IoT

Register identities

You can register identities in AM manually, over REST, or dynamically during the authentication process.

These examples show how to register identities manually. Dynamic registration is covered in the IoT SDK examples and IoT Gateway examples:

  1. Before you can register an identity, get an admin SSO token from AM as follows:

    curl \
--header 'Content-Type: application/json' \
--header 'X-OpenAM-Username: amAdmin' \
--header 'X-OpenAM-Password: changeit' \
--header 'Accept-API-Version: resource=2.0, protocol=1.0' \
--request POST \
'http://am.localtest.me:8080/openam/json/authenticate'
{
    "tokenId": "yLiS5J55N…​lMxAAA.*",
    "successUrl": "/openam/console",
    "realm": "/"
}

  2. Save the tokenId returned in this request as a variable, for example:

    export tokenId=yLiS5J55N…​lMxAAA.*
echo $tokenId
yLiS5J55N…​lMxAAA.*

  3. Set the ID of the thing or gateway you are registering as a variable. The examples use manual-thing and manual-gateway as IDs:

    Set the ID for a thing 
    export ID=manual-thing
echo $ID
manual-thing
    Set the ID for a gateway 
    export ID=manual-gateway
echo $ID
manual-gateway

  4. Register an identity for the thing or gateway. These examples set a number of sample fields (thingKeys) for the thing or gateway you are registering:

    Register a thing 
    curl \
--request PUT \
--header 'Content-Type: application/json' \
--header 'Accept-Api-Version: resource=4.0, protocol=2.1' \
--cookie "iPlanetDirectoryPro=${tokenId}" \
--data '{
  "userPassword": "5tr0ngG3n3r@ted",
  "thingType": "device",
  "thingKeys": "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
}' \
"http://am.localtest.me:8080/openam/json/realms/root/users/${ID}"
{
  "_id": "manual-thing",
  "_rev": "-1",
  "realm": "/",
  "username": "manual-thing",
  "objectClass": [
    "iplanet-am-managed-person",
    "inetuser",
    "fr-iot",
    "sunFMSAML2NameIdentifier",
    "inetorgperson",
    "devicePrintProfilesContainer",
    "pushDeviceProfilesContainer",
    "iPlanetPreferences",
    "iplanet-am-user-service",
    "forgerock-am-dashboard-service",
    "organizationalperson",
    "top",
    "kbaInfoContainer",
    "oathDeviceProfilesContainer",
    "person",
    "webauthnDeviceProfilesContainer",
    "sunAMAuthAccountLockout",
    "deviceProfilesContainer",
    "iplanet-am-auth-configuration-service"
  ],
  "dn": [
    "uid=manual-thing,ou=people,dc=openam,dc=forgerock,dc=org"
  ],
  "cn": [
    "manual-thing"
  ],
  "thingKeys": [
    "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
  ],
  "createTimestamp": [
    "20220629131020Z"
  ],
  "uid": [
    "manual-thing"
  ],
  "universalid": [
    "id=manual-thing,ou=user,dc=openam,dc=forgerock,dc=org"
  ],
  "inetUserStatus": [
    "Active"
  ],
  "sn": [
    "manual-thing"
  ],
  "thingType": [
    "device"
  ]
}

    Log in to the AM admin UI and select Identities in the Top Level Realm. You should see the manual-thing in the list.

    Register a gateway 
    curl \
--request PUT \
--header 'Content-Type: application/json' \
--header 'Accept-Api-Version: resource=4.0, protocol=2.1' \
--cookie "iPlanetDirectoryPro=${tokenId}" \
--data '{
 "userPassword": "5tr0ngG3n3r@ted",
 "thingType": "gateway",
    "thingKeys": "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
}' \
"http://am.localtest.me:8080/openam/json/realms/root/users/${ID}"
{
  "_id": "manual-gateway",
  "_rev": "-1",
  "realm": "/",
  "username": "manual-gateway",
  "objectClass": [
    "iplanet-am-managed-person",
    "inetuser",
    "fr-iot",
    "sunFMSAML2NameIdentifier",
    "inetorgperson",
    "devicePrintProfilesContainer",
    "iplanet-am-user-service",
    "iPlanetPreferences",
    "pushDeviceProfilesContainer",
    "forgerock-am-dashboard-service",
    "organizationalperson",
    "top",
    "kbaInfoContainer",
    "person",
    "sunAMAuthAccountLockout",
    "oathDeviceProfilesContainer",
    "webauthnDeviceProfilesContainer",
    "iplanet-am-auth-configuration-service",
    "deviceProfilesContainer"
  ],
  "dn": [
    "uid=manual-gateway,ou=people,dc=openam,dc=forgerock,dc=org"
  ],
  "cn": [
    "manual-gateway"
  ],
  "thingKeys": [
    "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"cbnztC8J_l2feNf0aTFBDDQJuvrd2JbLPoOAxHR2N8o=\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
  ],
  "createTimestamp": [
    "20200826104156Z"
  ],
  "uid": [
    "manual-gateway"
  ],
  "universalid": [
    "id=manual-gateway,ou=user,dc=openam,dc=forgerock,dc=org"
  ],
  "inetUserStatus": [
    "Active"
  ],
  "sn": [
    "manual-gateway"
  ],
  "thingType": [
    "gateway"
  ]
}

    Log in to the AM admin UI and select Identities in the Top Level Realm. You should see the manual-gateway in the list.

Copyright © 2010-2023 ForgeRock, all rights reserved.