OpenID Connect Provider Manager (REST)

Relativity supports OpenID Connect (OIDC) providers for authenticating to a Relativity instance during login. You can set scopes, claims, and other properties on an OIDC provider through the UI and the OIDC Provider Manager service. For more information, see Authentication on the RelativityOne documentation site.

The OIDC Provider Manager service provides the following functionality for programmatically working with providers:

  • CRUD operations on OIDC providers.
  • CRUD operations on group claim mappings.
  • CRUD operations on required claims.

Sample use cases for this service include the following:

  • Updating the trusted IPs on an OIDC provider.
  • Creating a new OIDC provider used for users who are added during Just-In-time provisioning.
  • Adding one or more required claims that a user must have to log in successfully.

You can also use the OIDC Provider Manager service through .NET. For more information, see OpenID Connect Provider Manager (.NET).

OIDC Provider Manager fundamentals

The URLs for REST endpoints contain path parameters that you need to set before making a call:

  • Set the {versionNumber} placeholder to the version of the REST API that you want to use, using the format lowercase v and the version number, for example v1.
  • Set other path parameters in the URLs to the Artifact ID of a given entity, for example setting {workspaceID} to the Artifact ID of a workspace.
  • Note: To indicate the admin-level context, set the {workspaceID} path parameter to -1.

For example, you can use the following URL to read an OIDC provider:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

Set the path parameters as follows:

  • {versionNumber} to the version of the service, such as v2.
  • {providerID} to the Artifact ID of the provider that you want to read.

Client code sample

You need to create a client to make calls to the OIDC Provider service. See the following sample code:

Copy
Uri relativityRestUri = new Uri(@"http://localhost/relativity.rest/api");
Credentials credentials = new UsernamePasswordCredentials("username", "password");
 
ServiceFactorySettings settings = new ServiceFactorySettings(relativityRestUri, credentials);
 
ServiceFactory factory = new ServiceFactory(settings);
 
using (var manager = factory.CreateProxy<IOpenIDConnectProviderManager>())
{
    manager.ReadAsync(1231223);
}

Create an OIDC provider

To create an OIDC provider, send a POST request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers

Retrieve an OIDC provider

To read an OIDC provider, send a GET request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

The response for a read operation contains the same fields as those for a create response. See the field descriptions for the response in Create an OIDC provider.

Update an OIDC provider

To update an OIDC provider, send a PUT request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers

The request for an update operation contains providerID, which is an integer used as the unique identifier for the authentication provider. The other fields in the request are the same those for a create request. See the field descriptions in Create an OIDC provider.

When the provider is successfully updated, the response returns the status code of 200.

Delete an OIDC provider

To delete an existing OIDC provider, send a DELETE request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

When the provider is successfully deleted, the response returns the status code of 200.

Create multiple group claim mappings for a provider

To create multiple group claim mappings for an OIDC provider, send a POST request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/groupclaimmappings

Retrieve all group claim mappings for a provider

To retrieve all the group claim mappings for an OIDC provider, send a GET request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/groupclaimmappings

The request body is empty.

Retrieve a group claim mapping

To read a group claim mapping from an OIDConnect provider, send a GET request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

Update a group claim mapping

To update a group claim mapping for an OIDC provider, send a PUT request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

When the mapping is successfully updated, the response returns the status code of 200.

Delete a group claim mapping

To delete a group claim mapping from an OIDC provider, send a DELETE request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

When the mapping is successfully deleted, the response returns the status code of 200.

Create multiple required claims for a provider

To create multiple required claims for an existing OIDC provider, send a POST request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims

Retrieve all required claims for a provider

To retrieve all the required claims for an OIDC provider, send a GET request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims

The request body is empty.

Retrieve required a claim for a provider

To read a required claim from an OIDC provider, send a GET request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}

The request body is empty.

Update a required claim

To update a required group claim mapping for an OIDC provider, send a PUT request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}

When the mapping is successfully updated, the response returns the status code of 200.

Delete required claim

To delete a required group claim mapping for an OIDC provider, send a DELETE request with a URL in the following format:

Copy
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}

The request body is empty.

When the mapping is successfully deleted, the response returns the status code of 200.