IoT

Register identities

You can register identities in AM manually, over REST, or dynamically during the authentication process.

These examples show how to register identities manually. Dynamic registration is covered in the IoT SDK examples and IoT Gateway examples:

  1. Before you can register an identity, get an admin SSO token from AM as follows:

    curl \
    --header 'Content-Type: application/json' \
    --header 'X-OpenAM-Username: amAdmin' \
    --header 'X-OpenAM-Password: changeit' \
    --header 'Accept-API-Version: resource=2.0, protocol=1.0' \
    --request POST \
    'http://am.localtest.me:8080/openam/json/authenticate'
    {
        "tokenId": "yLiS5J55N…​lMxAAA.*",
        "successUrl": "/openam/console",
        "realm": "/"
    }
  2. Save the tokenId returned in this request as a variable, for example:

    export tokenId=yLiS5J55N…​lMxAAA.*
    echo $tokenId
    yLiS5J55N…​lMxAAA.*
  3. Set the ID of the thing or gateway you are registering as a variable. The examples use manual-thing and manual-gateway as IDs:

    Set the ID for a thing
    export ID=manual-thing
    echo $ID
    manual-thing
    Set the ID for a gateway
    export ID=manual-gateway
    echo $ID
    manual-gateway
  4. Register an identity for the thing or gateway. These examples set a number of sample fields (thingKeys) for the thing or gateway you are registering:

    Register a thing
    curl \
    --request PUT \
    --header 'Content-Type: application/json' \
    --header 'Accept-Api-Version: resource=4.0, protocol=2.1' \
    --cookie "iPlanetDirectoryPro=${tokenId}" \
    --data '{
      "userPassword": "5tr0ngG3n3r@ted",
      "thingType": "device",
      "thingKeys": "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
    }' \
    "http://am.localtest.me:8080/openam/json/realms/root/users/${ID}"
    {
      "_id": "manual-thing",
      "_rev": "-1",
      "realm": "/",
      "username": "manual-thing",
      "objectClass": [
        "iplanet-am-managed-person",
        "inetuser",
        "fr-iot",
        "sunFMSAML2NameIdentifier",
        "inetorgperson",
        "devicePrintProfilesContainer",
        "pushDeviceProfilesContainer",
        "iPlanetPreferences",
        "iplanet-am-user-service",
        "forgerock-am-dashboard-service",
        "organizationalperson",
        "top",
        "kbaInfoContainer",
        "oathDeviceProfilesContainer",
        "person",
        "webauthnDeviceProfilesContainer",
        "sunAMAuthAccountLockout",
        "deviceProfilesContainer",
        "iplanet-am-auth-configuration-service"
      ],
      "dn": [
        "uid=manual-thing,ou=people,dc=openam,dc=forgerock,dc=org"
      ],
      "cn": [
        "manual-thing"
      ],
      "thingKeys": [
        "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
      ],
      "createTimestamp": [
        "20220629131020Z"
      ],
      "uid": [
        "manual-thing"
      ],
      "universalid": [
        "id=manual-thing,ou=user,dc=openam,dc=forgerock,dc=org"
      ],
      "inetUserStatus": [
        "Active"
      ],
      "sn": [
        "manual-thing"
      ],
      "thingType": [
        "device"
      ]
    }

    Log in to the AM admin UI and select Identities in the Top Level Realm. You should see the manual-thing in the list.

    Register a gateway
    curl \
    --request PUT \
    --header 'Content-Type: application/json' \
    --header 'Accept-Api-Version: resource=4.0, protocol=2.1' \
    --cookie "iPlanetDirectoryPro=${tokenId}" \
    --data '{
     "userPassword": "5tr0ngG3n3r@ted",
     "thingType": "gateway",
        "thingKeys": "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
    }' \
    "http://am.localtest.me:8080/openam/json/realms/root/users/${ID}"
    {
      "_id": "manual-gateway",
      "_rev": "-1",
      "realm": "/",
      "username": "manual-gateway",
      "objectClass": [
        "iplanet-am-managed-person",
        "inetuser",
        "fr-iot",
        "sunFMSAML2NameIdentifier",
        "inetorgperson",
        "devicePrintProfilesContainer",
        "iplanet-am-user-service",
        "iPlanetPreferences",
        "pushDeviceProfilesContainer",
        "forgerock-am-dashboard-service",
        "organizationalperson",
        "top",
        "kbaInfoContainer",
        "person",
        "sunAMAuthAccountLockout",
        "oathDeviceProfilesContainer",
        "webauthnDeviceProfilesContainer",
        "iplanet-am-auth-configuration-service",
        "deviceProfilesContainer"
      ],
      "dn": [
        "uid=manual-gateway,ou=people,dc=openam,dc=forgerock,dc=org"
      ],
      "cn": [
        "manual-gateway"
      ],
      "thingKeys": [
        "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
      ],
      "createTimestamp": [
        "20200826104156Z"
      ],
      "uid": [
        "manual-gateway"
      ],
      "universalid": [
        "id=manual-gateway,ou=user,dc=openam,dc=forgerock,dc=org"
      ],
      "inetUserStatus": [
        "Active"
      ],
      "sn": [
        "manual-gateway"
      ],
      "thingType": [
        "gateway"
      ]
    }

    Log in to the AM admin UI and select Identities in the Top Level Realm. You should see the manual-gateway in the list.

Copyright © 2010-2022 ForgeRock, all rights reserved.