Oracle® Identity Management Application Developer's Guide
10g Release 2 (10.1.2) B14087-02 |
|
Previous |
Next |
This chapter describes the Oracle extensions to the DAS_URL Service Interface. It contains these sections:
Table 15-1 lists the Oracle Delegated Administration Services units and the directory entries that store relative URLs for these units.
Table 15-1 Service Units and Corresponding Entries
Service Unit | Entry |
---|---|
Create User |
cn=Create User,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
Edit User |
cn=Edit User,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
Edit User when GUID is passed as a parameter |
cn=Edit UserGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Delete User |
cn=DeleteUser,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
Delete User when GUID of the user to be deleted is passed as a parameter |
cn=DeleteUserGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Create Group |
cn=Create Group,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Edit Group |
cn=Edit Group,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
Edit the group whose GUID is passed through a parameter |
cn=Edit GroupGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Delete Group |
cn=DeleteGroup,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Delete group with the GUID passed through a parameter |
cn=DeleteGroupGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Assign privileges to a user |
cn=User Privilege,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Assign privileges to a user with the GUID passed through a parameter |
cn=User Privilege Given GUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Assign privilege to a group |
cn=Group Privilege,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Assign privilege to a group with the given GUID |
cn=Group Privilege Given GUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
View User account information/Profile |
cn=Account Info,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Edit User account Information/Profile |
cn=Edit My Profile,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Change Password |
cn=Password Change,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Search User |
cn=User Search,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Search Group |
cn=Group Search,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Search User LOV |
cn=User LOV,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Search Group LOV |
cn=Group LOV,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
EUS Console |
cn=EUS Console,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext" |
Delegation Console |
cn=Delegation Console,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Password Reset |
cn=Reset Password,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContex |
View User Profile |
cn=View User Profile,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
Table 15-2 lists the service units and the URL parameters that can be passed to these units.
Table 15-2 Service Units and Corresponding URL Parameters
Service Unit | Parameter | Return Values |
---|---|---|
Create User |
doneURL homeURL cancelURL enablePA enableHomeURL enableHelpURL |
returnGUID |
Edit User |
homeURL doneURL cancelURL enablePA enableHomeURL enableHelpURL |
- |
Edit UserGivenGUID |
homeURL doneURL cancelURL enablePA userGUID enableHomeURL enableHelpURL |
- |
Edit My Profile |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
Delegation Console |
- |
- |
DeleteUser |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
DeleteUserGivenGUID |
homeURL doneURL cancelURL userGUID enableHomeURL enableHelpURL |
- |
User Privilege |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
|
User Privilege Given GUID |
homeURL doneURL cancelURL userGUID enableHomeURL enableHelpURL |
- |
Create Group |
homeURL doneURL cancelURL enablePA parentDN enableHomeURL enableHelpURL |
returnGUID |
Edit Group |
homeURL doneURL cancelURL enablePA enableHomeURL enableHelpURL |
- |
Edit GroupGivenGUID |
homeURL doneURL cancelURL enablePA groupGUID enableHomeURL enableHelpURL |
- |
DeleteGroup |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
DeleteGroupGivenGUID |
homeURL doneURL cancelURL groupGUID enableHomeURL enableHelpURL |
- |
Group Privilege |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
Group Privilege Given GUID |
homeURL doneURL cancelURL groupGUID enableHomeURL enableHelpURL |
- |
Account Info |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
Password Change |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
User Search |
homeURL doneURLm cancelURL enableHomeURL enableHelpURL |
- |
Group Search |
homeURL doneURL cancelURL enableHomeURL enableHelpURL |
- |
Password Reset |
cancelURL doneURL enableHomeURL enableHelpURL |
- |
View User Profile |
userGuid doneURL homeURL nableHomeURL enableHelpURL |
- |
User LOV |
base cfilter title dasdomain callbackURL |
userDn userGuid userName nickName userEmail |
Group LOV |
otype base cfilter title dasdomain callbackURL |
groupDN groupGuid groupName groupDescription |
The parameters described in Table 15-3 are used with DAS units.
Table 15-3 DAS URL Parameter Descriptions
Parameter | Description |
---|---|
homeURL |
The URL that is linked to the global button Home. When the calling application specifies this value, clicking Home redirects the DAS unit to the URL specified by this parameter. |
doneURL |
This URL is used by DAS to redirect the DAS page at the end of each operation. In the case of Create User, once the user is created, clicking OK redirects the URL to this location. |
callbackURL |
DAS uses this URL to send return values to the invoking application. For UserLOV and GroupLOV units, the return values are submitted as HTML form parameters through the HTTP POST method. |
cancelURL |
This URL is linked with all the Cancel buttons shown in the DAS units. Any time the user clicks Cancel, the page is redirected to the URL specified by this parameter. |
enablePA |
This parameter takes a Boolean value of true or false. Set to true, the parameter enables the Assign Privileges in User or Group operation. If the |
userGUID |
This is the GUID of the user to be edited or deleted. This corresponds to the orclguid attribute. Specifying the GUID causes the search for the user step in either editUser or deleteUser units to be skipped. |
GroupGUID |
This is the GUID of the group to be edited or deleted. This corresponds to the orclguid attribute. Specifying the GUID causes the search for the group step in either editGroup or deleteGroup units to be skipped. |
parentDN |
When this parameter is specified in CreateGroup, the group is created under this container. If the parameter is not specified, group creation defaults to the group search base. |
base |
This parameter represents the search base in the case of search operations. |
cfilter |
This parameter represents the filter to be used for the search. This filter is LDAP compliant. |
title |
This parameter represents the title to be shown in the Search and Select LOV page. |
otype |
This parameter represents the object type used for search. Values supported are |
returnGUID |
This parameter is appended to the done URL in case of a create operation. The value will be the orclguid of the new object. |
dasdomain |
This parameter is needed only when the browser is Internet Explorer and the calling URL and the DAS URL are on different hosts and in the same domain. An example value is us.oracle.com. Note the calling application also needs to set the |
enableHomeUR |
When this parameter is passed with a value of false, the service unit will be rendered without the home button and home link. By default, the parameter is set to true. |
enableHelpURL |
When this parameter is passed with a value of false, the service unit will be rendered without the help button and help link. By default, the parameter is set to true. |
DAS provides service units for searching and selecting users or groups. These service units are sometimes referred to as user or group List Of Values (LOV).
A custom application can open a popup window and populate its contents by supplying a search-and-select URL for a user or group by using a URL of the form:
http://das_host:das_port/oiddas/ui/oracle/ldap/das/search/LOVUserSearch ?title=User&callbackurl=http://app_host:app_port/custapp/Callback
or
http://das_host:das_port/oiddas/ui/oracle/ldap/das/search/LOVGroupSearch ?title=User&callbackurl=http://app_host:app_port/custapp/Callback
respectively. For example:
http://server02.example.com:7777/oiddas/ui/oracle/ldap/das/search/LOVUserSearch? Mary.Smith=User&callbackurl=http://server04.example.com:7778/custapp/Callback
In this example, server02.example.com:7777
is the host name and port of the Oracle Internet Directory DAS application server. server04.example.com:7778
is the host name and port of the custom application server. Mary.Smith
is a string that appears in the title of the Search and Select page. http://server04.example.com:7778/custapp/Callback
is a URL of the custom application server that receives the selected parameters for users or groups.
Note: To avoid popup blocking, the custom application may open the popup window with a URL on the local custom application server and immediately redirect to the Oracle Internet Directory DAS User or Group Search-and-Select URL. |
After a User or Group has been selected via the Oracle Internet Directory DAS User or Group Search-and-Select Service Unit, an HTTP form will be submitted to the callbackurl page using the POST method. The parameters defined in Table 15-4 and Table 15-5 are available to the callbackurl page:
Table 15-4 User Search and Select
Parameter | Description |
---|---|
userDn |
User's distinguished name. |
userGuid |
User's global unique ID. |
userName |
User's name. |
nickName |
User's nickname |
userEmail |
User's email. |
Table 15-5 Group Search and Select
Parameter | Description |
---|---|
groupDn |
Group's distinguished name. |
groupGuid |
Group's global unique ID. |
groupName |
Group's name. |
groupDescription |
Group's description. |
The callbackurl page in the popup window may transfer the form parameters to the invoking page in the opener window using JavaScript. It may then close the popup window.
Note: To avoid JavaScript security problems, the custom application may supply the callbackurl page on the same server as the invoking page. This enables the callbackurl page in the popup window and the invoking page in the opener window to communicate directly through JavaScript. |