Package com.softlayer.api.service.user.customer

Interface OpenIdConnect.Service

All Superinterfaces:
Customer.Service, Maskable, ResultLimitable, Service
Enclosing class:
OpenIdConnect
@ApiService("SoftLayer_User_Customer_OpenIdConnect")
public static interface OpenIdConnect.Service
extends Customer.Service
See Also:
SoftLayer_User_Customer_OpenIdConnect

  • Method Details

    • asAsync

      OpenIdConnect.ServiceAsync asAsync()
      Description copied from interface: Service
      Get an async version of this service
      Specified by:
      asAsync in interface Customer.Service
      Specified by:
      asAsync in interface Service

    • withNewMask

      OpenIdConnect.Mask withNewMask()
      Description copied from interface: Maskable
      Overwrite the existing mask on this service with a new one and return it
      Specified by:
      withNewMask in interface Customer.Service
      Specified by:
      withNewMask in interface Maskable

    • withMask

      OpenIdConnect.Mask withMask()
      Description copied from interface: Maskable
      Use the existing mask on this service or create it if not present
      Specified by:
      withMask in interface Customer.Service
      Specified by:
      withMask in interface Maskable

    • setMask

      void setMask​(OpenIdConnect.Mask mask)

    • activateOpenIdConnectUser

      @ApiMethod Void activateOpenIdConnectUser​(String verificationCode, Customer userInfo, String iamId)
      Completes invitation process for an OpenIdConnect user created by Bluemix Unified User Console.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::activateOpenIdConnectUser

    • checkPhoneFactorAuthenticationForPasswordSet

      @ApiMethod(instanceRequired=true) Boolean checkPhoneFactorAuthenticationForPasswordSet​(PasswordSet passwordSet, Binding authenticationContainer)
      Add a description here

      Specified by:
      checkPhoneFactorAuthenticationForPasswordSet in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::checkPhoneFactorAuthenticationForPasswordSet

    • completeInvitationAfterLogin

      @ApiMethod Void completeInvitationAfterLogin​(String providerType, String accessToken, String emailRegistrationCode)
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::completeInvitationAfterLogin

    • createObject

      @ApiMethod OpenIdConnect createObject​(OpenIdConnect templateObject, String password, String vpnPassword)
      Create a new user in the SoftLayer customer portal. It is not possible to set up SLL enable flags during object creation. These flags are ignored during object creation. You will need to make a subsequent call to edit object in order to enable VPN access.

      An account's master user and sub-users who have the User Manage permission can add new users.

      Users are created with a default permission set. After adding a user it may be helpful to set their permissions and device access.

      secondaryPasswordTimeoutDays will be set to the system configured default value if the attribute is not provided or the attribute is not a valid value.

      Note, neither password nor vpnPassword parameters are required.

      Password When a new user is created, an email will be sent to the new user's email address with a link to a url that will allow the new user to create or change their password for the SoftLayer customer portal.

      If the password parameter is provided and is not null, then that value will be validated. If it is a valid password, then the user will be created with this password. This user will still receive a portal password email. It can be used within 24 hours to change their password, or it can be allowed to expire, and the password provided during user creation will remain as the user's password.

      If the password parameter is not provided or the value is null, the user must set their portal password using the link sent in email within 24 hours.  If the user fails to set their password within 24 hours, then a non-master user can use the "Reset Password" link on the login page of the portal to request a new email. A master user can use the link to retrieve a phone number to call to assist in resetting their password.

      The password parameter is ignored for VPN_ONLY users or for IBMid authenticated users.

      vpnPassword If the vpnPassword is provided, then the user's vpnPassword will be set to the provided password.  When creating a vpn only user, the vpnPassword MUST be supplied.  If the vpnPassword is not provided, then the user will need to use the portal to edit their profile and set the vpnPassword.

      IBMid considerations When a SoftLayer account is linked to a Platform Services (PaaS, formerly Bluemix) account, AND the trait on the SoftLayer Account indicating IBMid authentication is set, then SoftLayer will delegate the creation of the user to PaaS. The Platform Services "invite user" API call is asynchronous, and so no user object can be returned from this API call. In this specific case, this API will throw a SoftLayer_Exception_User_Customer_DelegateIamIdInvitationToPaas exception, with text indicating that the call was at least accepted by Platform Services. The Platform Services API is the preferred API for creating users based on IBMid in a linked account pair. If you have automation using this API that depends on getting a synchronous response with a user object with an id, you should contact SoftLayer Support to have the "IBMid authentication" trait set to 0 on this account. In that case, a normal SoftLayer user will be created (no IBMid association set up) and the createObject call will return synchronously as before.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::createObject

    • createOpenIdConnectUserAndCompleteInvitation

      @ApiMethod String createOpenIdConnectUserAndCompleteInvitation​(String providerType, Customer user, String password, String registrationCode)
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::createOpenIdConnectUserAndCompleteInvitation

    • declineInvitation

      @ApiMethod Void declineInvitation​(String providerType, String registrationCode)
      Declines an invitation to link an OpenIdConnect identity to a SoftLayer (Atlas) identity and account. Note that this uses a registration code that is likely a one-time-use-only token, so if an invitation has already been processed (accepted or previously declined) it will not be possible to process it a second time.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::declineInvitation

    • getDefaultAccount

      @ApiMethod(instanceRequired=true) Account getDefaultAccount​(String providerType)
      This API gets the account associated with the default user for the OpenIdConnect identity that is linked to the current active SoftLayer user identity. When a single active user is found for that IAMid, it becomes the default user and the associated account is returned. When multiple default users are found only the first is preserved and the associated account is returned (remaining defaults see their default flag unset). If the current SoftLayer user identity isn't linked to any OpenIdConnect identity, or if none of the linked users were found as defaults, the API returns null. Invoke this only on IAMid-authenticated users.
      Specified by:
      getDefaultAccount in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getDefaultAccount

    • getLoginAccountInfoOpenIdConnect

      @ApiMethod LoginAccountInfo getLoginAccountInfoOpenIdConnect​(String providerType, String accessToken)
      Validates a supplied OpenIdConnect access token to the SoftLayer customer portal and returns the default account name and id for the active user. An exception will be thrown if no matching customer is found.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getLoginAccountInfoOpenIdConnect

    • getMappedAccounts

      @ApiMethod(instanceRequired=true) List<Account> getMappedAccounts​(String providerType)
      An OpenIdConnect identity, for example an IAMid, can be linked or mapped to one or more individual SoftLayer users, but no more than one SoftLayer user per account. This effectively links the OpenIdConnect identity to those accounts. This API returns a list of all active accounts for which there is a link between the OpenIdConnect identity and a SoftLayer user. Invoke this only on IAMid-authenticated users.
      Specified by:
      getMappedAccounts in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getMappedAccounts

    • getObjectForOpenIdConnect

      @ApiMethod(value="getObject", instanceRequired=true) OpenIdConnect getObjectForOpenIdConnect()
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getObject

    • getOpenIdRegistrationInfoFromCode

      @ApiMethod RegistrationInformation getOpenIdRegistrationInfoFromCode​(String providerType, String registrationCode)
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getOpenIdRegistrationInfoFromCode

    • getPortalLoginTokenOpenIdConnect

      @ApiMethod Token getPortalLoginTokenOpenIdConnect​(String providerType, String accessToken, Long accountId, Long securityQuestionId, String securityQuestionAnswer)
      Attempt to authenticate a supplied OpenIdConnect access token to the SoftLayer customer portal. If authentication is successful then the API returns a token containing the ID of the authenticated user and a hash key used by the SoftLayer customer portal to maintain authentication.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getPortalLoginTokenOpenIdConnect

    • getRequirementsForPasswordSetForOpenIdConnect

      @ApiMethod(value="getRequirementsForPasswordSet", instanceRequired=true) PasswordSet getRequirementsForPasswordSetForOpenIdConnect​(PasswordSet passwordSet)
      Retrieve the authentication requirements for an outstanding password set/reset request. The requirements returned in the same SoftLayer_Container_User_Customer_PasswordSet container which is provided as a parameter into this request. The SoftLayer_Container_User_Customer_PasswordSet::authenticationMethods array will contain an entry for each authentication method required for the user. See SoftLayer_Container_User_Customer_PasswordSet for more details.

      If the user has required authentication methods, then authentication information will be supplied to the SoftLayer_User_Customer::processPasswordSetRequest method within this same SoftLayer_Container_User_Customer_PasswordSet container. All existing information in the container must continue to exist in the container to complete the password set/reset process.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getRequirementsForPasswordSet

    • getUserForUnifiedInvitation

      @ApiMethod OpenIdConnect getUserForUnifiedInvitation​(String openIdConnectUserId, String uniqueIdentifier, String searchInvitationsNotLinksFlag)
      Returns an IMS User Object from the provided OpenIdConnect User ID or IBMid Unique Identifier for the Account of the active user. Enforces the User Management permissions for the Active User. An exception will be thrown if no matching IMS User is found. NOTE that providing IBMid Unique Identifier is optional, but it will be preferred over OpenIdConnect User ID if provided.
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getUserForUnifiedInvitation

    • getUserIdForPasswordSet

      @ApiMethod Long getUserIdForPasswordSet​(String key)
      Retrieve a user id using a password token provided to the user in an email generated by the SoftLayer_User_Customer::initiatePortalPasswordChange request. Password recovery keys are valid for 24 hours after they're generated.

      When a new user is created or when a user has requested a password change using initiatePortalPasswordChange, they will have received an email that contains a url with a token. That token is used as the parameter for getUserIdForPasswordSet. Once the user id is known, then the SoftLayer_User_Customer object can be retrieved which is necessary to complete the process to set or reset a user's password.
      Specified by:
      getUserIdForPasswordSet in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::getUserIdForPasswordSet

    • initiatePortalPasswordChange

      @ApiMethod Boolean initiatePortalPasswordChange​(String username)
      Sends password change email to the user containing url that allows the user the change their password. This is the first step when a user wishes to change their password. The url that is generated contains a one-time use token that is valid for only 24-hours.

      If this is a new master user who has never logged into the portal, then password reset will be initiated. Once a master user has logged into the portal, they must setup their security questions prior to logging out because master users are required to answer a security question during the password reset process. Should a master user not have security questions defined and not remember their password in order to define the security questions, then they will need to contact support at live chat or Revenue Services for assistance.

      Due to security reasons, the number of reset requests per username are limited within a undisclosed timeframe.
      Specified by:
      initiatePortalPasswordChange in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::initiatePortalPasswordChange

    • initiatePortalPasswordChangeByBrandAgent

      @ApiMethod(instanceRequired=true) Boolean initiatePortalPasswordChangeByBrandAgent​(String username)
      A Brand Agent that has permissions to Add Customer Accounts will be able to request the password email be sent to the Master User of a Customer Account created by the same Brand as the agent making the request. Due to security reasons, the number of reset requests are limited within an undisclosed timeframe.
      Specified by:
      initiatePortalPasswordChangeByBrandAgent in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::initiatePortalPasswordChangeByBrandAgent

    • isValidPortalPassword

      @ApiMethod(instanceRequired=true) Boolean isValidPortalPassword​(String password)
      Determine if a string is the given user's login password to the SoftLayer customer portal.
      Specified by:
      isValidPortalPassword in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::isValidPortalPassword

    • processPasswordSetRequest

      @ApiMethod(instanceRequired=true) Boolean processPasswordSetRequest​(PasswordSet passwordSet, Binding authenticationContainer)
      Set the password for a user who has an outstanding password request. A user with an outstanding password request will have an unused and unexpired password key. The password key is part of the url provided to the user in the email sent to the user with information on how to set their password. The email was generated by the SoftLayer_User_Customer::initiatePortalPasswordRequest request. Password recovery keys are valid for 24 hours after they're generated.

      If the user has required authentication methods as specified by in the SoftLayer_Container_User_Customer_PasswordSet container returned from the SoftLayer_User_Customer::getRequirementsForPasswordSet request, then additional requests must be made to processPasswordSetRequest to authenticate the user before changing the password. First, if the user has security questions set on their profile, they will be required to answer one of their questions correctly. Next, if the user has Verisign, Google Authentication, or Phone Factor on their account, they must authenticate according to the two-factor provider. All of this authentication is done using the SoftLayer_Container_User_Customer_PasswordSet container. If the user has Phone Factor authentication, additional requests to SoftLayer_User_Customer::checkPhoneFactorAuthenticationForPasswordSet is required until a response other than Awaiting Response is received.

      User portal passwords must match the following restrictions. Portal passwords must...
      * ...be over eight characters long.
      * ...be under twenty characters long.
      * ...contain at least one uppercase letter
      * ...contain at least one lowercase letter
      * ...contain at least one number
      * ...contain one of the special characters _ - | @ . , ? / ! ~ # $ % ^ & * ( ) { } [ ] \ + =
      * ...not match your username
      Specified by:
      processPasswordSetRequest in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::processPasswordSetRequest

    • selfPasswordChange

      @ApiMethod(instanceRequired=true) Void selfPasswordChange​(String currentPassword, String newPassword)
      Specified by:
      selfPasswordChange in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::selfPasswordChange

    • setDefaultAccount

      @ApiMethod(instanceRequired=true) Account setDefaultAccount​(String providerType, Long accountId)
      An OpenIdConnect identity, for example an IAMid, can be linked or mapped to one or more individual SoftLayer users, but no more than one per account. If an OpenIdConnect identity is mapped to multiple accounts in this manner, one such account should be identified as the default account for that identity. Invoke this only on IBMid-authenticated users.
      Specified by:
      setDefaultAccount in interface Customer.Service
      See Also:
      SoftLayer_User_Customer_OpenIdConnect::setDefaultAccount