AD FS API

The following operations are intended for AD FS integration, and expose information about a given user, which can be used to issue SAML assertions containing all relevant information about the user

Required Role

All the operations in the AD FS API are available to any clients that has at least the "Læseadgang" role assigned to them.

Get Roles as OIO-BPP

This operation will generate the OIO-BPP structure containing the users roles for a given it-system.

Path Parameters

Table 1. /api/user/{userid}/roles
Parameter	Description
`userid`	The users userid (fx: bbog)

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Request Parameters

Parameter Description

Parameter	Description
`system`	The identifier of the it-system (fx: SAPA) - if not supplied, all roles for all it-systems are returned

system

The identifier of the it-system (fx: SAPA) - if not supplied, all roles for all it-systems are returned

Response Fields

Path Type Description

Path	Type	Description
`oioBPP`	`String`	Base64 encoded string, containing a OIO-BPP representation of the users roles
`nameID`	`String`	Subject NameID in X.509 format
`roleMap`	`Object`	Map with id/name of roles in oioBPP structure

oioBPP

String

Base64 encoded string, containing a OIO-BPP representation of the users roles

nameID

String

Subject NameID in X.509 format

roleMap

Object

Map with id/name of roles in oioBPP structure

Example request

GET /api/user/bbog/roles?system=KOMBIT HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 682

{
  "nameID" : "C=DK,O=12345678,CN=Bente Børgesen,Serial=93171e0a-7b1a-4642-8611-d5c8cae73a29",
  "oioBPP" : "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48YnBwOlByaXZpbGVnZUxpc3QgeG1sbnM6YnBwPSJodHRwOi8vaXRzdC5kay9vaW9zYW1sL2Jhc2ljX3ByaXZpbGVnZV9wcm9maWxlIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj48UHJpdmlsZWdlR3JvdXAgU2NvcGU9InVybjpkazpnb3Y6c2FtbDpjdnJOdW1iZXJJZGVudGlmaWVyOjEyMzQ1Njc4Ij48UHJpdmlsZWdlPmh0dHA6Ly9mYXZyc2tvdi5kay9yb2xlcy9qb2Jyb2xlL0tPTUJJVF8yLzE8L1ByaXZpbGVnZT48L1ByaXZpbGVnZUdyb3VwPjwvYnBwOlByaXZpbGVnZUxpc3Q+",
  "roleMap" : {
    "http://favrskov.dk/roles/jobrole/KOMBIT_2/1" : "KOMBIT System role 2 (KOMBIT System)"
  }
}

Get Roles as a list

This operation will generate a list of userroles and systemroles assigned to the user for a given it-system.

Path Parameters

Table 2. /api/user/{userid}/rolesAsList
Parameter	Description
`userid`	The users userid (fx: bbog)

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Request Parameters

Parameter Description

Parameter	Description
`system`	The identifier of the it-system (fx: SAPA) - if not supplied, all roles for all it-systems are returned

system

The identifier of the it-system (fx: SAPA) - if not supplied, all roles for all it-systems are returned

Response Fields

Path Type Description

Path	Type	Description
`userRoles`	`Array`	List of userroles assigned to the user
`dataRoles`	`Array`	List of dataroles assigned to the user
`functionRoles`	`Array`	List of functionroles assigned to the user
`systemRoles`	`Array`	List of systemroles derived from the list of other roles
`nameID`	`String`	Subject NameID in X.509 format
`roleMap`	`Object`	Map with id/name of roles in oioBPP structure

userRoles

Array

List of userroles assigned to the user

dataRoles

Array

List of dataroles assigned to the user

functionRoles

Array

List of functionroles assigned to the user

systemRoles

Array

List of systemroles derived from the list of other roles

nameID

String

Subject NameID in X.509 format

roleMap

Object

Map with id/name of roles in oioBPP structure

Example request

GET /api/user/bbog/rolesAsList?system=KOMBIT HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 324

{
  "nameID" : "C=DK,O=12345678,CN=Bente Børgesen,Serial=93171e0a-7b1a-4642-8611-d5c8cae73a29",
  "userRoles" : [ "KOMBIT_2" ],
  "systemRoles" : [ "http://kombit.dk/roles/usersystemrole/se_sag/1" ],
  "dataRoles" : [ ],
  "functionRoles" : [ ],
  "roleMap" : {
    "KOMBIT_2" : "KOMBIT System role 2 (KOMBIT System)"
  }
}

Get Subject/NameID

This operation will generate a KOMBIT compliant Subject/NameID field

Path Parameters

Table 3. /api/user/{userid}/nameid
Parameter	Description
`userid`	The users userid (fx: bbog)

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`nameID`	`String`	Subject NameID in X.509 format

nameID

String

Subject NameID in X.509 format

Example request

GET /api/user/bbog/nameid HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 97

{
  "nameID" : "C=DK,O=12345678,CN=Bente Børgesen,Serial=93171e0a-7b1a-4642-8611-d5c8cae73a29"
}

Titles API

This API is used to manage the Titles available in OS2rollekatalog organisation data.

Required Role

All the operations in the Title API are available to any clients that has at least the "Organisation" role assigned to them.

List all titles

This operation returns a list of all titles currently loaded into the system

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].uuid`	`String`	Unique ID for the title
`[].name`	`String`	Name of title

[].uuid

String

Unique ID for the title

[].name

String

Name of title

Example request

GET /api/title HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 160

[ {
  "uuid" : "077f9a00-05d4-4dd7-8fb1-ae6c8571366b",
  "name" : "Title One"
}, {
  "uuid" : "8bf2118e-23a2-4821-a0e6-1a171841d3d2",
  "name" : "Title Two"
} ]

Update all titles

This operation is used for updating the list of titles loaded into the system

Request Body

Path Type Description

Path	Type	Description
`[].uuid`	`String`	Unique ID for the title
`[].name`	`String`	Name of title

[].uuid

String

Unique ID for the title

[].name

String

Name of title

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Example request

POST /api/title HTTP/1.1
Content-Type: application/json
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Content-Length: 241
Host: www.rollekatalog.dk

[ {
  "uuid" : "221db307-6d5a-4d9b-9926-f4167196f6e9",
  "name" : "Title One"
}, {
  "uuid" : "8189e13a-29a4-4a78-9988-d7de4671bf2f",
  "name" : "Title Two"
}, {
  "uuid" : "91459137-0d33-430f-ae5d-b57874ae3f69",
  "name" : "Title Three"
} ]

ItSystem API

Required Role

All the operations in the ItSystem API are available to any clients that has at least the "Rolleadministration" role assigned to them.

List all it-systems

This operation returns a list of all it-systems that can be managed through the API

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	Unique ID for the it-system
`[].name`	`String`	Name of the it-system
`[].identifier`	`String`	Technical ID key for the it-system (not always unique)

[].id

String

Unique ID for the it-system

[].name

String

Name of the it-system

[].identifier

String

Technical ID key for the it-system (not always unique)

Example request

GET /api/itsystem/manage HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 58

[ {
  "id" : 5,
  "name" : "AD",
  "identifier" : "AD"
} ]

Read details of one it-system

This operation returns details about a given it-system that can be managed through the API

Path Parameters

Table 4. /api/itsystem/manage/{id}
Parameter	Description
`id`	The id of the it-system

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`id`	`String`	Unique ID for the it-system
`name`	`String`	Name of the it-system
`readonly`	`Boolean`	Indicating if the system can only be read, and not written to
`identifier`	`String`	Technical ID key for the it-system (not always unique)
`convertRolesEnabled`	`Boolean`	Can safely be ignored when READING the it-system data
`systemRoles[]`	`Array`	Array of systemroles currently on it-system
`systemRoles[].name`	`String`	Name of systemrole
`systemRoles[].identifier`	`String`	Unique identifier of systemrole
`systemRoles[].description`	`String`	Description of systemrole
`systemRoles[].users`	`Null`	Users with this assignment
`userRoles[]`	`Array`	Array of userroles currently on it-system
`userRoles[].id`	`Number`	ID of userRole
`userRoles[].name`	`String`	Name of userole
`userRoles[].identifier`	`String`	Unique identifier of userrole

id

String

Unique ID for the it-system

name

String

Name of the it-system

readonly

Boolean

Indicating if the system can only be read, and not written to

identifier

String

Technical ID key for the it-system (not always unique)

convertRolesEnabled

Boolean

Can safely be ignored when READING the it-system data

systemRoles[]

Array

Array of systemroles currently on it-system

systemRoles[].name

String

Name of systemrole

systemRoles[].identifier

String

Unique identifier of systemrole

systemRoles[].description

String

Description of systemrole

systemRoles[].users

Null

Users with this assignment

userRoles[]

Array

Array of userroles currently on it-system

userRoles[].id

Number

ID of userRole

userRoles[].name

String

Name of userole

userRoles[].identifier

String

Unique identifier of userrole

Example request

GET /api/itsystem/manage/5 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1043

{
  "id" : 5,
  "identifier" : "AD",
  "systemRoles" : [ {
    "description" : "description...",
    "name" : "AD Group 1",
    "identifier" : "testgroup-001",
    "users" : null
  }, {
    "description" : "description...",
    "name" : "AD Group 2",
    "identifier" : "testgroup-002",
    "users" : null
  }, {
    "description" : "description...",
    "name" : "AD Group 3",
    "identifier" : "testgroup-003",
    "users" : null
  }, {
    "description" : "description...",
    "name" : "AD Group 4",
    "identifier" : "testgroup-004",
    "users" : null
  }, {
    "description" : "description...",
    "name" : "AD Group 5",
    "identifier" : "testgroup-005",
    "users" : null
  } ],
  "convertRolesEnabled" : false,
  "readonly" : false,
  "userRoles" : [ {
    "id" : 5,
    "name" : "AD role 1",
    "identifier" : "AD_1",
    "systemRoleAssignments" : null
  }, {
    "id" : 7,
    "name" : "new test role",
    "identifier" : "id-c9546407-7169-4c2b-a26d-53dfcd72d2a0",
    "systemRoleAssignments" : null
  } ],
  "name" : "AD"
}

Update one it-system

This operation is used for updating details about a given it-system that can be managed through the API

Path Parameters

Table 5. /api/itsystem/manage/{id}
Parameter	Description
`id`	The id of the it-system

Request Body

Path Type Description

Path	Type	Description
`name`	`String`	Name of the it-system
`identifier`	`String`	Technical ID key for the it-system (not always unique)
`systemRoles`	`Array`	rray of systemroles currently on it-system
`systemRoles[].name`	`String`	Name of systemrole
`systemRoles[].identifier`	`String`	Unique identifier of systemrole
`systemRoles[].description`	`String`	Description of systemrole

name

String

Name of the it-system

identifier

String

Technical ID key for the it-system (not always unique)

systemRoles

Array

rray of systemroles currently on it-system

systemRoles[].name

String

Name of systemrole

systemRoles[].identifier

String

Unique identifier of systemrole

systemRoles[].description

String

Description of systemrole

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Example request

POST /api/itsystem/manage/5 HTTP/1.1
Content-Type: application/json
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Content-Length: 273
Host: www.rollekatalog.dk

{
  "name" : "MyItSystem",
  "identifier" : "MY-IDENTIFIER",
  "systemRoles" : [ {
    "name" : "role1",
    "identifier" : "ROLE1",
    "description" : "description...."
  }, {
    "name" : "role2",
    "identifier" : "ROLE2",
    "description" : "description...."
  } ]
}

Read API

Required Role

All the operations in the Read API are available to any clients that has at least the "Læseadgang" role assigned to them.

Find all users with a given role

This operation will list all users that has been assigned a given role - as a query parameter is is possible to indicate if the lookup should return any kind of assignment (through position, orgunit or simply directly assigned), or if the output should only be directly assigned roles (this is the default behaviour)

Path Parameters

Table 6. /api/read/assigned/{id}
Parameter	Description
`id`	The ID of the role to search for

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Request Parameters

Parameter Description

Parameter	Description
`indirectRoles`	set this to true if the result should contain indirect role assignments (through rolegroups, positions and orgunits). Default is false.

indirectRoles

set this to true if the result should contain indirect role assignments (through rolegroups, positions and orgunits). Default is false.

Response Fields

Path Type Description

Path	Type	Description
`roleId`	`Number`	The id of the user role
`roleIdentifier`	`String`	The identifier of the user role
`roleName`	`String`	The name of the user role
`roleDescription`	`Null`	The description of the user role
`systemRoles[]`	`Array`	An array of system roles mapped to this user role
`systemRoles[].roleName`	`String`	The name of the system role
`systemRoles[].roleIdentifier`	`String`	The unique identifier of the system role
`systemRoles[].roleConstraintValues[]`	`Array`	An array of constraints applied to this system role mapping
`systemRoles[].roleConstraintValues[].constraintType`	`String`	The unique identifier for the constraint type
`systemRoles[].roleConstraintValues[].constraintValue`	`String`	The actual constraint value (contrains '* DYNAMIC *' for dynamically computed values)
`assignments[]`	`Array`	An array of role assignments for this user role
`assignments[].uuid`	`String`	The internal UUID of the user assigned the role
`assignments[].extUuid`	`String`	The external (KOMBIT) UUID of the user assigned the role
`assignments[].userId`	`String`	The userId of the user assigned the role
`assignments[].name`	`String`	The name of the user assigned the role
`assignments[].assignedThrough[]`	`Array`	An array of enums indicating how the user is assigned this role. Legal values are: DIRECTLY, ROLEGROUP, POSITION, POSITION_ROLEGROUP, ORGUNIT, ORGUNIT_ROLEGROUP

roleId

Number

The id of the user role

roleIdentifier

String

The identifier of the user role

roleName

String

The name of the user role

roleDescription

Null

The description of the user role

systemRoles[]

Array

An array of system roles mapped to this user role

systemRoles[].roleName

String

The name of the system role

systemRoles[].roleIdentifier

String

The unique identifier of the system role

systemRoles[].roleConstraintValues[]

Array

An array of constraints applied to this system role mapping

systemRoles[].roleConstraintValues[].constraintType

String

The unique identifier for the constraint type

systemRoles[].roleConstraintValues[].constraintValue

String

The actual constraint value (contrains '* DYNAMIC *' for dynamically computed values)

assignments[]

Array

An array of role assignments for this user role

assignments[].uuid

String

The internal UUID of the user assigned the role

assignments[].extUuid

String

The external (KOMBIT) UUID of the user assigned the role

assignments[].userId

String

The userId of the user assigned the role

assignments[].name

String

The name of the user assigned the role

assignments[].assignedThrough[]

Array

An array of enums indicating how the user is assigned this role. Legal values are: DIRECTLY, ROLEGROUP, POSITION, POSITION_ROLEGROUP, ORGUNIT, ORGUNIT_ROLEGROUP

Example request

GET /api/read/assigned/6?indirectRoles=true HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 838

{
  "roleId" : 6,
  "roleIdentifier" : "KOMBIT_2",
  "roleName" : "KOMBIT System role 2",
  "roleDescription" : null,
  "systemRoles" : [ {
    "roleName" : "Se sag",
    "roleIdentifier" : "http://kombit.dk/roles/usersystemrole/se_sag/1",
    "roleConstraintValues" : [ {
      "constraintType" : "https://sts.kombit.dk/constraints/itsystem/1",
      "constraintValue" : "27.18.00"
    } ]
  } ],
  "assignments" : [ {
    "uuid" : "0cf31746-1884-4589-ab6e-79d1f16346ba",
    "extUuid" : "34752f16-96c5-4675-97f6-1901c33b2f06",
    "userId" : "user1",
    "name" : "Justin McCase",
    "assignedThrough" : [ "DIRECT" ]
  }, {
    "uuid" : "6a5bc5dd-335e-41dd-8e24-2370f7b28154",
    "extUuid" : "93171e0a-7b1a-4642-8611-d5c8cae73a29",
    "userId" : "bbog",
    "name" : "Bente Børgesen",
    "assignedThrough" : [ "ROLEGROUP" ]
  } ]
}

Find all users that has roles from a given itsystem

This operation will list all users that has been assigned roles from a given itsystem - as a query parameter is is possible to indicate if the lookup should return any kind of assignment (through position, orgunit or simply directly assigned), or if the output should only be directly assigned roles (this is the default behaviour)

Path Parameters

Table 7. /api/read/itsystem/{identifier}
Parameter	Description
`identifier`	The identifier of the it-system to lookup role assignments for

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Request Parameters

Parameter Description

Parameter	Description
`indirectRoles`	set this to true if the result should contain indirect role assignments (through rolegroups, positions and orgunits). Default is false.

indirectRoles

set this to true if the result should contain indirect role assignments (through rolegroups, positions and orgunits). Default is false.

Response Fields

Path Type Description

Path	Type	Description
`[]roleId`	`Number`	The id of the user role
`[]roleIdentifier`	`String`	The identifier of the user role
`[]roleName`	`String`	The name of the user role
`[]roleDescription`	`Null`	The description of the user role
`[]systemRoles[]`	`Array`	An array of system roles mapped to this user role
`[]systemRoles[].roleName`	`String`	The name of the system role
`[]systemRoles[].roleIdentifier`	`String`	The unique identifier of the system role
`[]systemRoles[].roleConstraintValues[]`	`Array`	An array of constraints applied to this system role mapping
`[]systemRoles[].roleConstraintValues[].constraintType`	`String`	The unique identifier for the constraint type
`[]systemRoles[].roleConstraintValues[].constraintValue`	`String`	The actual constraint value (contrains '* DYNAMIC *' for dynamically computed values)
`[]assignments[]`	`Array`	An array of role assignments for this user role
`[]assignments[].uuid`	`String`	The internal UUID of the user assigned the role
`[]assignments[].extUuid`	`String`	The external (KOMBIT) UUID of the user assigned the role
`[]assignments[].userId`	`String`	The userId of the user assigned the role
`[]assignments[].name`	`String`	The name of the user assigned the role
`[]assignments[].assignedThrough[]`	`Array`	An array of enums indicating how the user is assigned this role. Legal values are: DIRECTLY, ROLEGROUP, POSITION, POSITION_ROLEGROUP, ORGUNIT, ORGUNIT_ROLEGROUP

[]roleId

Number

The id of the user role

[]roleIdentifier

String

The identifier of the user role

[]roleName

String

The name of the user role

[]roleDescription

Null

The description of the user role

[]systemRoles[]

Array

An array of system roles mapped to this user role

[]systemRoles[].roleName

String

The name of the system role

[]systemRoles[].roleIdentifier

String

The unique identifier of the system role

[]systemRoles[].roleConstraintValues[]

Array

An array of constraints applied to this system role mapping

[]systemRoles[].roleConstraintValues[].constraintType

String

The unique identifier for the constraint type

[]systemRoles[].roleConstraintValues[].constraintValue

String

The actual constraint value (contrains '* DYNAMIC *' for dynamically computed values)

[]assignments[]

Array

An array of role assignments for this user role

[]assignments[].uuid

String

The internal UUID of the user assigned the role

[]assignments[].extUuid

String

The external (KOMBIT) UUID of the user assigned the role

[]assignments[].userId

String

The userId of the user assigned the role

[]assignments[].name

String

The name of the user assigned the role

[]assignments[].assignedThrough[]

Array

An array of enums indicating how the user is assigned this role. Legal values are: DIRECTLY, ROLEGROUP, POSITION, POSITION_ROLEGROUP, ORGUNIT, ORGUNIT_ROLEGROUP

Example request

GET /api/read/itsystem/KOMBIT?indirectRoles=true HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 842

[ {
  "roleId" : 6,
  "roleIdentifier" : "KOMBIT_2",
  "roleName" : "KOMBIT System role 2",
  "roleDescription" : null,
  "systemRoles" : [ {
    "roleName" : "Se sag",
    "roleIdentifier" : "http://kombit.dk/roles/usersystemrole/se_sag/1",
    "roleConstraintValues" : [ {
      "constraintType" : "https://sts.kombit.dk/constraints/itsystem/1",
      "constraintValue" : "27.18.00"
    } ]
  } ],
  "assignments" : [ {
    "uuid" : "0cf31746-1884-4589-ab6e-79d1f16346ba",
    "extUuid" : "34752f16-96c5-4675-97f6-1901c33b2f06",
    "userId" : "user1",
    "name" : "Justin McCase",
    "assignedThrough" : [ "DIRECT" ]
  }, {
    "uuid" : "6a5bc5dd-335e-41dd-8e24-2370f7b28154",
    "extUuid" : "93171e0a-7b1a-4642-8611-d5c8cae73a29",
    "userId" : "bbog",
    "name" : "Bente Børgesen",
    "assignedThrough" : [ "ROLEGROUP" ]
  } ]
} ]

Read roles assigned to OrgUnit

This operation will list all roles that have been assigned to a given OrgUnit

Path Parameters

Table 8. /api/read/ous/{uuid}/roles
Parameter	Description
`uuid`	The UUID of the OrgUnit

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	The id of the role
`[].name`	`String`	The name of the role
`[].itSystemName`	`String`	The name of the itsystem the role belongs to

[].id

String

The id of the role

[].name

String

The name of the role

[].itSystemName

String

The name of the itsystem the role belongs to

Example request

GET /api/read/ous/46f0ca41-72ad-4dd6-b81b-3c14c562f363/roles HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 156

[ {
  "id" : 3,
  "name" : "Læseadgang",
  "itSystemName" : "Rollekatalog"
}, {
  "id" : 3,
  "name" : "Læseadgang",
  "itSystemName" : "Rollekatalog"
} ]

Read rolegroups assigned to OrgUnit

This operation will list all rolegroups that have been assigned to a given OrgUnit

Path Parameters

Table 9. /api/read/ous/{uuid}/rolegroups
Parameter	Description
`uuid`	The UUID of the OrgUnit

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	The id of the rolegroup
`[].name`	`String`	The name of the rolegroup

[].id

String

The id of the rolegroup

[].name

String

The name of the rolegroup

Example request

GET /api/read/ous/46f0ca41-72ad-4dd6-b81b-3c14c562f363/rolegroups HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 45

[ {
  "id" : 1,
  "name" : "My rolegroup"
} ]

Read roles assigned to user

This operation will list all roles that have been assigned (directly) to a given user

Path Parameters

Table 10. /api/read/user/{uuid}/roles
Parameter	Description
`uuid`	The UUID of the user

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	The id of the role
`[].name`	`String`	The name of the role
`[].itSystemName`	`String`	The IT System that the role belongs to

[].id

String

The id of the role

[].name

String

The name of the role

[].itSystemName

String

The IT System that the role belongs to

Example request

GET /api/read/user/6a5bc5dd-335e-41dd-8e24-2370f7b28154/roles HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 79

[ {
  "id" : 3,
  "name" : "Læseadgang",
  "itSystemName" : "Rollekatalog"
} ]

Read rolegroups assigned to user

This operation will list all rolegroups that have been assigned (directly) to a given user

Path Parameters

Table 11. /api/read/user/{uuid}/rolegroups
Parameter	Description
`uuid`	The UUID of the user

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	The id of the rolegroup
`[].name`	`String`	The name of the rolegroup

[].id

String

The id of the rolegroup

[].name

String

The name of the rolegroup

Example request

GET /api/read/user/6a5bc5dd-335e-41dd-8e24-2370f7b28154/rolegroups HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 45

[ {
  "id" : 1,
  "name" : "My rolegroup"
} ]

List all roles

This operation will list all userroles in the role catalogue

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	The id of the role
`[].name`	`String`	The name of the role
`[].itSystemName`	`String`	The IT System that the role belongs to

[].id

String

The id of the role

[].name

String

The name of the role

[].itSystemName

String

The IT System that the role belongs to

Example request

GET /api/read/userroles HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 541

[ {
  "id" : 1,
  "name" : "Administrator",
  "itSystemName" : "Rollekatalog"
}, {
  "id" : 2,
  "name" : "Rolletildeler",
  "itSystemName" : "Rollekatalog"
}, {
  "id" : 3,
  "name" : "Læseadgang",
  "itSystemName" : "Rollekatalog"
}, {
  "id" : 4,
  "name" : "KLE Administrator",
  "itSystemName" : "Rollekatalog"
}, {
  "id" : 5,
  "name" : "AD role 1",
  "itSystemName" : "AD"
}, {
  "id" : 6,
  "name" : "KOMBIT System role 2",
  "itSystemName" : "KOMBIT System"
}, {
  "id" : 7,
  "name" : "new test role",
  "itSystemName" : "AD"
} ]

Read one role

This operation will read a given role

Path Parameters

Table 12. /api/read/userroles/{id}
Parameter	Description
`id`	The role id

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`identifier`	`String`	The id of the role
`name`	`String`	The name of the role
`id`	`String`	The ID of the role
`systemRoleAssignments`	`Array`	The systemroles assigned to this role
`systemRoleAssignments[].systemRole`	`Object`	The actual system role
`systemRoleAssignments[].systemRole.users`	`Null`	assignments to users
`systemRoleAssignments[].systemRole.name`	`String`	The name of the system role
`systemRoleAssignments[].systemRole.identifier`	`String`	The identifier of the system role
`systemRoleAssignments[].systemRole.description`	`String`	The description of the system role
`systemRoleAssignments[].constraintValues`	`Array`	Constraint values applied to this assignment

identifier

String

The id of the role

name

String

The name of the role

id

String

The ID of the role

systemRoleAssignments

Array

The systemroles assigned to this role

systemRoleAssignments[].systemRole

Object

The actual system role

systemRoleAssignments[].systemRole.users

Null

assignments to users

systemRoleAssignments[].systemRole.name

String

The name of the system role

systemRoleAssignments[].systemRole.identifier

String

The identifier of the system role

systemRoleAssignments[].systemRole.description

String

The description of the system role

systemRoleAssignments[].constraintValues

Array

Constraint values applied to this assignment

Example request

GET /api/read/userroles/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 378

{
  "id" : 1,
  "name" : "Administrator",
  "identifier" : "administrator",
  "systemRoleAssignments" : [ {
    "systemRole" : {
      "description" : "Denne rolle giver adgang til alt funktionaliteten i Rollekataloget",
      "name" : "Administrator",
      "identifier" : "http://rollekatalog.dk/administrator",
      "users" : null
    },
    "constraintValues" : [ ]
  } ]
}

List all rolegroups

This operation will list all rolegroups in the role catalogue

Request Headers

Name Description

Name	Description
`ApiKey`	Secret key required to call API

ApiKey

Secret key required to call API

Response Fields

Path Type Description

Path	Type	Description
`[].id`	`String`	The id of the rolegroup
`[].name`	`String`	The name of the rolegroup

[].id

String

The id of the rolegroup

[].name

String

The name of the rolegroup

Example request

GET /api/read/rolegroups HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 90

[ {
  "id" : 1,
  "name" : "My rolegroup"
}, {
  "id" : 2,
  "name" : "Test rolegroup"
} ]

Read one rolegroup

This operation will read a given rolegroup

Path Parameters

Table 13. /api/read/rolegroups/{id}
Parameter	Description
`id`	The id of the rolegrou

Request Headers

Name Description

ApiKey

Secret key required to call API

Response Fields

Path Type Description

id

String

The id of the rolegroup

name

String

The name of the rolegroup

roles

Array

The roles assigned to this rolegroup

roles[].id

Number

The id of the user role

roles[].name

String

The name of the user role

roles[].itSystemName

String

The IT System that the role belongs to

Example request

GET /api/read/rolegroups/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 225

{
  "id" : 1,
  "name" : "My rolegroup",
  "roles" : [ {
    "id" : 5,
    "name" : "AD role 1",
    "itSystemName" : "AD"
  }, {
    "id" : 6,
    "name" : "KOMBIT System role 2",
    "itSystemName" : "KOMBIT System"
  } ]
}

Role Assignment API

Required Role

All the operations in the Role Assignment API are available to any clients that has at least the "Rolleadministration" role assigned to them.

Assign role to user

This operation will assign a given role directly to a user

Path Parameters

Table 14. /api/user/{userUuid}/assign/userrole/{userRoleId}
Parameter	Description
`userUuid`	The user UUID or UserId
`userRoleId`	The role id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

PUT /api/user/93171e0a-7b1a-4642-8611-d5c8cae73a29/assign/userrole/3 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Remove role from user

This operation will remove a given role from a user

Path Parameters

Table 15. /api/user/{userUuid}/deassign/userrole/{userRoleId}
Parameter	Description
`userUuid`	The user UUID or UserId
`userRoleId`	The role id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

DELETE /api/user/93171e0a-7b1a-4642-8611-d5c8cae73a29/deassign/userrole/3 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Assign rolegroup to user

This operation will assign a rolegroup directly to a user

Path Parameters

Table 16. /api/user/{userUuid}/assign/rolegroup/{roleGroupId}
Parameter	Description
`userUuid`	The user UUID or UserId
`roleGroupId`	The rolegroup id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

PUT /api/user/93171e0a-7b1a-4642-8611-d5c8cae73a29/assign/rolegroup/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Remove rolegroup from user

This operation will remove a rolegroup from a user

Path Parameters

Table 17. /api/user/{userUuid}/deassign/rolegroup/{roleGroupId}
Parameter	Description
`userUuid`	The user UUID or UserId
`roleGroupId`	The rolegroup id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

DELETE /api/user/93171e0a-7b1a-4642-8611-d5c8cae73a29/deassign/rolegroup/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Assign role to OrgUnit

This operation will assign a role directly to an OrgUnit (and thus to all users with a position in that OrgUnit)

Path Parameters

Table 18. /api/ou/{ouUuid}/assign/userrole/{userRoleId}
Parameter	Description
`ouUuid`	The Organisational Unit UUID
`userRoleId`	The role id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

PUT /api/ou/46f0ca41-72ad-4dd6-b81b-3c14c562f363/assign/userrole/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Remove role from OrgUnit

This operation will remove a role from an OrgUnit

Path Parameters

Table 19. /api/ou/{ouUuid}/deassign/userrole/{userRoleId}
Parameter	Description
`ouUuid`	The Organisational Unit UUID
`userRoleId`	The role id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

DELETE /api/ou/46f0ca41-72ad-4dd6-b81b-3c14c562f363/deassign/userrole/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Assign rolegroup to OrgUnit

This operation will assign a rolegroup to an OrgUnit (and thus to all users that has a position in that OrgUnit)

Path Parameters

Table 20. /api/ou/{ouUuid}/assign/rolegroup/{roleGroupId}
Parameter	Description
`ouUuid`	The Organisational Unit UUID
`roleGroupId`	The rolegroup id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

PUT /api/ou/46f0ca41-72ad-4dd6-b81b-3c14c562f363/assign/rolegroup/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Remove rolegroup from OrgUnit

This operation will remove a rolegroup from an OrgUnit

Path Parameters

Table 21. /api/ou/{ouUuid}/deassign/rolegroup/{roleGroupId}
Parameter	Description
`ouUuid`	The Organisational Unit UUID
`roleGroupId`	The rolegroup id

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

DELETE /api/ou/46f0ca41-72ad-4dd6-b81b-3c14c562f363/deassign/rolegroup/1 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Organisation Management API

Required Role

All the operations in the Organisation API are available to any clients that has at least the "Organisation" role assigned to them.

Load Organisation V3

This operation will load a full organisation, overwriting the existing organisation in the Role Catalogue.

Request Body

Path Type Description

users

Array

The list of employees to import

users[].extUuid

String

The unique identifier of the employee

users[].userId

String

The user-id of the employee (e.g. SAMAccountName from AD)

users[].name

String

The full name of the employee

users[].email

String

The email address of the employee

users[].cpr

String

The CPR of the employee

users[].disabled

Boolean

Set to 'true' if this user is disabled in Active Directory

users[].doNotInherit

Boolean

Set to 'true' if this user cannot inherit roles and kle assignments from OrgUnits

users[].klePerforming

Array

The list of 'performing' KLEs assigned directly to the user

users[].kleInterest

Array

The list of 'interest' KLEs assigned directly to the user

users[].positions

Array

The list of positions the employee holds in the organisation

users[].positions[].orgUnitUuid

String

The unique identifier of the orgUnit that the employee holds a position in

users[].positions[].name

String

The title of the position that the employee holds in this OrgUnit

users[].positions[].titleUuid

String

Optional value - references the title of this position by its uuid (requires that the Title API is also used)

orgUnits

Array

The list of orgUnits to import

orgUnits[].uuid

String

The unique identifier org the OrgUnit

orgUnits[].name

String

The name of the OrgUnit

orgUnits[].parentOrgUnitUuid

String

The unique identifier of the OrgUnit above this one in the hierarchy

orgUnits[].klePerforming

Array

The list of 'performing' KLEs assigned to the OrgUnit

orgUnits[].kleInterest

Array

The list of 'interest' KLEs assigned to the OrgUnit

orgUnits[].manager

Object

The reference to the manager for this OrgUnit

orgUnits[].manager.uuid

String

Reference extUuid on User

orgUnits[].manager.userId

String

Reference to userId on User

Request Headers

Name Description

ApiKey

Secret key required to call API

Example request

POST /api/organisation/v3 HTTP/1.1
Content-Type: application/json
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Content-Length: 2828
Host: www.rollekatalog.dk

{
  "orgUnits" : [ {
    "uuid" : "8c651eb0-9aef-42e2-ac41-8678f53ad00e",
    "manager" : {
      "uuid" : "0ce7368b-6712-4c00-a59b-74469f14b8ea",
      "userId" : "jjup"
    },
    "name" : "Hørning Kommune",
    "parentOrgUnitUuid" : null,
    "klePerforming" : [ "27.18.00", "05.04" ],
    "kleInterest" : [ "02.00" ]
  }, {
    "uuid" : "4db46fa6-ce98-497a-a04a-cfb6f3748a06",
    "manager" : {
      "uuid" : "0ce7368b-6712-4c00-a59b-74469f14b8ea",
      "userId" : "jjup"
    },
    "name" : "Børn og skole",
    "parentOrgUnitUuid" : "8c651eb0-9aef-42e2-ac41-8678f53ad00e",
    "klePerforming" : [ "27.18.00", "05.04" ],
    "kleInterest" : [ "02.00" ]
  }, {
    "uuid" : "99de9db7-5c00-4c70-bf85-85289e69ad47",
    "manager" : {
      "uuid" : "0ce7368b-6712-4c00-a59b-74469f14b8ea",
      "userId" : "jjup"
    },
    "name" : "Bakkeskolen",
    "parentOrgUnitUuid" : "4db46fa6-ce98-497a-a04a-cfb6f3748a06",
    "klePerforming" : [ "27.18.00", "05.04" ],
    "kleInterest" : [ "02.00" ]
  }, {
    "uuid" : "d906819c-d4ba-4cda-9f80-1322765ee891",
    "manager" : {
      "uuid" : "0ce7368b-6712-4c00-a59b-74469f14b8ea",
      "userId" : "jjup"
    },
    "name" : "Aaskolen",
    "parentOrgUnitUuid" : "4db46fa6-ce98-497a-a04a-cfb6f3748a06",
    "klePerforming" : [ "27.18.00", "05.04" ],
    "kleInterest" : [ "02.00" ]
  } ],
  "users" : [ {
    "extUuid" : "1d623c72-bfd5-4fd1-aee1-6c9a740b8f7f",
    "userId" : "vmort",
    "name" : "Viggo Mortensen",
    "cpr" : "0102300405",
    "email" : "viggo@kommune.dk",
    "positions" : [ {
      "name" : "Borgmester",
      "orgUnitUuid" : "8c651eb0-9aef-42e2-ac41-8678f53ad00e",
      "titleUuid" : "eb6fdd3d-d680-43ec-8c12-f2f9bc94df98"
    } ],
    "klePerforming" : [ "02.00" ],
    "kleInterest" : [ "27.18.00", "05.04" ]
  }, {
    "extUuid" : "453ed208-2ed1-4739-8d79-1199082193b5",
    "userId" : "bbog",
    "email" : "bente@kommune.dk",
    "name" : "Bente Bogmærke",
    "positions" : [ {
      "name" : "Bogholder",
      "orgUnitUuid" : "4db46fa6-ce98-497a-a04a-cfb6f3748a06",
      "titleUuid" : "62120557-84a3-4c2a-8ba0-39703e8eefca"
    } ],
    "klePerforming" : [ "02.00" ],
    "kleInterest" : [ "27.18.00", "05.04" ]
  }, {
    "extUuid" : "0ce7368b-6712-4c00-a59b-74469f14b8ea",
    "userId" : "jjup",
    "disabled" : true,
    "email" : "jannie@kommune.dk",
    "name" : "Jannie Jupiter",
    "doNotInherit" : true,
    "positions" : [ {
      "name" : "HR Konsulent",
      "orgUnitUuid" : "99de9db7-5c00-4c70-bf85-85289e69ad47",
      "titleUuid" : "62120557-84a3-4c2a-8ba0-39703e8eefca"
    }, {
      "name" : "Læreinde",
      "orgUnitUuid" : "d906819c-d4ba-4cda-9f80-1322765ee891",
      "titleUuid" : "eb6fdd3d-d680-43ec-8c12-f2f9bc94df98"
    } ],
    "klePerforming" : [ "02.00" ],
    "kleInterest" : [ "27.18.00", "05.04" ]
  } ]
}

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 98

{"usersCreated":3,"usersUpdated":0,"usersDeleted":7,"ousCreated":4,"ousUpdated":0,"ousDeleted":11}

AD Sync API

The following operations are intended for Active Directory Group Membership synchronization, where a local client uses the API to update Active Directory.

Required Role

All the operations in the AD Sync API are available to any clients that has at least the "Læseadgang" role assigned to them.

Get group membership changes

This operation will return a list of group memberships that have changed since last sync

Request Headers

Name Description

ApiKey

Secret key required to call API

Response Fields

Path Type Description

head

Integer

sync-control value (used for cleanup)

maxHead

Integer

sync-control value (used to indicate max ID of all pending operations, including those not available in output)

assignments[]

Array

An array of AD groups that have changes in assignments

assignments[].groupName

String

the name of the AD group

assignments[].samaccountNames

Array of String

sAMAccountNames of the users within this AD group

Example request

GET /api/ad/v2/sync HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 132

{
  "head" : 3,
  "maxHead" : 3,
  "assignments" : [ {
    "groupName" : "testgroup-001",
    "samaccountNames" : [ "bbog" ]
  } ]
}

Flag changes as dealt with

This operation is called after "Get group membership changes", to indicate that the Active Director is now updated. The output from that operation (the head parameter) is used as input to this operation.

Request Headers

Name Description

ApiKey

Secret key required to call API

Path Parameters

Table 22. /api/ad/v2/sync/{head}
Parameter	Description
`head`	The value of "head" given by the output from /api/ad/sync

Example request

DELETE /api/ad/v2/sync/2 HTTP/1.1
ApiKey: f7d8ea9e-53fe-4948-b600-fbc94d4eb0fb
Host: www.rollekatalog.dk

Example response

HTTP/1.1 200 OK

Role Catalogue API Guide