Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Containerized IBM Security Key LifecycleManagerVersion 4.1
User Management REST ServiceDocumentation(BETA)
IBMIBM Confidential
DRAFT - NOT FOR PUBLICATION IBM Confidential
Note
Before you use this information and the product it supports, read the information in “Notices” on page43.
Product information
The Beta Program and this documentation is provided to you AS IS without any warranties express or implied, includingthe warranty of merchantability or fitness for a particular purpose. IBM may choose, in its own discretion, to changefeatures and functions this Beta Program prior to being made generally available or choose not to make this BetaProgram generally available.© Copyright International Business Machines Corporation 2008, 2020.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM Corp.
IBM Confidential DRAFT - NOT FOR PUBLICATION
Contents
Chapter 1. User management REST services.......................................................... 1Add Role REST Service................................................................................................................................1Add User Group REST Service.................................................................................................................... 3Assign Role to User REST Service.............................................................................................................. 5Assign Role to User Group REST Service................................................................................................... 7Assign User to Group REST Service........................................................................................................... 9Delete Role REST Service......................................................................................................................... 11Delete Role from User REST Service........................................................................................................13Delete Role from User Group REST Service.............................................................................................15Delete User REST Service......................................................................................................................... 17Delete User from Group REST Service.....................................................................................................19Delete User Group REST Service..............................................................................................................21Get Roles REST Service............................................................................................................................ 23Get Users REST Service............................................................................................................................ 27Get User Details REST Service................................................................................................................. 29Get User Role Details REST Service.........................................................................................................32Get User Groups REST Service.................................................................................................................34Get User Group Details REST Service...................................................................................................... 36Update Role REST Service........................................................................................................................ 39Update User Group REST Service.............................................................................................................41
Notices................................................................................................................43Terms and conditions for product documentation.................................................................................. 44Trademarks................................................................................................................................................ 45
iii
DRAFT - NOT FOR PUBLICATION IBM Confidential
iv
IBM Confidential DRAFT - NOT FOR PUBLICATION
Chapter 1. User management REST services
You can use the user management REST services or APIs to manage and work with IBM® Security Key Lifecycle Manager users, user roles, and user groups. You must have administrative privileges to perform these operations.
Add Role REST ServiceUse Add Role REST Service to add a user role in IBM Security Key Lifecycle Manager.
OperationPOST
URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/roles/{roleName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
roleName Specify a name for the user role that you want to add.
Path parameter
JSON object with the following specification.
JSON property name Description
description Specify a description for the role that you want to add.
Request Body
JSON object with the following specification.
© Copyright IBM Corp. 2008, 2020 1
DRAFT - NOT FOR PUBLICATION IBM Confidential
Response
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleAdd a user role
POST https://host:port/SKLM/rest/v1/ckms/usermanagement/roles/DS5000_Custom{"description":"Role for DS5000_custom device group"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM5004E",
2 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
"message": "CTGKM5004E Object with the same name DS5000_Custom already exists."}
Add User Group REST ServiceUse Add User Group REST Service to add a user group in IBM Security Key Lifecycle Manager.
OperationPOST
URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/groups/{groupName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
groupName Specify a name for the user group that you want to add.
Path Parameter
JSON object with the following specification.
JSON property name Description
description Specify a description for the user group that you want to add.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 3
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleAdd a user group
POST https://host:port/SKLM/rest/v1/ckms/usermanagement/groups/DS5000_CUSTOM_GROUP{"description":"This group is created for administering DS5000 device groups"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."
4 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
}
Assign Role to User REST ServiceUse Assign Role to User REST Service to assign a role to a user.
OperationPOST
URLhttps://<host>:<port/SKLM/rest/v1/ckms/usermanagement/rolesuser
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
roleName Required. Specify the name of the role that you want to assign to theuser.
userName Required. Specify the name of the user to which you want to assign arole.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 5
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleAssign a role to a user
POST https://host:port/SKLM/rest/v1/ckms/usermanagement/rolesuser{"roleName":"DS5000_Custom","userName":"DS5000user"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM3040E", "message": "CTGKM3040E Object with identifier DS5000_Custom cannot be found."}
6 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Assign Role to User Group REST ServiceUse Assign Role to User Group REST Service to assign a user role to a user group.
OperationPOST
URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/rolesgroup
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
roleName Specify the user role that you want to assign to the user group.
groupName Specify the user group to which you want to assign the role.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 7
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleAssign a role to a user group
POST https://host:port/SKLM/rest/v1/ckms/usermanagement/rolesgroup{"roleName":"DS5000_Custom","groupName":"DS5000_CUSTOM_GROUP"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."
8 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
}
Assign User to Group REST ServiceUse Assign User to Group REST Service to assign a user to a user group.
OperationPOST
URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/groupuser
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
groupName Specify the name of the user group to which you are adding the user.
userName Specify the user that you want to assign to the user group.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 9
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleAdd a user to a group
POST https://host:port/SKLM/rest/v1/ckms/usermanagement/groupuser{"groupName":"DS5000_CUSTOM_GROUP","userName":"DS5000user"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM5004E", "message": "CTGKM5004E Object with the same name DS5000user already exists."}
10 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Delete Role REST ServiceUse Delete Role REST Service to delete a user role.
OperationDELETE
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles/{roleName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
roleName Specify the name of the user role that you want to delete.
Path parameter
JSON object with the following specification.
Response
Chapter 1. User management REST services 11
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleDelete a user role
DELETE https://host:port/SKLM/rest/v1/ckms/usermanagement/roles/DS5000_new
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
12 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Delete Role from User REST ServiceUse Delete Role from User REST Service to delete the assignment of a user role from a user.
OperationDELETE
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesuser
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
roleName Specify the user role that you want to disassociate from a user.
userName Specify the user that has the assigned role.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 13
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleRemove a user role from a user
DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesgroup{"roleName":"DS5000_new","groupName":"DS5000_CUSTOM_GROUP"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."
14 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
}
Delete Role from User Group REST ServiceUse Delete Role from User Group REST Service to remove a user role from a user group. Theuser role is not removed but is disassociated from the user group.
OperationDELETE
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesgroup
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
roleName Specify the user role that you want to delete from the user group.
groupName Specify the user group from which you want to delete or disassociate therole.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 15
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleDelete a user role from a user group
DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesgroup{"roleName":"LTO_CUSTOM","groupName":"LTO_NEW"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."
16 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
}
Delete User REST ServiceUse Delete User REST Service to delete a user and remove all its assigned user roles and usergroups.
OperationDELETE
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/users/{userName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
userName Specify the user name of the user that you want to delete.
Path Parameter
JSON object with the following specification.
Response
Chapter 1. User management REST services 17
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleDelete a user
DELETE https://host:port/SKLM/rest/v1/ckms/usermanagement/users/LTOAdmin
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
18 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Delete User from Group REST ServiceUse Delete User from Group REST Service to remove a user from a user group.
OperationDELETE
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groupuser
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
groupName Specify the name of the user group from which you want to remove theuser.
userName Specify the name of the user that you want to remove.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 19
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleRemove a user from a user group
DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groupuser{"groupName":"DS5000_CUSTOM_GROUP","userName":"DS5000user"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."
20 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
}
Delete User Group REST ServiceUse Delete User Group REST Service to delete a user group. The assigned users and user roles arenot deleted but are disassociated from the group.
OperationDELETE
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups/{groupName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
groupName Specify the name of the user group that you want to delete.
Path parameter
JSON object with the following specification.
Response
Chapter 1. User management REST services 21
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleDelete a user group
DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups/LTO_NEW
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
22 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Get Roles REST ServiceUse Get Roles REST Service to retrieve a list of all the user roles in IBM Security Key LifecycleManager.
OperationGET
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
Response
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Response Headers
Chapter 1. User management REST services 23
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Content-Type application/json
Content-Language Locale for the response message.
Response Headers (continued)
JSON property name Description
code Returns 0 when the request is successful. Otherwise, returns 1.
For every role, the following details are returned:
name Returns the name of the user role.
description Returns the description of the user role.
isDefault Indicates whether the user role and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).
You cannot modify or delete a default user role.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExamplesRetrieve list of all the user roles
GET https://host:port/SKLM/rest/v1/ckms/usermanagement/roles
Success response
[ { "name": "administrator", "description": "", "isDefault": true }, { "name": "operator", "description": "", "isDefault": true }, { "name": "configurator", "description": "", "isDefault": true }, { "name": "monitor", "description": "", "isDefault": true }, { "name": "deployer",
24 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
"description": "", "isDefault": true }, { "name": "adminsecuritymanager", "description": "", "isDefault": true }, { "name": "nobody", "description": "", "isDefault": true }, { "name": "iscadmins", "description": "", "isDefault": true }, { "name": "klmSecurityOfficer", "description": "", "isDefault": true }, { "name": "klmBackup", "description": "", "isDefault": true }, { "name": "klmConfigure", "description": "", "isDefault": true }, { "name": "klmRestore", "description": "", "isDefault": true }, { "name": "klmAudit", "description": "", "isDefault": true }, { "name": "klmView", "description": "", "isDefault": true }, { "name": "klmCreate", "description": "", "isDefault": true }, { "name": "klmModify", "description": "", "isDefault": true }, { "name": "klmDelete", "description": "", "isDefault": true }, { "name": "klmGet", "description": "", "isDefault": true }, { "name": "klmAdminDeviceGroup", "description": "", "isDefault": true }, { "name": "LTO", "description": "", "isDefault": true }, { "name": "TS3592", "description": "", "isDefault": true
Chapter 1. User management REST services 25
DRAFT - NOT FOR PUBLICATION IBM Confidential
}, { "name": "DS5000", "description": "", "isDefault": true }, { "name": "DS8000", "description": "", "isDefault": true }, { "name": "GENERIC", "description": "", "isDefault": true }, { "name": "BRCD_ENCRYPTOR", "description": "", "isDefault": true }, { "name": "ONESECURE", "description": "", "isDefault": true }, { "name": "suppressmonitor", "description": "", "isDefault": true }, { "name": "ETERNUS_DX", "description": "", "isDefault": true }, { "name": "IBM_SYSTEM_X_SED", "description": "", "isDefault": true }, { "name": "XIV", "description": "", "isDefault": true }, { "name": "GPFS", "description": "", "isDefault": true }, { "name": "PEER_TO_PEER", "description": "", "isDefault": true }, { "name": "DS8000_TCT", "description": "", "isDefault": true }, { "name": "klmClientUser", "description": "", "isDefault": true }, { "name": "klmFileTransfer", "description": "", "isDefault": true }, { "name": "LTO_CUSTOM", "description": "This is a new role created for the custom LTO group", "isDefault": false }, { "name": "DS5000_Custom", "description": "Role for DS500_custom device group", "isDefault": false }
26 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
]
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
Get Users REST ServiceUse Get Users REST Service to retrieve a list of all the users in IBM Security Key Lifecycle Manager.
OperationGET
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/users
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
Response
Chapter 1. User management REST services 27
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns 0 when the request is successful. Otherwise, returns 1.
user Returns a comma-separated list of all the users.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExamplesRetrieve list of all the users
GET https://host:port/SKLM/rest/v1/ckms/usermanagement/users
Success response
[ "ds5000user", "sklmadmin", "ltouser"]
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."
28 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
}
Get User Details REST ServiceUse Get User Details REST Service to retrieve details of a user such as the assigned roles andgroups.
OperationGET
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/users/{userName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
userName Specify the user name for which you want to retrieve the details.
Path parameter
JSON object with the following specification.
Response
Chapter 1. User management REST services 29
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns 0 when the request is successful. Otherwise, returns 1.
name Returns the name of the user.
description Returns the description of the user.
isDefault Indicates whether the user and its associations are provided by defaultduring product installation (return value = true) or added later by a user(return value = false).
You cannot modify or delete a default user.
roles Returns details of the user roles that are assigned to the user.
groups Returns details of the user groups to which the user belongs.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleGet details of a user
GET https://host:port/SKLM/rest/v1/ckms/usermanagement/users/LTOuser
30 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Success response
{ "name": "ltouser", "isDefault": false, "roles": [ { "name": "monitor", "roleAssignment": "group", "groupName": "klmGUICLIAccessGroup", "isDefault": true }, { "name": "suppressmonitor", "roleAssignment": "group", "groupName": "klmGUICLIAccessGroup", "isDefault": true }, { "name": "klmConfigure", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmView", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmRestore", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmAudit", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmCreate", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "suppressmonitor", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmGet", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "LTO_CUSTOM", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "administrator", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmBackup", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmDelete", "roleAssignment": "group",
Chapter 1. User management REST services 31
DRAFT - NOT FOR PUBLICATION IBM Confidential
"groupName": "LTO_CUSTOM_GROUP", "isDefault": false } ], "groups": [ { "name": "klmGUICLIAccessGroup", "isDefault": false }, { "name": "LTO_CUSTOM_GROUP", "description": "This is a new group created for the administering extended LTO device", "isDefault": false } ]}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
Get User Role Details REST ServiceUse to retrieve details for a user role, such as role description, assigned users, and assigned groups.
OperationGET
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles/{roleName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
Response
32 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
roleName Specify the user role for which you want to retrieve the details.
Path parameter
JSON object with the following specification.
JSON property name Description
code Returns 0 when the request is successful. Otherwise, returns 1.
name Returns the name of the user role.
description Returns the description of the user role.
isDefault Indicates whether the user role and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).
You cannot modify or delete a default user role.
groups Returns details of the associated user groups.
users Returns details of the associated users.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
Chapter 1. User management REST services 33
DRAFT - NOT FOR PUBLICATION IBM Confidential
ExampleRetrieve details for a user role
GET https://host:port/SKLM/rest/v1/ckms/usermanagement/roles/LTO_CUSTOM
Success response
{ "name": "LTO_CUSTOM", "description": "This is a new role created for the custom LTO group", "isDefault": false, "groups": [ { "name": "LTO_CUSTOM_GROUP", "description": "This is a new group created for the administering extended LTO device", "isDefault": false } ], "users": []}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
Get User Groups REST ServiceUse Get User Groups REST Service to retrieve all the user groups in IBM Security Key LifecycleManager.
OperationGET
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Request Headers
34 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Header name Value
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers (continued)
Response
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns 0 when the request is successful. Otherwise, returns 1.
For every user group, the following details are returned:
name Returns the name of the user group.
description Returns the description of the user group.
isDefault Indicates whether the user group and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).
You cannot modify or delete a default user group.
roles Returns details of the roles that are assigned to the user group.
users Returns details of the users that are assigned to the user group.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
Error Response Body
JSON object with the following specification.
Chapter 1. User management REST services 35
DRAFT - NOT FOR PUBLICATION IBM Confidential
Description
message Returns a message that describes the error.
Error Response Body
JSON property name (continued)
ExamplesRetrieve list of all user groups
GET https://host:port/SKLM/rest/v1/ckms/usermanagement/groups
Success response
[ { "name": "klmGUICLIAccessGroup", "isDefault": true }, { "name": "klmSecurityOfficerGroup", "isDefault": true }, { "name": "LTOAdmin", "isDefault": true }, { "name": "LTOAuditor", "isDefault": true }, { "name": "LTOOperator", "isDefault": true }, { "name": "klmBackupRestoreGroup", "isDefault": true }, { "name": "LTO_CUSTOM_GROUP", "description": "This is a new group created for the administering extended LTO device", "isDefault": false }]
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
Get User Group Details REST ServiceUse Get User Group Details REST Service to retrieve details for a user group, such as assignedroles and assigned users.
OperationGET
URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/groups/{groupName}
36 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
Response
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns 0 when the request is successful. Otherwise, returns 1.
Success Response Body
JSON object with the following specification.
Chapter 1. User management REST services 37
DRAFT - NOT FOR PUBLICATION IBM Confidential
Description
name Returns the name of the user group.
description Returns the description of the user group.
isDefault Indicates whether the user group and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).
You cannot modify or delete a default user group.
roles Returns details of the roles that are assigned to the user group
users Returns details of the users that are assigned to the user group.
Success Response Body
JSON property name (continued)
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleRetrieve details of a user group
GET https://host:port/SKLM/rest/v1/ckms/usermanagement/groups/DS5000_CUSTOM_GROUP
Success response
{ "name": "DS5000_CUSTOM_GROUP", "description": "This group is created for administering DS5000 device groups", "isDefault": false, "roles": [ { "name": "DS5000_Custom", "description": "Role for DS500_custom device group", "isDefault": false } ], "users": [ { "name": "ds5000user", "isDefault": false } ]}
Error response
{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
38 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Update Role REST ServiceUse Update Role REST Service to modify a user role. You can modify the name and description of auser role.
OperationPUT
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles/{oldRoleName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
oldRoleName Specify the name of the role that you want to modify.
Path parameter
JSON object with the following specification.
JSON property name Description
newRoleName Specify a new name for the user role.
description Specify a description for the user role.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 39
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleModify a user role
PUT https://9.199.138.167:9443/SKLM/rest/v1/ckms/usermanagement/roles/DS5000_Custom{"newRoleName":"DS5000_new","description":"test change"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM5004E", "message": "CTGKM5004E Object with the same name DS5000_new already exists."}
40 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Update User Group REST ServiceUse Update User Group REST Service to modify an existing user group. You can modify the nameand description of a user group.
OperationPUT
URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups/{oldGroupName}
By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.
Request
Parameter Description
host Specify the IP address or host name of the IBM Security Key LifecycleManager server.
port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.
Request Parameters
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de
Request Headers
JSON property name Description
oldGroupName Specify the name of the user group that you want to modify.
Path parameter
JSON object with the following specification.
JSON property name Description
newGroupName Specify the new name for the user group.
description Specify a description for the user group that you want to modify.
Request Body
JSON object with the following specification.
Response
Chapter 1. User management REST services 41
DRAFT - NOT FOR PUBLICATION IBM Confidential
Header name Value and description
Status Code 200 OKThe request was successful. The response body contains therequested representation.
400 Bad RequestThe authentication information was not provided in the correctformat.
401 UnauthorizedThe authentication credentials were missing or incorrect.
404 Not Found ErrorThe processing of the request fails.
500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Response Headers
JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate if the operation was successful.
Success Response Body
JSON object with the following specification.
JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.
Error Response Body
JSON object with the following specification.
ExampleModify a user group
PUT https://host:port/SKLM/rest/v1/ckms/usermanagement/groups/LTO_CUSTOM_GROUP{"newGroupName":"LTO_NEW","description":"changing group name"}
Success response
{ "code": "0", "status": "Succeeded"}
Error response
{ "code": "CTGKM5004E", "message": "CTGKM5004E Object with the same name DS5000_Custom already exists."}
42 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer theproducts, services, or features discussed in this document in other countries. Consult your local IBMrepresentative for information on the products and services currently available in your area. Any referenceto an IBM product, program, or service is not intended to state or imply that only that IBM product,program, or service may be used. Any functionally equivalent product, program, or service that does notinfringe any IBM intellectual property right may be used instead. However, it is the user's responsibility toevaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:
IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785 US
For license inquiries regarding double-byte character set (DBCS) information, contact the IBM IntellectualProperty Department in your country or send inquiries, in writing, to:
Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan
The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law :
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITEDTO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR APARTICULAR PURPOSE.
Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions,therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not inany manner serve as an endorsement of those Web sites. The materials at those Web sites are not part ofthe materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785
© Copyright IBM Corp. 2008, 2020 43
DRAFT - NOT FOR PUBLICATION IBM Confidential
US
Such information may be available, subject to appropriate terms and conditions, including in some casespayment of a fee.
The licensed program described in this document and all licensed material available for it are provided byIBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or anyequivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, theresults obtained in other operating environments may vary significantly. Some measurements may havebeen made on development-level systems and there is no guarantee that these measurements will bethe same on generally available systems. Furthermore, some measurement may have been estimatedthrough extrapolation. Actual results may vary. Users of this document should verify the applicable datafor their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.
All statements regarding IBM's future direction or intent are subject to change or withdrawal withoutnotice, and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject to change withoutnotice. Dealer prices may vary.
This information is for planning purposes only. The information herein is subject to change before theproducts described become available.
This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to the names and addresses used by anactual business enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platformfor which the sample programs are written. These examples have not been thoroughly tested underall conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of theseprograms. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.
Each copy or any portion of these sample programs or any derivative work, must include a copyrightnotice as follows:© (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. ©Copyright IBM Corp. _enter the year or years_.
If you are viewing this information in softcopy form, the photographs and color illustrations might not bedisplayed.
Terms and conditions for product documentationPermissions for the use of these publications are granted subject to the following terms and conditions.Applicability
These terms and conditions are in addition to any terms of use for the IBM website.
44 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
Personal useYou may reproduce these publications for your personal, noncommercial use provided that allproprietary notices are preserved. You may not distribute, display or make derivative work of thesepublications, or any portion thereof, without the express consent of IBM.
Commercial useYou may reproduce, distribute and display these publications solely within your enterprise providedthat all proprietary notices are preserved. You may not make derivative works of these publications,or reproduce, distribute or display these publications or any portion thereof outside your enterprise,without the express consent of IBM.
RightsExcept as expressly granted in this permission, no other permissions, licenses or rights are granted,either express or implied, to the publications or any information, data, software or other intellectualproperty contained therein.IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the useof the publications is detrimental to its interest or, as determined by IBM, the above instructions arenot being properly followed.You may not download, export or re-export this information except in full compliance with allapplicable laws and regulations, including all United States export laws and regulationsIBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE PUBLICATIONSARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED ORIMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide. Other product and service names might betrademarks of IBM or other companies. A current list of IBM trademarks is available on the web at http://www.ibm.com/legal/copytrade.shtml.
Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks ortrademarks of Adobe Systems Incorporated in the United States, other countries, or both.
IT Infrastructure Library is a registered trademark of the Central Computer and TelecommunicationsAgency which is now part of the Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation orits subsidiaries in the United States and other countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of the Office of GovernmentCommerce, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/orits affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, othercountries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. andQuantum in the U.S. and other countries.
Notices 45
DRAFT - NOT FOR PUBLICATION IBM Confidential
46 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation
IBM Confidential DRAFT - NOT FOR PUBLICATION
IBM®
Product Number:
IBM Confidential