None,
role=None,
issuer_identifier=None,
signature_algorithm=None,
signing_keystore=None,
signing_key_label=None,
refresh_token_length=None,
authorization_grant_lifetime=None,
authorization_code_lifetime=None,
authorization_code_length=None,
access_token_lifetime=None,
access_token_length=None,
id_token_lifetime=None,
grant_types_supported=None,
active_delegate_id=None,
rule_type=None,
identity_mapping_rule_reference=None,
applies_to=None,
auth_type=None,
basic_auth_username=None,
basic_auth_password=None,
client_key_store=None,
client_key_alias=None,
issuer_uri=None,
message_format=None,
ssl_key_store=None,
uri=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("protocol", "OIDC")
data.add_value_string("role", role)
attributeMapping = DataObject()
identityMapping = DataObject()
identityMapping.add_value_string("activeDelegateId",
active_delegate_id)
properties = DataObject()
properties.add_value_string("ruleType", rule_type)
properties.add_value_string("identityMappingRuleReference",
identity_mapping_rule_reference)
identityMapping.add_value_not_empty("properties", properties.data)
configuration = DataObject()
configuration.add_value_not_empty("identityMapping",
identityMapping.data)
configuration.add_value_not_empty("attributeMapping",
attributeMapping.data)
data.add_value_not_empty("configuration", configuration.data)
response = self.client.post_json(FEDERATIONS, data.data)
response.success = response.status_code == 201
return response
def update(self, instance, resource_server, resource_name=None, server_type="standard",
method=None, path=None, name=None, policy_type=None, policy_name=None,
static_response_headers=None, rate_limiting_policy=None, url_aliases=None,
documentation_content_type=None, documentation_file=None):
data = DataObject()
data.add_value_string("method", method)
data.add_value_string("path", path)
data.add_value_string("name", name)
policy = DataObject()
policy.add_value_string("type", policy_type)
policy.add_value_string("name", policy_name)
data.add_value_not_empty("policy", policy.daita)
data.add_value_not_empty("static_response_headers", static_response_headers)
data.add_value_string("rate_limiting_policy", rate_limiting_policy)
data.add_value_not_empty("url_aliases", url_aliases)
documentation = DataObject()
documentation.add_value_string("content_type", documentation_content_type)
documentation.add_value_string("file", documentation_file)
data.add_alue_not_empty("documentation", documentation.data)
endpoint = APIAC + "/resource/instance/{}/server/{}/resource/{}?server_type={}".format(
instance, resource_server, resource_name, server_type)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update_relying_party(
self, id, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True,
mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None,
attestation_public_key_algorithms=None, attestation_android_safety_net_max_age=None,
attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"):
data = DataObject()
data.add_value("id", id)
data.add_value("name", name)
data.add_value("rpId", rp_id)
fidoServerOptions = DataObject()
fidoServerOptions.add_value_not_empty("origins", origins)
fidoServerOptions.add_value("metadataSet", metadata_set)
fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail)
fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id)
attestation = DataObject()
attestation.add_value("statementTypes", attestation_statement_types)
attestation.add_value("statementFormats", attestation_statement_formats)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
fidoServerOptions.add_value("attestation", attestation.data)
attestationAndroidSafetyNetOptions = DataObject()
attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age)
attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew)
fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data)
data.add_value("fidoServerOptions", fidoServerOptions.data)
relyingPartyOptions = DataObject()
relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group)
data.add_value("relyingPartyOptions", relyingPartyOptions.data)
endpoint = "%s/%s" % (FIDO2_RELYING_PARTIES, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def configure_mmfa(self,
webseal_id,
lmi_hostname=None,
lmi_port=None,
lmi_username=None,
lmi_password=None,
runtime_hostname=None,
runtime_port=None,
runtime_username=None,
runtime_password=None,
reuse_certs=None,
reuse_acls=None,
reuse_pops=None,
channel=None):
lmi_data = DataObject()
lmi_data.add_value_string("hostname", lmi_hostname)
lmi_data.add_value_string("username", lmi_username)
lmi_data.add_value_string("password", lmi_password)
lmi_data.add_value("port", lmi_port)
runtime_data = DataObject()
runtime_data.add_value_string("hostname", runtime_hostname)
runtime_data.add_value_string("username", runtime_username)
runtime_data.add_value_string("password", runtime_password)
runtime_data.add_value("port", runtime_port)
data = DataObject()
data.add_value('channel', channel)
data.add_value("reuse_certs", reuse_certs)
data.add_value("reuse_acls", reuse_acls)
data.add_value("reuse_pops", reuse_pops)
data.add_value_not_empty("lmi", lmi_data.data)
data.add_value_not_empty("runtime", runtime_data.data)
endpoint = "%s/%s/mmfa_config" % (REVERSEPROXY, webseal_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def create(self,
app_id=None,
platform=None,
provider_address=None,
apple_key_store=None,
apple_key_label=None,
firebase_server_key=None):
apple = DataObject()
apple.add_value_string("key_store", apple_key_store)
apple.add_value_string("key_label", apple_key_label)
if apple.data:
apple.add_value_string("provider_address", provider_address)
firebase = DataObject()
firebase.add_value_string("server_key", firebase_server_key)
if firebase.data:
firebase.add_value_string("provider_address", provider_address)
provider = DataObject()
provider.add_value_not_empty("apple", apple.data)
provider.add_value_not_empty("firebase", firebase.data)
data = DataObject()
data.add_value_string("app_id", app_id)
data.add_value_string("platform", platform)
data.add_value_not_empty("provider", provider.data)
response = self.client.post_json(PUSH_NOTIFICATION, data.data)
response.success = response.status_code == 200
return response
def update_role(self, name=None, users=None, groups=None, features=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_not_empty("users", users)
data.add_value_not_empty("grpups", groups)
data.add_value_not_empty("features", features)
endpoint = MANAGEMENT_AUTHORIZATION_ROLES + '/{}/v1'.format(name)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update(self, name, allowed_origins=[], allow_credentials=None, exposed_headers=[],
handle_preflight=None, allowed_methods=[], allowed_headers=[], max_age=None):
data = DataObject()
data.add_value_not_empty("allowed_origins", allowed_origins)
data.add_value_boolean("allow_credentials", allow_credentials)
data.add_value_not_empty("exposed_headers", exposed_headers)
data.add_value_boolean("handle_preflight", handle_preflight)
data.add_value_not_empty("alowed_methods", allowed_methods)
data.add_value_not_empty("alowed_headers", allowed_headers)
data.add_value("max_age", max_age)
endpoint = CORS_POLICY + "/{}".format(name)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update(self,
client_id=None,
hostname=None,
junction=None,
port=None,
details_url=None,
enrollment_endpoint=None,
hotp_shared_secret_endpoint=None,
totp_shared_secret_endpoint=None,
token_endpoint=None,
authntrxn_endpoint=None,
mobile_endpoint_prefix=None,
qrlogin_endpoint=None,
discovery_mechanisms=None,
options=None):
endpoints = DataObject()
endpoints.add_value_string("details_url", details_url)
endpoints.add_value_string("enrollment_endpoint", enrollment_endpoint)
endpoints.add_value_string("hotp_shared_secret_endpoint",
hotp_shared_secret_endpoint)
endpoints.add_value_string("totp_shared_secret_endpoint",
totp_shared_secret_endpoint)
endpoints.add_value_string("token_endpoint", token_endpoint)
endpoints.add_value_string("authntrxn_endpoint", authntrxn_endpoint)
endpoints.add_value_string("mobile_endpoint_prefix",
mobile_endpoint_prefix)
endpoints.add_value_not_empty("qrlogin_endpoint", qrlogin_endpoint)
data = DataObject()
data.add_value_string("client_id", client_id)
data.add_value_string("hostname", hostname)
data.add_value_string("junction", junction)
data.add_value_string("options", options)
data.add_value("port", port)
data.add_value_not_empty("endpoints", endpoints.data)
data.add_value_not_empty("discovery_mechanisms", discovery_mechanisms)
response = self.client.post_json(MMFA_CONFIG, data.data)
response.success = response.status_code == 204
return response
def create_oidc_rp_federation(self,
name=None,
redirect_uri_prefix=None,
response_types=None,
active_delegate_id=None,
identity_mapping_rule_reference=None,
advanced_configuration_active_delegate=None,
advanced_configuration_rule_id=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("protocol", "OIDC10")
data.add_value_string("role", 'rp')
attributeMapping = DataObject()
identityMapping = DataObject()
identityMapping.add_value_string("activeDelegateId",
active_delegate_id)
properties = DataObject()
properties.add_value_string("identityMappingRuleReference",
identity_mapping_rule_reference)
identityMapping.add_value_not_empty("properties", properties.data)
advancedConfiguration = DataObject()
if advanced_configuration_active_delegate == None:
advancedConfiguration.add_value_string("activeDelegateId",
'skip-advance-map')
else:
advancedConfiguration.add_value_string(
"activeDelegateId", advanced_configuration_active_delegate)
properties = DataObject()
properties.add_value_string("advanceMappingRuleReference",
advanced_configuration_rule_id)
advancedConfiguration.add_value_not_empty("properties",
properties.data)
configuration = DataObject()
configuration.add_value_string("redirectUriPrefix",
redirect_uri_prefix)
configuration.add_value("responseTypes", response_types)
configuration.add_value_not_empty("advanceConfiguration",
advancedConfiguration.data)
configuration.add_value_not_empty("identityMapping",
identityMapping.data)
configuration.add_value_not_empty("attributeMapping",
attributeMapping.data)
data.add_value_not_empty("configuration", configuration.data)
response = self.client.post_json(FEDERATIONS, data.data)
response.success = response.status_code == 201
return response
def create_server(self, instance, server_hostname=None, junction_point=None, junction_type=None,
policy_type=None, policy_name=None, authentication_type=None, oauth_introspection_transport=None,
oauth_introspection_proxy=None, oauth_introspection_auth_method=None, ouath_introspection_endpoint=None,
oauth_introspection_client_id=None, oauth_introspection_client_secret=None,
oauth_introspection_client_id_hdr=None, oauth_introspection_token_type_hint=None,
oauth_introspection_mapped_id=None, oauth_introspection_external_user=None,
oauth_introspection_response_attributes=None, static_response_headers=None, jwt_header_name=None,
jwt_certificate=None, jwt_claims=None, description=None, junction_hard_limit=None,
junction_soft_limit=None, basic_auth_mode=None, tfim_sso=None, remote_http_header=None,
stateful_junction=None, http2_junction=None, sni_name=None, preserve_cookie=None, cookie_include_path=None,
transparent_path_junction=None, mutual_auth=None, insert_ltpa_cookies=None, insert_session_cookies=None,
request_encoding=None, enable_basic_auth=None, key_label=None, gso_respource_group=None,
junction_cookie_javascript_block=None, client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None,
authz_rules, fsso_config_file=None, username=None, password=None, server_uuid=None, server_port=None,
virtual_hostname=None, server_dn=None, local_ip=None, query_contents=None, case_sensitive_url=None,
windows_style_rul=None, ltpa_keyfile_password=None, https_port=None, http_port=None, proxy_hostname=None,
proxy_port=None, sms_environment=None, vhost_label=None, force=None, delegation_support=None, scripting_support=None):
data = DataObject()
data.add_value_string("server_hostname", server_hostname)
data.add_value_string("junction_point", junction_point)
data.add_value_string("juncton_type", junction_type)
policy = DataObject()
policy.add_value_string("name", policy_name)
policy.add_value_string("type", policy_type)
data.add_value_not_empty("policy", policy.data)
authentication = DataObject()
authentication.add_value_string("type", authentication_type)
oauth_introspection = DataObject()
oauth_introspection.add_value_string("transport", oauth_introspection_transport)
oauth_introspection.add_value_string("endpoint", oauth_introspection_endpoint)
oauth_introspection.add_value_string("proxy", oauth_introspection_proxy)
oauth_introspection.add_value_string("auth_method", oauth_introspection_auth_method)
oauth_introspection.add_value_string("client_id", oauth_introspection_client_id)
oauth_introspection.add_value_string("client_secret", oauth_introspection_client_secret)
oauth_introspection.add_value_string("client_id_hdr", oauth_introspection_client_id_hdr)
oauth_introspection.add_value_string("token_type_hint", oauth_introspection_token_type_hint)
oauth_introspection.add_value_string("mapped_id", oauth_introspection_mapped_id)
oauth_introspection.add_value_string("external_user", oauth_introspection_external_user)
oauth_introspection.add_value_not_empty("response_attributes", oauth_introspection_response_attributes)
authentication.add_value_string("oauth_introspection", oauth_introspection.data)
data.add_value_not_empty("authentication", authentication.data)
data.add_value_not_empty("static_response_headers", static_response_headers)
jwt = DataObject()
jwt.add_value_string("header_name", jwt_header_name)
jwt.add_value_string("certificate", jwt_certificate)
jwt.add_vaue_not_empty("claims", jwt_claims)
data.add_vaule_not_empty("jwt", jwt.data)
data.add_value_string("description", description)
data.add_value_string("junction_hard_limit", junction_hard_limit)
data.add_value_string("junction_soft_limit", junction_soft_limit)
data.add_value_string("basic_auth_mode", basic_auth_mode)
data.add_value_string("tfim_sso", tfim_sso)
data.add_value_not_empty("remote_http_header", remote_http_header)
data.add_value_string("stateful_junction", stateful_junction)
data.add_value_string("http2_junction", http2_junction)
data.add_value_string("sni_name", sni_name)
data.add_value_string("preserve_cookie", preserve_cookie)
data.add_value_string("cookie_include_path", cookie_include_path)
data.add_value_string("transparent_path_junction", transparent_path_junction)
data.add_value_string("mutual_auth", mutual_auth)
data.add_value_string("insert_ltpa_cookies", insert_ltpa_cookies)
data.add_value_string("insert_session_cookies", insert_session_cookies)
data.add_value_string("request_encoding", request_encoding)
data.add_value_string("enable_basic_auth", enable_basic_auth)
data.add_value_string("key_label", key_label)
data.add_value_string("gso_resource_group", gso_resource_group)
data.add_value_string("junction_cookie_javascript_block", junction_cookie_javascript_block)
data.add_value_string("client_ip_http", client_ip_http)
data.add_value_string("version_two_cookies", version_two_cookies)
data.add_value_string("ltpa_keyfile", ltpa_keyfile)
data.add_value_string("authz_rules", authz_rules)
data.add_value_string("fsso_config_file", fsso_config_file)
data.add_value_string("username", username)
data.add_value_string("password", password)
data.add_value_string("server_uuid", server_uuid)
data.add_value("server_port", server_port)
data.add_value_string("virtual_hostname", virtual_hostname)
data.add_value_string("server_dn", server_dn)
data.add_value_string("local_ip", local_ip)
data.add_value_string("query_contents", query_contents)
data.add_value_string("case_sensitive_url", case_sensitive_url)
data.add_value_string("windows_style_url", windows_style_url)
data.add_value_string("ltpa_keyfile_password", ltpa_keyfile_password)
data.add_value("https_port", https_port)
data.add_value("http_port", http_port)
data.add_value_string("proxy_hostname", proxy_hostname)
data.add_value("proxy_port", proxy_port)
data.add_value_string("sms_environment", sms_environment)
data.add_value_string("vhost_label", vhost_label)
data.add_value_string("force", force)
data.add_value_string("delegation_support", delegation_support)
data.add_value_string("scripting_support", scripting_support)
endpoint = APIAC + "/resource/instance/{}/server".format(instance)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def create_oidc_rp_partner(
self,
federation_id,
name=None,
enabled=False,
client_id=None,
client_secret=None,
metadata_endpoint=None,
scope=None,
token_endpoint_auth_method=None,
perform_userinfo=False,
advanced_configuration_active_delegate='skip-advance-map',
advanced_configuration_rule_id=None,
signing_algorithm=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value("enabled", enabled)
data.add_value_string("role", 'rp')
attributeMapping = DataObject()
identityMapping = DataObject()
configuration = DataObject()
configuration.add_value_not_empty("clientId", client_id)
configuration.add_value_not_empty("signatureAlgorithm",
signing_algorithm)
configuration.add_value_not_empty("clientSecret", client_secret)
configuration.add_value_not_empty("scope", scope)
configuration.add_value_not_empty("tokenEndpointAuthMethod",
token_endpoint_auth_method)
configuration.add_value_not_empty("performUserinfo", perform_userinfo)
basic = DataObject()
basic.add_value_not_empty("activeDelegateId", "metadataEndpointUrl")
basic_properties = DataObject()
basic_properties.add_value_not_empty("metadataEndpointUrl",
metadata_endpoint)
basic.add_value("properties", basic_properties.data)
configuration.add_value("scope", scope)
configuration.add_value_not_empty("identityMapping",
identityMapping.data)
if advanced_configuration_active_delegate:
advancedConfiguration = DataObject()
advancedConfiguration.add_value_string(
"activeDelegateId", advanced_configuration_active_delegate)
if (advanced_configuration_active_delegate != 'skip-advance-map'):
properties = DataObject()
properties.add_value_string("advanceMappingRuleReference",
advanced_configuration_rule_id)
advancedConfiguration.add_value_not_empty(
"properties", properties.data)
configuration.add_value_not_empty("advanceConfiguration",
advancedConfiguration.data)
configuration.add_value_not_empty("basicConfiguration", basic.data)
data.add_value_not_empty("configuration", configuration.data)
endpoint = "%s/%s/partners" % (FEDERATIONS, federation_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def create_saml_federation(self,
name=None,
role=None,
template_name=None,
active_delegate_id=None,
need_consent_to_federate=None,
signature_algorithm=None,
signing_keystore=None,
signing_key_label=None,
sso_service_binding=None,
message_issuer_format=None,
decrypt_keystore=None,
decrypt_key_label=None,
point_of_contact_url=None,
provider_id=None,
company_name=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("protocol", "SAML2_0")
data.add_value_string("role", role)
data.add_value_string("templateName", template_name)
encryptionSettings = DataObject()
signatureSettings = DataObject()
identityMapping = None
if (active_delegate_id is not None):
identityMapping = DataObject()
identityMapping.add_value_string("activeDelegateId",
active_delegate_id)
decryptionKeyIdentifier = DataObject()
decryptionKeyIdentifier.add_value_string("keystore", decrypt_keystore)
decryptionKeyIdentifier.add_value_string("label", decrypt_key_label)
signingKeyIdentifier = DataObject()
signingKeyIdentifier.add_value_string("keystore", signing_keystore)
signingKeyIdentifier.add_value_string("label", signing_key_label)
encryptionSettings.add_value_not_empty("decryptionKeyIdentifier",
decryptionKeyIdentifier.data)
signatureSettings.add_value_not_empty("signingKeyIdentifier",
signingKeyIdentifier.data)
ssoServiceBinding = None
if (sso_service_binding is not None):
ssoServiceBinding = DataObject()
ssoServiceBinding.add_value_string("binding", sso_service_binding)
configuration = DataObject()
configuration.add_value_not_empty("encryptionSettings",
encryptionSettings.data)
configuration.add_value_not_empty("signatureSettings",
signatureSettings.data)
configuration.add_value_string("providerId", provider_id)
configuration.add_value_string("pointOfContactUrl",
point_of_contact_url)
configuration.add_value_string("companyName", company_name)
if (ssoServiceBinding is not None):
configuration.add_value("singleSignOnService",
[ssoServiceBinding.data])
if (identityMapping is not None):
configuration.add_value("identityMapping", identityMapping.data)
configuration.add_value("needConsentToFederate",
need_consent_to_federate)
configuration.add_value_string("messageIssuerFormat",
message_issuer_format)
data.add_value_not_empty("configuration", configuration.data)
response = self.client.post_json(FEDERATIONS, data.data)
response.success = response.status_code == 201
return response
def create_saml_partner(self,
federation_id,
name=None,
enabled=False,
role=None,
template_name=None,
acs_binding=None,
block_encryption_algorithm=None,
encryption_key_transport_algorithm=None,
encryption_keystore=None,
encryption_key_label=None,
signature_digest_algorithm=None,
acs=None,
single_logout_service=None,
acs_default=True,
acs_index=0,
acs_url=None,
attribute_mapping=[],
active_delegate_id=None,
client_auth_method=None,
signature_algorithm=None,
validate_logout_request=None,
validate_logout_response=None,
provider_id=None,
signature_validation=None,
validate_authn_request=None,
validation_keystore=None,
validation_key_label=None,
mapping_rule=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value("enabled", enabled)
data.add_value_string("role", role)
data.add_value_string("templateName", template_name)
attributeMapping = DataObject()
attributeMapping.add_value_not_empty("map", attribute_mapping)
properties = DataObject()
clientAuth = DataObject()
clientAuth.add_value_string("method", client_auth_method)
clientAuth.add_value_not_empty("properties", properties.data)
serverCertValidation = DataObject()
# serverCertValidation.add_value_string("keystore", "")
soapSettings = DataObject()
soapSettings.add_value_not_empty("clientAuth", clientAuth.data)
if clientAuth.data or serverCertValidation.data:
soapSettings.add_value("serverCertValidation",
serverCertValidation.data)
properties = DataObject()
properties.add_value_string("identityMappingRule", mapping_rule)
identityMapping = DataObject()
identityMapping.add_value_not_empty("properties", properties.data)
identityMapping.add_value_string("activeDelegateId",
active_delegate_id)
assertionConsumerService = DataObject()
assertionConsumerService.add_value_string("binding", acs_binding)
assertionConsumerService.add_value("default", acs_default)
assertionConsumerService.add_value("index", acs_index)
assertionConsumerService.add_value_string("url", acs_url)
encryptionKeyIdentifier = DataObject()
encryptionKeyIdentifier.add_value("keystore", encryption_keystore)
encryptionKeyIdentifier.add_value("label", encryption_key_label)
encryptionSettings = DataObject()
encryptionSettings.add_value_not_empty("encryptionKeyIdentifier",
encryptionKeyIdentifier.data)
encryptionSettings.add_value_string("blockEncryptionAlgorithm",
block_encryption_algorithm)
encryptionSettings.add_value_string(
"encryptionKeyTransportAlgorithm",
encryption_key_transport_algorithm)
validationKeyIdentifier = DataObject()
validationKeyIdentifier.add_value("keystore", validation_keystore)
validationKeyIdentifier.add_value("label", validation_key_label)
validationOptions = DataObject()
validationOptions.add_value("validateAuthnRequest",
validate_authn_request)
validationOptions.add_value("validateLogoutRequest",
validate_logout_request)
validationOptions.add_value("validateLogoutResponse",
validate_logout_response)
signatureSettings = DataObject()
signatureSettings.add_value_not_empty("validationOptions",
validationOptions.data)
signatureSettings.add_value_not_empty("validationKeyIdentifier",
validationKeyIdentifier.data)
signatureSettings.add_value_string("signatureAlgorithm",
signature_algorithm)
signatureSettings.add_value_string("digestAlgorithm",
signature_digest_algorithm)
configuration = DataObject()
configuration.add_value_not_empty("identityMapping",
identityMapping.data)
configuration.add_value_not_empty("attributeMapping",
attributeMapping.data)
configuration.add_value_not_empty("assertionConsumerService",
[assertionConsumerService.data])
configuration.add_value_not_empty("assertionConsumerService", acs)
configuration.add_value_not_empty("singleLogoutService",
single_logout_service)
configuration.add_value_not_empty("signatureSettings",
signatureSettings.data)
configuration.add_value_not_empty("encryptionSettings",
encryptionSettings.data)
configuration.add_value_not_empty("soapSettings", soapSettings.data)
configuration.add_value_not_empty("providerId", provider_id)
data.add_value_not_empty("configuration", configuration.data)
endpoint = "%s%s/partners" % (FEDERATIONS, federation_id)
print(json.dumps(data.data))
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def create_oidc_partner(self,
federation_id,
name=None,
enabled=False,
role=None,
template_name=None,
client_id=None,
client_secret=None,
applies_to=None,
grant_type=None,
authorization_endpoint_url=None,
token_endpoint_url=None,
signature_algorithm=None,
signing_keystore=None,
signing_key_label=None,
issuer_identifier=None,
redirect_uri_prefix=None,
jwk_endopoint_url=None,
scope=[]):
data = DataObject()
data.add_value_string("name", name)
data.add_value("enabled", enabled)
data.add_value_string("role", role)
attributeMapping = DataObject()
identityMapping = DataObject()
configuration = DataObject()
configuration.add_value_not_empty("identityMapping",
identityMapping.data)
configuration.add_value_not_empty("attributeMapping",
attributeMapping.data)
configuration.add_value_not_empty("templateName", template_name)
configuration.add_value_not_empty("clientId", client_id)
configuration.add_value_not_empty("clientSecret", client_secret)
configuration.add_value_not_empty("appliesTo", applies_to)
configuration.add_value_not_empty("grantType", grant_type)
configuration.add_value_not_empty("authorizationEndpointUrl",
authorization_endpoint_url)
configuration.add_value_not_empty("tokenEndpointUrl",
token_endpoint_url)
configuration.add_value_not_empty("signatureAlgorithm",
signature_algorithm)
configuration.add_value_not_empty("signingKeystore", signing_keystore)
configuration.add_value_not_empty("signingKeyLabel", signing_key_label)
configuration.add_value_not_empty("issuerIdentifier",
issuer_identifier)
configuration.add_value_not_empty("redirectUriPrefix",
redirect_uri_prefix)
configuration.add_value_not_empty("jwkEndpointUrl", jwk_endopoint_url)
configuration.add_value("scope", scope)
data.add_value_not_empty("configuration", configuration.data)
endpoint = "%s/%s/partners" % (FEDERATIONS, federation_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def update(self,
old_password=None,
new_password=None,
confirm_password=None,
min_heap_size=None,
max_heap_size=None,
session_timeout=None,
http_port=None,
https_port=None,
min_threads=None,
max_threads=None,
max_pool_size=None,
lmi_debugging_enabled=None,
console_log_level=None,
accept_client_certs=None,
validate_client_cert_identity=None,
exclude_csrf_checking=None,
enable_ssl_v3=None,
sshd_port=None,
session_inactivity_timeout=None,
max_files=None,
max_file_size=None,
http_proxy=None,
https_proxy=None,
login_header=None,
login_message=None,
sshd_client_alive_interval=None,
enabled_server_protocols=None,
enabled_tls=None,
session_cache_purge=None):
data = DataObject()
data.add_value_string("oldPassword", old_password)
data.add_value_string("newPassword", new_password)
data.add_value_string("confirmPassword", confirm_password)
data.add_value_string("consoleLogLevel", console_log_level)
data.add_value_string("excludeCsrfChecking", exclude_csrf_checking)
data.add_value("minHeapSize", min_heap_size)
data.add_value("maxHeapSize", max_heap_size)
data.add_value("sessionTimeout", session_timeout)
data.add_value("httpPort", http_port)
data.add_value("httpsPort", https_port)
data.add_value("minThreads", min_threads)
data.add_value("maxThreads", max_threads)
data.add_value("maxPoolSize", max_pool_size)
data.add_value_bool("lmiDebuggingEnabled", lmi_debugging_enabled)
data.add_value_bool("acceptClientCerts", accept_client_certs)
data.add_value_bool("validateClientCertIdentity",
validate_client_cert_identity)
data.add_value_bool("enableSSLv3", enable_ssl_v3)
data.add_value("sshdPort", sshd_port)
data.add_value("sessionInactivityTimeout", session_inactivity_timeout)
data.add_value("sessionCachePurge", session_cache_purge)
data.add_value("maxFiles", max_files)
data.add_value("maxFileSize", max_file_size)
data.add_value_string("httpProxy", http_proxy)
data.add_value_string("httpsProxy", https_proxy)
data.add_value_string("loginHeader", login_header)
data.add_value_string("loginMessage", login_message)
data.add_value("sshdClientAliveInterval", sshd_client_alive_interval)
data.add_value_string("enabledServerProtocols",
enabled_server_protocols)
data.add_value_not_empty("enabledTLS", enabled_tls)
response = self.client.put_json(ADMIN_CONFIG, data.data)
response.success = response.status_code == 200
return response
