User Search Operation

The User Search callout provides the ability to map the IBM Security Verify Access user name which is contained in the password update request into a user identity which is known to the configured pre and post password update REST services.

The User Search callout conforms to the querying resources using POST endpoint of the 'System for Cross-domain Identity Management: Protocol' RFC (RFC 7644) : section 3.4.3 (https://tools.ietf.org/html/rfc7644#section-3.4.3).

The filter used in the search operation is configurable and conforms to section 3.4.2.2 (https://tools.ietf.org/html/rfc7644#section-3.4.2) of the RFC. An example request can be:

POST /Users/.search
Host: example.com
Accept: application/scim+json
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Content-Length: ...

{ 
   "schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
   "attributes": [”id"], 
   "filter": ”personCode eq \"smith\"", 
   "count": 1 
}

An example response can be:

HTTP/1.1 200 OK 
Content-Type: application/scim+json

{ 
   "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"], 
   "totalResults":1, 
   "itemsPerPage":1, 
   "startIndex":1, 
   "Resources":[
     { "id":"2819c223-7f76-413861904646 }   ] 
}

An error page is returned to the client in the event that one of the following scenarios occur:

• an error occurs during the search;
• more than one user is located by the search;
• no user is found by the search

Parent topic: Password Callouts