PingIDM 7.5.0

Progressive profile REST requests

Progressive profiling is deprecated and will be removed in a future release of IDM. For more information, refer to Deprecation.

The following REST requests and responses demonstrate the flow through a profile completion process, given the previous configuration:

  1. Client attempts a login for the 25th time:

    curl \
     --header "X-OpenIDM-Username: bjensen" \
     --header "X-OpenIDM-Password: Passw0rd" \
     --header "X-OpenIDM-NoSession: false" \
     --request POST \
     "https://localhost:8443/openidm/authentication?_action=login"
    {
      "_id": "login",
      "authorization": {
        "userRolesProperty": "authzRoles",
        "processesRequired": true,
        "component": "managed/user",
        "authLogin": true,
        "authenticationIdProperty": "username",
        "roles": [],
        "ipAddress": "0:0:0:0:0:0:0:1",
        "protectedAttributeList": ["password"],
        "requiredProfileProcesses": ["selfservice/profile"],
        "id": "51c6c46d-3d7b-4671-8295-0c8ee39e8549",
        "moduleId": "MANAGED_USER",
        "queryId": "credential-query"
      },
      "authenticationId": "bjensen"
    }
    The values of the requiredProfileProcesses and roles properties in the returned output trigger the remainder of the process. If requiredProfileProcesses is present and not empty, there are processes that must be completed. Ultimately, the process must return a full access role (such as internal/role/openidm-authorized) and continue to the user profile page.
  2. Server sends a GET request to the profile endpoint and returns "type": "conditionaluser" and "tag": "initial" to start the profile completion process:

    curl \
     --header "X-OpenIDM-Username: anonymous" \
     --header "X-OpenIDM-Password: anonymous" \
     --request GET \
     "https://localhost:8443/openidm/selfservice/profile"
    {
    	"_id": "1",
    	"_rev": "991096945",
    	"type": "conditionaluser",
    	"tag": "initial",
    	"requirements": {
    		"$schema": "http://json-schema.org/draft-04/schema#",
    		"description": "Attribute Details",
    		"type": "object",
    		"properties": {},
    		"attributes": [{
    			"name": "telephoneNumber",
    			"isRequired": true,
    			"schema": {
    				"type": "string",
    				"title": "Telephone Number",
    				"description": "Telephone Number",
    				"viewable": true,
    				"userEditable": true,
    				"pattern": "^\\+?([0-9\\- \\(\\)])*$",
    				"usageDescription": "",
    				"isPersonal": true
    			},
    			"value": null
    		}],
    		"uiConfig": {
    			"displayName": "Add your telephone number",
    			"purpose": "Help us verify your identity",
    			"buttonText": "Save"
    		}
    	}
    }
  3. Client submits requirements, in this case, the required profile field. Server response includes "tag": "end" and "success": true to signal the end of the profile process:

    curl \
     --header "X-OpenIDM-Username: anonymous" \
     --header "X-OpenIDM-Password: anonymous" \
     --request POST \
     --data '{
         "input":{
             "attributes":{
                 "telephoneNumber":"555-555-1234"
             }
         }
     }'
     "https://localhost:8443/openidm/selfservice/reset?_action=submitRequirements"
    {
    	"type": "conditionaluser",
    	"tag": "end",
    	"status": {
    		"success": true
    	},
    	"additions": {}
    }

Viewing profile completeness

You can view how complete a profile is, presented as the percentage of user-editable attributes that have been filled out on a profile. To do so, send a REST call to the selfservice/profile/completeness endpoint:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
 --request GET \
"http://localhost:8080/openidm/selfservice/profile/completeness/managed/user/3a8cabef-d4a3-4f60-926a-52f27257bde6"
{
  "_id": "managed/user/3a8cabef-d4a3-4f60-926a-52f27257bde6",
  "_rev": "00000000c38d9344",
  "completeness": 42.857143
}
Copyright © 2010-2024 ForgeRock, all rights reserved.