The FIM Service Resource Endpoint
implements the WS-Transfer: Identity Management Operations for Directory
Access Extensions specification (WS-Transfer IMO) version of
the Put operation (see). The default endpoint address for
Put is
http://Localhost:5725/ResourceManagementService/Resource
.
Parameters
Action Header
Refer to the WS-Transfer IMO specification.
Reference Property Header
The Reference Property header used by the Resource Factory Endpoint can be used as a parameter for the Get operation. The same device is used as input to the Put operation to identify the object to which the Put operation is to be applied.
Type and Value Element
Put requests to the FIM Resource endpoint are required to identify the elements to be updated. Those elements must be identified in compliance with the WS-Transfer IMO specification using the Identity Attribute Type 1.0 dialect defined in the Identity Attribute Type 1.0 dialect specification.
Change Operation
As an extension to the WS-Transfer IMO specification, the add and delete operations are only supported for inserting and removing values from multi-value attributes. The replace operation is only supported for setting values on single-value attributes. Specifying the incorrect operation will result in an InvalidOperation SOAP Fault.
Return Values
Action Header
Refer to the WS-Transfer IMO specification.
Resource Transfer Header
Refer to the WS-Transfer IMO specification.
Examples
A sample invocation of the Put operation is
shown in the following sample. The text in bold indicates what
would be specific to the FIM extension of the WS-Transfer
specification: the address of the service, the use of the
<ResourceReferenceProperty>
element as the
reference property, the names and values for object properties, and
the addition to the Identity Attribute Type 1.0 dialect for
identifying objects to be removed from collections.
Sample invocation of the Put operation to add members to a Group
Copy Code | |
---|---|
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:rm="http://schemas.microsoft.com/2006/11/ResourceManagement"> xmlns:da="http://schemas.microsoft.com/2006/11/IdentityManagementService/DirectoryAccess"> <s:Header> <wsa:ReplyTo> <wsa:Address> http://www.woodgrovebank.com/sender </wsa:Address> </wsa:ReplyTo> <wsa:To> http://www.woodgrovebank.com:5725/IdentityManagementService/Resource </wsa:To> <rm:ResourceReferenceProperty> 03CED96B-BE01-4C18-95A5-FCD2FAA09C25 </rm:ResourceReferenceProperty> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Put </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000046 </wsa:MessageID> <rm:ResourceManagement s:mustUnderstand=“true"/> </s:Header> <s:Body> <da:ModifyRequest Dialect=" http://schemas.microsoft.com/2006/11/ResourceManagement/Dialect/IdentityAttributeType-20080602"> <da:Change Operation="add"> <da:AttributeType> ExplicitMember </da:AttributeType> <da:AttributeValue> <rm:Member>44444444-4444-4444-4444-444444444444</rm:Member> </da:AttributeValue> </da:Change> <da:Change Operation="add"> <da:AttributeType> ExplicitMember </da:AttributeType> <da:AttributeValue> <rm:Member>55555555-5555-5555-5555-555555555555</rm:Member> </da:AttributeValue> </da:Change> </da:ModifyRequest> </s:Body> </s:Envelope> |
Sample invocation of the Put operation to remove members of a Group
The following code example uses the Identity Attribute Type 1.0 dialect to identify a value to be removed.
Copy Code | |
---|---|
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:rm="http://schemas.microsoft.com/2006/11/ResourceManagement"> xmlns:da="http://schemas.microsoft.com/2006/11/IdentityManagementService/DirectoryAccess"> <s:Header> <wsa:ReplyTo> <wsa:Address> http://www.woodgrovebank.com/sender </wsa:Address> </wsa:ReplyTo> <wsa:To> http://www.woodgrovebank.com:5725/IdentityManagementService/Resource </wsa:To> <rm:ResourceReferenceProperty> 03CED96B-BE01-4C18-95A5-FCD2FAA09C25 </rm:ResourceReferenceProperty> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Put </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000046 </wsa:MessageID> <rm:ResourceManagement s:mustUnderstand=“true"/> </s:Header> <s:Body> <da:ModifyRequest Dialect="http://schemas.microsoft.com/2006/11/ResourceManagement/Dialect/IdentityAttributeType-20080602"> <da:Change Operation="delete"> <da:AttributeType> ExplicitMember </da:AttributeType> <da:AttributeValue> 44444444-4444-4444-4444-444444444444 </da:AttributeValue> </da:Change> <da:Change Operation="delete"> <da:AttributeType> ExplicitMember </da:AttributeType> <da:AttributeValue> 55555555-5555-5555-5555-555555555555 </da:AttributeValue> </da:Change> </da:ModifyRequest> </s:Body> </s:Envelope> |
Sample invocation of the Put operation to update the display name of an ma-data object
The following code example uses the Identity Attribute Type 1.0 dialect to replace single-value attributes. The DisplayName of an ma-data resource is replaced with the value "AD Management Agent".
Copy Code | |
---|---|
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:da="http://schemas.microsoft.com/2006/11/IdentityManagement/DirectoryAccess" xmlns:rm="http://schemas.microsoft.com/2006/11/ResourceManagement"> <s:Header> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Put </wsa:Action> <da:IdentityManagementOperation s:mustUnderstand="1" /> <rm:ResourceReferenceProperty> urn:uuid:fa14aafd-d74b-4833-bd94-94c96ee1b278 </rm:ResourceReferenceProperty> <wsa:MessageID> urn:uuid:5fb63904-b05a-408d-8a4a-4d2f9332568e </wsa:MessageID> <wsa:ReplyTo> <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:To> http://www.fabrikam.com:5725/IdentityManagementService/Resource </wsa:To> </s:Header> <s:Body> <da:ModifyRequest Dialect=" http://schemas.microsoft.com/2006/11/ResourceManagement/Dialect/IdentityAttributeType- 20080602"> <da:Change Operation="replace"> <da:AttributeType>DisplayName</da:AttributeType> <da:AttributeValue> <rm:DisplayName>AD Management Agent</rm:DisplayName> </da:AttributeValue> </da:Change> </da:ModifyRequest> </s:Body> </s:Envelope> |
Remarks
The Alternate Endpoint implements a Put operation similar to that of the Resource endpoint.