Layer7 API Management

Expand all | Collapse all

Using RESTMan to create a user in the IIP

  • 1.  Using RESTMan to create a user in the IIP

    Broadcom Employee
    Posted 08-12-2015 08:49 PM

    Creating a user in the Internal Identity Provider using RESTMan has a bit of a gotcha - it requires a Password field to be added. RESTMan does not return a user object with the Password field so it is unclear exactly how this is done. After some experimentation I discovered that the order of the elements matters and Password MUST be right after the Login element:


    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>

    <l7:User providerId="0000000000000000fffffffffffffffe" xmlns:l7="">







        <l7:Property key="accountExpiration">



        <l7:Property key="enabled">



        <l7:Property key="name">





  • 2.  Re: Using RESTMan to create a user in the IIP

    Posted 08-24-2018 08:38 PM

    This post helped me in creating the user while providing the password. I also want to give the role. How can I do it?

  • 3.  Re: Using RESTMan to create a user in the IIP

    Posted 08-16-2016 09:31 AM

    Thread is a little bit old, but was anyway useful, thanks for the Password trick.

    I couldn't find anywhere complete definition for this API call, we'd like also to specify the SQL existing field "change_password" when creating user.

    Is there anywhere the complete description of allowed Properties for the User RESTMAN API calls ?

  • 4.  Re: Using RESTMan to create a user in the IIP

    Broadcom Employee
    Posted 08-27-2018 01:40 PM

    You use a PUT request to the roles resource of RestMan to add a new role assignment. There are a few steps required to gather the information needed. It is expected that the identity has already been created in the IDP.


    First you need to know the id of the role. You can use:

      GET 1.0/roles

    but it will retrieve the entire list of roles, which can be very large if a lot of services and policies are defined. It is better to get the specific role by name:

      GET 1.0/roles?name=Administrator

    Extract the /l7:List/l7:Item/l7:Id field to get the ID of the role. The Administrator role ID *should* always be 0000000000000000ffffffffffffff9c.


    Next retrieve the IDP ID:

      GET 1.0/1.0/identityProviders

    then extract the /l7:List/l7:Item/l7:Id field to get the ID of the identity provider you will use. The Internal Identity Provider ID *should* always be 0000000000000000fffffffffffffffe.


    To generate the request for the PUT call, you can get the roles template by issuing a GET request to roles/{id}/assignments/template/addassignments, substituting {id} for the ID of the role:


    GET 1.0/roles/0000000000000000ffffffffffffff9c/assignments/template/addassignments
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:Item xmlns:l7="">
      <l7:Name>AddAssignmentsContext Template</l7:Name>
              <l7:entityType>User or Group</l7:entityType>


    Template calls always show the template as the l7:Resource content, so from that you can generate the request message for the PUT call starting at the l7:AddAssignmentsContext element. Note you will need to transfer the namespace down to the element. Once you have fleshed out the template you just PUT it to the role's assignments resource:


    PUT 1.0/roles/0000000000000000ffffffffffffff9c/assignments
    <l7:AddAssignmentsContext xmlns:l7="">

    You should get a 204 "No Content" response, so don't be too surprised when the response is blank.


    BTW this is basically described by the RestMan documentation if you look at the Roles resource, although some of the steps are not exactly intuitive so hopefully this response helps.

  • 5.  Re: Using RESTMan to create a user in the IIP

    Posted 08-27-2018 08:41 PM

    Thanks, I am able to create user and associate role.