Package com.softlayer.api.service.user.customer

Interface OpenIdConnect.Service

    • Method Detail

      • createObject

        @ApiMethod
OpenIdConnect createObject​(OpenIdConnect templateObject,
                           String password,
                           String vpnPassword)
        Create a new user in the SoftLayer customer portal. createObject() creates a user's portal record and adds them into the SoftLayer community forums. It is not possible to set up SLL or PPTP enable flags during object creation. These flags are ignored during object creation. You will need to make a subsequent call to edit object in order to enable VPN access. An account's master user and sub-users who have the User Manage permission can add new users. createObject() creates users with a default permission set. After adding a user it may be helpful to set their permissions and hardware access.

        Note, neither password nor vpnPassword parameters are required.

        Password When a new user is created, an email will be sent to the new user's email address with a link to a url that will allow the new user to create or change their password for the SoftLayer customer portal.

        If the password parameter is provided and is not null, then that value will be validated. If it is a valid password, then the user will be created with this password. This user will still receive a portal password email. It can be used within 24 hours to change their password, or it can be allowed to expire, and the password provided during user creation will remain as the user's password.

        If the password parameter is not provided or the value is null, the user must set their portal password using the link sent in email within 24 hours.  If the user fails to set their password within 24 hours, then a non-master user can use the "Reset Password" link on the login page of the portal to request a new email. A master user can use the link to retrieve a phone number to call to assist in resetting their password.

        The password parameter is ignored for VPN_ONLY users or for IBMid authenticated users.

        vpnPassword If the vpnPassword is provided, then the user's vpnPassword will be set to the provided password.  When creating a vpn only user, the vpnPassword MUST be supplied.  If the vpnPassword is not provided, then the user will need to use the portal to edit their profile and set the vpnPassword.

        IBMid considerations When a SoftLayer account is linked to a Platform Services (PaaS, formerly Bluemix) account, AND the trait on the SoftLayer Account indicating IBMid authentication is set, then SoftLayer will delegate the creation of the user to PaaS. The Platform Services "invite user" API call is asynchronous, and so no user object can be returned from this API call. In this specific case, this API will throw a SoftLayer_Exception_User_Customer_DelegateIamIdInvitationToPaas exception, with text indicating that the call was at least accepted by Platform Services. The Platform Services API is the preferred API for creating users based on IBMid in a linked account pair. If you have automation using this API that depends on getting a synchronous response with a user object with an id, you should contact SoftLayer Support to have the "IBMid authentication" trait set to 0 on this account. In that case, a normal SoftLayer user will be created (no IBMid association set up) and the createObject call will return synchronously as before.
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::createObject

      • declineInvitation

        @ApiMethod
Void declineInvitation​(String providerType,
                       String registrationCode)
        Declines an invitation to link an OpenIdConnect identity to a SoftLayer (Atlas) identity and account. Note that this uses a registration code that is likely a one-time-use-only token, so if an invitation has already been processed (accepted or previously declined) it will not be possible to process it a second time.
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::declineInvitation

      • getDefaultAccount

        @ApiMethod(instanceRequired=true)
Account getDefaultAccount​(String providerType)
        This API gets the default account for the OpenIdConnect identity that is linked to the current SoftLayer user identity. If there is no default present, the API returns null, except in the special case where we find one active user linked to the IAMid. In that case, we will set the link from the IAMid to that user as default, and return the account of which that user is a member. Invoke this only on IAMid-authenticated users.
        Specified by:
        getDefaultAccount in interface Customer.Service
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::getDefaultAccount

      • getPortalLoginTokenOpenIdConnect

        @ApiMethod
Token getPortalLoginTokenOpenIdConnect​(String providerType,
                                       String accessToken,
                                       Long accountId,
                                       Long securityQuestionId,
                                       String securityQuestionAnswer)
        Attempt to authenticate a supplied OpenIdConnect access token to the SoftLayer customer portal. If authentication is successful then the API returns a token containing the ID of the authenticated user and a hash key used by the SoftLayer customer portal to maintain authentication.
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::getPortalLoginTokenOpenIdConnect

      • getRequirementsForPasswordSetForOpenIdConnect

        @ApiMethod(value="getRequirementsForPasswordSet",
           instanceRequired=true)
PasswordSet getRequirementsForPasswordSetForOpenIdConnect​(PasswordSet passwordSet)
        Retrieve the authentication requirements for an outstanding password set/reset request. The requirements returned in the same SoftLayer_Container_User_Customer_PasswordSet container which is provided as a parameter into this request. The SoftLayer_Container_User_Customer_PasswordSet::authenticationMethods array will contain an entry for each authentication method required for the user. See SoftLayer_Container_User_Customer_PasswordSet for more details.

        If the user has required authentication methods, then authentication information will be supplied to the SoftLayer_User_Customer::processPasswordSetRequest method within this same SoftLayer_Container_User_Customer_PasswordSet container. All existing information in the container must continue to exist in the container to complete the password set/reset process.
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::getRequirementsForPasswordSet

      • getUserForUnifiedInvitation

        @ApiMethod
OpenIdConnect getUserForUnifiedInvitation​(String openIdConnectUserId,
                                          String uniqueIdentifier,
                                          String searchInvitationsNotLinksFlag)
        Returns an IMS User Object from the provided OpenIdConnect User ID or IBMid Unique Identifier for the Account of the active user. Enforces the User Management permissions for the Active User. An exception will be thrown if no matching IMS User is found. NOTE that providing IBMid Unique Identifier is optional, but it will be preferred over OpenIdConnect User ID if provided.
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::getUserForUnifiedInvitation

      • getUserIdForPasswordSet

        @ApiMethod
Long getUserIdForPasswordSet​(String key)
        Retrieve a user id using a password token provided to the user in an email generated by the SoftLayer_User_Customer::initiatePortalPasswordChange request. Password recovery keys are valid for 24 hours after they're generated.

        When a new user is created or when a user has requested a password change using initiatePortalPasswordChange, they will have received an email that contains a url with a token. That token is used as the parameter for getUserIdForPasswordSet. Once the user id is known, then the SoftLayer_User_Customer object can be retrieved which is necessary to complete the process to set or reset a user's password.
        Specified by:
        getUserIdForPasswordSet in interface Customer.Service
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::getUserIdForPasswordSet

      • initiatePortalPasswordChange

        @ApiMethod
Boolean initiatePortalPasswordChange​(String username)
        Sends password change email to the user containing url that allows the user the change their password. This is the first step when a user wishes to change their password. The url that is generated contains a one-time use token that is valid for only 24-hours.

        If this is a new master user who has never logged into the portal, then password reset will be initiated. Once a master user has logged into the portal, they must setup their security questions prior to logging out because master users are required to answer a security question during the password reset process. Should a master user not have security questions defined and not remember their password in order to define the security questions, then they will need to contact support at live chat or Revenue Services for assistance.

        Due to security reasons, the number of reset requests per username are limited within a undisclosed timeframe.
        Specified by:
        initiatePortalPasswordChange in interface Customer.Service
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::initiatePortalPasswordChange

      • processPasswordSetRequest

        @ApiMethod(instanceRequired=true)
Boolean processPasswordSetRequest​(PasswordSet passwordSet,
                                  Binding authenticationContainer)
        Set the password for a user who has an outstanding password request. A user with an outstanding password request will have an unused and unexpired password key. The password key is part of the url provided to the user in the email sent to the user with information on how to set their password. The email was generated by the SoftLayer_User_Customer::initiatePortalPasswordRequest request. Password recovery keys are valid for 24 hours after they're generated.

        If the user has required authentication methods as specified by in the SoftLayer_Container_User_Customer_PasswordSet container returned from the SoftLayer_User_Customer::getRequirementsForPasswordSet request, then additional requests must be made to processPasswordSetRequest to authenticate the user before changing the password. First, if the user has security questions set on their profile, they will be required to answer one of their questions correctly. Next, if the user has Verisign, Google Authentication, or Phone Factor on their account, they must authenticate according to the two-factor provider. All of this authentication is done using the SoftLayer_Container_User_Customer_PasswordSet container. If the user has Phone Factor authentication, additional requests to SoftLayer_User_Customer::checkPhoneFactorAuthenticationForPasswordSet is required until a response other than Awaiting Response is received.

        User portal passwords must match the following restrictions. Portal passwords must...
        * ...be over eight characters long.
        * ...be under twenty characters long.
        * ...contain at least one uppercase letter
        * ...contain at least one lowercase letter
        * ...contain at least one number
        * ...contain one of the special characters _ - | @ . , ? / ! ~ # $ % ^ & * ( ) { } [ ] \ + =
        * ...not match your username
        Specified by:
        processPasswordSetRequest in interface Customer.Service
        See Also:
        SoftLayer_User_Customer_OpenIdConnect::processPasswordSetRequest