Register Identities

You can register identities in AM manually, over REST, or dynamically during the authentication process. These examples show how to register identities manually. Dynamic registration is covered in the IoT SDK Examples and IoT Gateway Examples:

Before you can register an identity, obtain an admin SSO token from AM as follows:

curl \
--header 'Content-Type: application/json' \
--header 'X-OpenAM-Username: amAdmin' \
--header 'X-OpenAM-Password: changeit' \
--header 'Accept-API-Version: resource=2.0, protocol=1.0' \
--request POST \
'http://am.localtest.me:8080/openam/json/authenticate'
{
    "tokenId": "yLiS5J55N...lMxAAA.*",
    "successUrl": "/openam/console",
    "realm": "/"
}

Save the tokenId returned in this request as a variable, for example:

export tokenId=yLiS5J55N...lMxAAA.*
echo $tokenId
yLiS5J55N...lMxAAA.*

Set the ID of the thing or gateway you are registering as a variable. The examples use manual-thing and manual-gateway as IDs:
Set the ID for a Thing
```
export ID=manual-thing
echo $ID
manual-thing
```
Set the ID for a Gateway
```
export ID=manual-gateway
echo $ID
manual-gateway
```

Register an identity for the Thing or gateway. These examples set a few sample fields (thingKeys) for the Thing or gateway you are registering:

Register a Thing

curl \
--header 'Content-Type: application/json' \
--header 'Accept-Api-Version: resource=4.0, protocol=2.1' \
--cookie "iPlanetDirectoryPro=${tokenId}" \
--data '{
  "userPassword": "5tr0ngG3n3r@ted",
  "thingType": "device",
  "thingKeys": "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"pop.cnf\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
}' \
--request PUT \
"http://am.localtest.me:8080/openam/json/realms/root/users/${ID}"
{
  "_id": "manual-thing",
  "_rev": "-1",
  "realm": "/",
  "username": "manual-thing",
  "objectClass": [
    "iplanet-am-managed-person",
    "inetuser",
    "fr-iot",
    "sunFMSAML2NameIdentifier",
    "inetorgperson",
    "devicePrintProfilesContainer",
    "iplanet-am-user-service",
    "iPlanetPreferences",
    "pushDeviceProfilesContainer",
    "forgerock-am-dashboard-service",
    "organizationalperson",
    "top",
    "kbaInfoContainer",
    "person",
    "sunAMAuthAccountLockout",
    "oathDeviceProfilesContainer",
    "webauthnDeviceProfilesContainer",
    "iplanet-am-auth-configuration-service",
    "deviceProfilesContainer"
  ],
  "dn": [
    "uid=manual-thing,ou=people,dc=openam,dc=forgerock,dc=org"
  ],
  "cn": [
    "manual-thing"
  ],
  "thingKeys": [
    "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"pop.cnf\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
  ],
  "createTimestamp": [
    "20200825154443Z"
  ],
  "uid": [
    "manual-thing"
  ],
  "universalid": [
    "id=manual-thing,ou=user,dc=openam,dc=forgerock,dc=org"
  ],
  "inetUserStatus": [
    "Active"
  ],
  "sn": [
    "manual-thing"
  ],
  "thingType": [
    "device"
  ]
}

If you sign in to the AM Admin UI and select Identities in the Top Level Realm, you will see the manual-thing in the list.

Register a Gateway

curl \
--header 'Content-Type: application/json' \
--header 'Accept-Api-Version: resource=4.0, protocol=2.1' \
--cookie "iPlanetDirectoryPro=${tokenId}" \
--data '{
 "userPassword": "5tr0ngG3n3r@ted",
 "thingType": "gateway",
 "thingKeys": "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"pop.cnf\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
}' \
--request PUT \
"http://am.localtest.me:8080/openam/json/realms/root/users/${ID}"
{
  "_id": "manual-gateway",
  "_rev": "-1",
  "realm": "/",
  "username": "manual-gateway",
  "objectClass": [
    "iplanet-am-managed-person",
    "inetuser",
    "fr-iot",
    "sunFMSAML2NameIdentifier",
    "inetorgperson",
    "devicePrintProfilesContainer",
    "iplanet-am-user-service",
    "iPlanetPreferences",
    "pushDeviceProfilesContainer",
    "forgerock-am-dashboard-service",
    "organizationalperson",
    "top",
    "kbaInfoContainer",
    "person",
    "sunAMAuthAccountLockout",
    "oathDeviceProfilesContainer",
    "webauthnDeviceProfilesContainer",
    "iplanet-am-auth-configuration-service",
    "deviceProfilesContainer"
  ],
  "dn": [
    "uid=manual-gateway,ou=people,dc=openam,dc=forgerock,dc=org"
  ],
  "cn": [
    "manual-gateway"
  ],
  "thingKeys": [
    "{\"keys\":[{\"use\":\"sig\",\"kty\":\"EC\",\"kid\":\"pop.cnf\",\"crv\":\"P-256\",\"alg\":\"ES256\",\"x\":\"wjC9kMzwIeXNn6lsjdqplcq9aCWpAOZ0af1_yruCcJ4\",\"y\":\"ihIziCymBnU8W8m5zx69DsQr0sWDiXsDMq04lBmfEHw\"}]}"
  ],
  "createTimestamp": [
    "20200826104156Z"
  ],
  "uid": [
    "manual-gateway"
  ],
  "universalid": [
    "id=manual-gateway,ou=user,dc=openam,dc=forgerock,dc=org"
  ],
  "inetUserStatus": [
    "Active"
  ],
  "sn": [
    "manual-gateway"
  ],
  "thingType": [
    "gateway"
  ]
}

If you sign in to the AM Admin UI and select Identities in the Top Level Realm, you will see the manual-gateway in the list.