Skip to content

Managing Claims with APIs

The Claim Management component of WSO2 Carbon allows you to map a set of attributes from the underlying user store to a set of defined claims. This section guides you through invoking and working with the ClaimMetadataManagementService and the operations you can work within this service.

Invoking the admin service

The ClaimMetadataManagementService is an admin service of the WSO2 Carbon platform. As admin services are secured to prevent anonymous invocations, you cannot view the WSDL of the admin service by default. Follow the steps given below to view and invoke the admin service:

  1. Open the deployment.toml file in the <IS_HOME>/repository/conf directory and set the admin_service.wsdl element to false.

    [admin_service.wsdl]
    enable = false
  2. Restart WSO2 Identity Server.

  3. If you started WSO2 Identity Server using the default configurations, copy the following URL to your browser to see the WSDL of the admin service:

    https://localhost:9443/services/ClaimMetadataManagementService?wsdl

    Tip

    The default hostname of WSO2 Identity Server is localhost. If you are using a different hostname, make sure to replace localhost with the new hostname.

    Info

    For more information on WSO2 admin services and how to invoke an admin service using either SoapUI or any other client program, see Calling Admin Services.

API operations

The following operations are available in ClaimMetadataManagementService.

addClaimDialect ()

Description This operation adds a new claim dialect.
Input Parameters
  • claimDialectURI: This is the URI that defines the new claim dialect.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://api.user.carbon.wso2.org/xsd">
<soapenv:Header/>
   <soapenv:Body>
      <xsd:addClaimDialect>
         <!--Optional:-->
         <xsd:claimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>new dialect</xsd1:claimDialectURI>
         </xsd:claimDialect>
      </xsd:addClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
  <ns:addClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
     <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
  </ns:addClaimDialectResponse>
</soapenv:Body>
</soapenv:Envelope>

getClaimDialects()

Description This operation lists out all the claim dialects which are used.
Input Parameters None
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getClaimDialects/>
   </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getClaimDialectsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>http://wso2.org/claims</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>http://schemas.xmlsoap.org/ws/2005/05/identity</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>urn:scim:schemas:core:1.0</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:core:2.0:User</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>http://wso2.org/oidc/claim</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:core:2.0</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>http://schema.openid.net/2007/05/claims</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>http://axschema.org</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User</ax2336:claimDialectURI>
       </ns:return>
       <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:claimDialectURI>http://abc.org/claims</ax2336:claimDialectURI>
       </ns:return>
    </ns:getClaimDialectsResponse>
 </soapenv:Body>
</soapenv:Envelope>

addExternalClaim()

Description This operation adds a new external claim.
Input Parameters
  • externalClaimDialectURI: This is the URI that defines the external claim dialect.
  • externalClaimUR: This is the URI of the external claim.
  • mappedLocalClaimURI: This is the URI of the mapped claim.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:addExternalClaim>
       <!--Optional:-->
       <xsd:externalClaim>
          <!--Optional:-->
          <xsd1:externalClaimDialectURI>external cliam dialect</xsd1:externalClaimDialectURI>
          <!--Optional:-->
          <xsd1:externalClaimURI>external claim uri</xsd1:externalClaimURI>
          <!--Optional:-->
          <xsd1:mappedLocalClaimURI>mapped local claim</xsd1:mappedLocalClaimURI>
       </xsd:externalClaim>
    </xsd:addExternalClaim>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:addExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:addExternalClaimResponse>
 </soapenv:Body>
</soapenv:Envelope>

addLocalClaim()

Description This operation adds a new local claim.
Input Parameters
  • attributeName: This is the attribute name.
  • userStoreDomain: This is the user-store domain of the attribute.
  • propertyName: This is the name of the property.
  • propertyValue: This is the value of the property.
  • localClaimURI: This is the URI of the local claim.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:addLocalClaim>
       <!--Optional:-->
       <xsd:localClaim>
          <!--Zero or more repetitions:-->
          <xsd1:attributeMappings>
             <!--Optional:-->
             <xsd1:attributeName>email</xsd1:attributeName>
             <!--Optional:-->
             <xsd1:userStoreDomain>primary</xsd1:userStoreDomain>
          </xsd1:attributeMappings>
          <!--Zero or more repetitions:-->
          <xsd1:claimProperties>
             <!--Optional:-->
             <xsd1:propertyName>email</xsd1:propertyName>
             <!--Optional:-->
             <xsd1:propertyValue>www.sample@email.com</xsd1:propertyValue>
          </xsd1:claimProperties>
          <!--Optional:-->
          <xsd1:localClaimURI>http://abc.org/email</xsd1:localClaimURI>
       </xsd:localClaim>
    </xsd:addLocalClaim>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:addLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:addLocalClaimResponse>
 </soapenv:Body>
</soapenv:Envelope>

getExternalClaims()

Description This operation returns all the external claims.
Input Parameters
  • externalClaimDialectURI: This is the URI that defines the external claim dialect.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getExternalClaims>
       <!--Optional:-->
       <xsd:externalClaimDialectURI>external claim dialect uri</xsd:externalClaimDialectURI>
    </xsd:getExternalClaims>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getExternalClaimsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd"/>
 </soapenv:Body>
</soapenv:Envelope>

getLocalClaims()

Description This operation returns all the local claims available.
Input Parameters None
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getLocalClaims/>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getLocalClaimsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
       <ns:return xsi:type="ax2336:LocalClaimDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:attributeMappings xsi:type="ax2336:AttributeMappingDTO">
             <ax2336:attributeName>unlockTime</ax2336:attributeName>
             <ax2336:userStoreDomain>PRIMARY</ax2336:userStoreDomain>
          </ax2336:attributeMappings>
          <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO">
             <ax2336:propertyName>Description</ax2336:propertyName>
             <ax2336:propertyValue>Unlock Time</ax2336:propertyValue>
          </ax2336:claimProperties>
          <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO">
             <ax2336:propertyName&>gt;DisplayName</ax2336:propertyName>
             <ax2336:propertyValue>Unlock Time</ax2336:propertyValue>
          </ax2336:claimProperties>
          <ax2336:localClaimURI>http://wso2.org/claims/identity/unlockTime</ax2336:localClaimURI>
       </ns:return>
......
       <ns:return xsi:type="ax2336:LocalClaimDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2336:attributeMappings xsi:type="ax2336:AttributeMappingDTO">
             <ax2336:attributeName>email</ax2336:attributeName>
             <ax2336:userStoreDomain>PRIMARY</ax2336:userStoreDomain>
          </ax2336:attributeMappings>
          <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO">
             <ax2336:propertyName>email</ax2336:propertyName>
             <ax2336:propertyValue>www.sample@email.com</ax2336:propertyValue>
          </ax2336:claimProperties>
          <ax2336:localClaimURI>>http://abc.org/email<ax2336:localClaimURI>
       </ns:return>
    </ns:getLocalClaimsResponse>
 </soapenv:Body>
</soapenv:Envelope>

removeClaimDialect()

Description This operation removes an existing claim dialect.
Input Parameters
  • claimDialectURI: This is the URI that defines the deleting claim dialect.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:removeClaimDialect>
       <!--Optional:-->
       <xsd:claimDialect>
          <!--Optional:-->
          <xsd1:claimDialectURI>claim dialect uri</xsd1:claimDialectURI>
       </xsd:claimDialect>
    </xsd:removeClaimDialect>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:removeClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:removeClaimDialectResponse>
 </soapenv:Body>
</soapenv:Envelope>

removeExternalClaim()

Description This operation removes an existing external claim.
Input Parameters
  • externalClaimDialectURI: This is the URI that defines the external claim which need to be deleted.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:removeExternalClaim>
       <!--Optional:-->
       <xsd:externalClaimDialectURI>http://abc.org/email</xsd:externalClaimDialectURI>
       <!--Optional:-->
       <xsd:externalClaimURI>sample@email.com</xsd:externalClaimURI>
    </xsd:removeExternalClaim>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:removeExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:removeExternalClaimResponse>
 </soapenv:Body>
</soapenv:Envelope>

removeLocalClaim()

Description This operation removes an existing local claim.
Input Parameters
  • localClaimURI: This is the URI that defines the local claim.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:removeLocalClaim>
       <!--Optional:-->
       <xsd:localClaimURI>local claim uri</xsd:localClaimURI>
    </xsd:removeLocalClaim>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:removeLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:removeLocalClaimResponse>
 </soapenv:Body>
</soapenv:Envelope>

renameClaimDialect()

Description This operation renames an existing claim dialect.
Input Parameters
  • claimDialectURI: This is the URI that defines the claim dialect.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:renameClaimDialect>
       <!--Optional:-->
       <xsd:oldClaimDialect>
          <!--Optional:-->
          <xsd1:claimDialectURI>old claim dialect uri</xsd1:claimDialectURI>
       </xsd:oldClaimDialect>
       <!--Optional:-->
       <xsd:newClaimDialect>
          <!--Optional:-->
          <xsd1:claimDialectURI>new claim dialect uri</xsd1:claimDialectURI>
       </xsd:newClaimDialect>
    </xsd:renameClaimDialect>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:renameClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:renameClaimDialectResponse>
 </soapenv:Body>
</soapenv:Envelope>

updateExternalClaim()

Description This operation updates an external claim.
Input Parameters
  • externalClaimDialectURI: This is the URI that defines the external claim dialect.
  • externalClaimURI: This is the URI that defines the external claim.
  • mappedLocalClaimURI: This is the URI which defines the mapped local claim.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:updateExternalClaim>
       <!--Optional:-->
       <xsd:externalClaim>
          <!--Optional:-->
          <xsd1:externalClaimDialectURI>external claim dialect</xsd1:externalClaimDialectURI>
          <!--Optional:-->
          <xsd1:externalClaimURI>external claim uri</xsd1:externalClaimURI>
          <!--Optional:-->
          <xsd1:mappedLocalClaimURI>mapped local claim value</xsd1:mappedLocalClaimURI>
       </xsd:externalClaim>
    </xsd:updateExternalClaim>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:updateExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:updateExternalClaimResponse>
 </soapenv:Body>
</soapenv:Envelope>

updateLocalClaim()

Description This operation updates a local claim.
Input Parameters
  • attributeName: This is the attribute name.
  • userStoreDomain: This is the user-store domain.
  • propertyName: This is the property name.
  • propertyValue: This is the property value.
  • localClaimURI: This is The URI which defines the local claim.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:updateLocalClaim>
       <!--Optional:-->
       <xsd:localClaim>
          <!--Zero or more repetitions:-->
          <xsd1:attributeMappings>
             <!--Optional:-->
             <xsd1:attributeName>attribute name</xsd1:attributeName>
             <!--Optional:-->
             <xsd1:userStoreDomain>userstore domain</xsd1:userStoreDomain>
          </xsd1:attributeMappings>
          <!--Zero or more repetitions:-->
          <xsd1:claimProperties>
             <!--Optional:-->
             <xsd1:propertyName>property name</xsd1:propertyName>
             <!--Optional:-->
             <xsd1:propertyValue>property value</xsd1:propertyValue>
          </xsd1:claimProperties>
          <!--Optional:-->
          <xsd1:localClaimURI>local claim uri</xsd1:localClaimURI>
       </xsd:localClaim>
    </xsd:updateLocalClaim>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:updateLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:rupdateLocalClaimResponse>
 </soapenv:Body>
</soapenv:Envelope>
Top