IBM Security Identity Manager (a.k.a ISIM) is an automated and policy-based solution that manages user access across IT environments, helping to drive effective identity management and governance across the enterprise. By using roles, accounts, and access permissions, it helps automate the creation, modification, and termination of user privileges throughout the entire user lifecycle.

ISIM has been using WebServices, JAVA API and REST API for a while, although the first two has been introduced a long time ago, REST API is relatively new, in this article, I will provide you with some common REST calls to get you up to speed.

Common 3 authentication steps

Before any REST API call, you must do some pre-calls to get required tokens, these calls are listed in order as follow:

  1. Get jSessionID cookie: jSessionID can easily be retrieved using the below cURL command
  1. Get LTPA2 Token: LTPA2 Token cookie can be retrieved after a successful bind to ISIM, use a valid username/password as follow:
  1. Get CSRF Token: CSRF Token will only be required if a PUT or POST calls are to be made, in this case, you can call {{isimurl}}/itim/rest/systemusers/me to get it as header attribute, use something like this to achieve this task:
CSRF Token will be something like this: C4F5A31CA30DE1E364FC124B3E937DC8

Sample REST API Calls

Once you successfully execute the 3-common steps above, you can then perform any REST API call, you can download the full set of REST APIs that I have created here: https://www.dropbox.com/s/reih24vrh57a0og/ISIM%20REST%20Calls.json?dl=0

Some REST APIs samples are listed below:

Organization Container Lookup

Returns information about the specified organizational container.

Request

URL:

Method:

GET

Parameters

Parameter Description
category [Path Parameter] Specifies the type of organizational container to look up. Valid values are – “admindomains”, “bporganizations”, “organizationunits”, “locations”, and “organizations”. The values are case=insensitive.
organizationContainerId [Path Parameter] Unique Identifier for an organizational container.
attributes [Query Parameter] Optional: Specifies comma-separated attributes to return for the organizational container. The specified attributes are returned in the “_attributes” section of the response. Specifying a value of “*” returns all of the attributes. By default all the attributes are returned. Example – ?attributes=l
embedded [Query Parameter] Optional: Specifies the comma-separated attributes to return for a reference attribute of an organizational container (eg. ersupervisor). The specified attributes are returned in the “_embedded” section of the response. Specifying a value of ‘*’ after reference attribute returns all the properties of the reference attribute. Example – ?embedded=ersupervisor.cn.

Headers

Header Description

Request Example

Response

Code: 200

OK. The request was successful.

Response Example

Person Modify

Modifies information for the specified user.

Request

URL:

Method:

PUT

Parameters

Parameter Description
personId Unique identifier for a user.

Headers

Header Description

Request Example

Response

Code: 202

The requested was accepted.

Response Example

Validate Change Password

Validate whether the provided password complies with password rules.

Request

URL:

 

Note:Password synchronization status can be determined by making a GET call to http://hostname:port/itim/rest/password/configuration via the attribute “isSynchPassword” returned in the response.

Method:

PUT

READ ALSO  [AppScan] Session Fixation attack

Parameters

Parameter Description

Headers

Header Description
X-HTTP-Method-Override Use ‘validate-error-check-only’ to validate the password against rules. Example – X-HTTP-Method-Override = validate-error-check-only

Request Example

Response

Code: 200

OK. The request was successful.

Response Example

The following two tabs change content below.
Ayoub Bahar, 25 years old, founder of this blog, I am passionate about coding, hacking, cracking and everything related to the new technologies. Follow me to get my latest articles.
READ ALSO  Download CEH V9 Courseware + Tools for FREE!

Latest posts by AYOUB BAHAR (see all)

Written by AYOUB BAHAR
Ayoub Bahar, 25 years old, founder of this blog, I am passionate about coding, hacking, cracking and everything related to the new technologies. Follow me to get my latest articles.