Versions Compared

Old Version 1

changes.mady.by.user Ksawery Buczkowski

Saved on

compared with

New Version Current

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When developing integrations, it’s useful to test the endpoints with:
https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?tab=overview&hosting=server
Disabling search for only public api and searching for “ksso” should reveal endpoints provided by
Kantega SSO.

...

getAllIdPs

Gets information of all identity Providers configured in Kantega SSO, both active and inactive IDPs.

The authenticated user must have the SYS_ADMIN permission to call this resource.

GET

Code Block
rest/ksso/api/idp/1.0/idp/ids

Request

Example:https://<atlassian-product-base-url>/rest/ksso/api/info/1.0/idp/ids

Response

Status 200

Returns a list of identity Providers.

...

Returned if the user does not have system admin permission

getAllGroupsForIdp

Gets information about KSSO idp managed groups configuration

The authenticated user must have the SYS_ADMIN permission to call this resource.

...

Code Block
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups

Request

...

Example :https://<atlassian-product-base-url>/rest/ksso/api/infoidp/1.0/managedgroups/{idpId}/groups

Response

Status: 200

Returns a list of all managed groups for the specified IDP

Code Block
[
  "adminGroup",
  "adminGroup1",
  "adminGroup2",

Status: 401

Returned if the user does not have system admin permission.

getSpecificGroup

...

addGroup

Adds a new managed group associated with the Identity Provider.

The authenticated user must have the SYS_ADMIN permission to call this resource.

GET

Code Block
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{managedGroupName}

Request

Example :https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/idp12345/groups/adminGroup1

Response

Status: 204

Returns empty response with 204 code if the specified managed group is found in the IDP configuration

Status: 401

Returned if the user does not have system admin permission

addGroup

Adds a new managed group associated with the Identity Provider.

POST POST

Code Block
rest/ksso/api/idp/1.0/managedgroups

Use this method to include a new managed group to an existing IDP configuration. This can be beneficial in cases where access management and permissions based on group associations within an Identity Provider become critical. Before invoking this method, ensure that the IDP specified by the `idpId` already exists. If the IDP does not exist, or if the `addManagedGroup` name is already used, this operation might not succeed.
The `idpId` and `addManagedGroup` must not be empty for the addition to be successful.
Note that this method only handles the addition of the group and does not verify if the IDP has existing associations or configurations that might conflict. Use {@link IdpConfigResource} /rest/ksso/api/idp/1.0/idp/ids to obtain the list of existing IDPs.

Request

Example :

Element: group

Example: POST https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/<idpid>/groups/<groupName>

Request Body:

Code Block
{"idpId":"

...

<IdentityProvider id>","addManagedGroup":"

...

GroupName”}

Response

Status: 204

Returned if the new managed group is successfully stored.

...

In case of unhandled error while fetching the IDP configuration or if required parameters are missing.

Status: 401

Returned if the user does not have system admin permission.

replaceGroup

Replaces a managed group associated with the provided IDP ( Identity Provider).

The authenticated user must have the SYS_ADMIN permission to call this resource.

PUT

Code Block
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{groupToReplace}

The authenticated user must have the SYS_ADMIN permission to call this resource.

Use this method to include replace name of a new managed group to an existing IDP configuration. This can be beneficial in cases where access management and permissions based on group associations within an Identity Provider become critical. Before invoking this method, ensure that the IDP specified by the `idpId` already exists. If the IDP does not exist, or if the `addManagedGroup` name is already used, this operation might not succeed.
The `idpId` and `addManagedGroup` must not be empty for the addition to be successful.
Note that this method only handles the addition of the group and does not verify if the IDP has existing associations or configurations that might conflict. Use {@link IdpConfigResource}

Request

Example:https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/<idpid>/idp/ids to obtain the list of existing IDPs.

Request

Element: group

Example: groups/<groupToReplace>

Request Options (parameters):

  • groupToReplace - name of group to replace

  • idpid- Identity Provider that contains the group to replace

Request Body:

Code Block
{"idpId":"

...

<Identity Provider ID>","addManagedGroup":"

...

<NameOfGroup>”}

Response

Status: 204

Returned if the managed group is successfully replaced.

Status: 400

In case of unhandled error while fetching the IDP configuration or if required parameters are missing.

...

Returned if the user does not have system admin permission.

Status: 404

Returned if the managedGroup does not exist in the Identity provider.

getSpecificGroup

Checks whether KSSO managed group exists for a specific IDP (Identity Provider) configuration

The authenticated user must have the SYS_ADMIN permission to call this resource.

GET

Code Block
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{managedGroupName}

Request

Example: GET https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/ <idpId>/groups/<managedgroupName>

Response

Status: 204

Returned Returns empty response with 204 code if the specified managed group is successfully storedfound in the IDP configuration

Status: 400

In case of unhandled error while fetching the IDP configuration or if required parameters are missing.

Status: 404401

Returned if the user does not have system admin permission

removeGroup

Removes a managed group from the specified IDP (Identity Provider).

The authenticated user must have the SYS_ADMIN permission to call this resource.

DELETE

Code Block
rest/ksso/api/idp/1.0/managedgroups/{idpId}/groups/{managedGroupName}

This method is restricted to sysadmin users only. If the specified IDP is not found, a BAD_REQUEST response is returned. If the managed group is not found within the IDP, a NOT_FOUND response is returned. If the removal is successful, a NO_CONTENT response is returned.

Request

...

Element: group

Example:

...

Example:https://<atlassian-product-base-url>/rest/ksso/api/idp/1.0/managedgroups/ <idpid>/groups/<managedGroupName>

Request Options (parameters):

  • managedGroupName - name of group to remove

  • idpid- Identity Provider that contains the group to remove

Response

Status: 204

Returned if the managed group is successfully removed.

Status: 400

In case of unhandled error while fetching the IDP configuration or if required parameters are missing.

Status: 401

Returned if the user does not have system admin permission.

Status: 204404

Returned if the managed group is successfully removedthe managedGroupName does not exist in the Identity provider.