OpenID Connect Provider Manager (REST)

Relativity supports OpenID Connect (OIDC) providers for authenticating to a Relativity instance during login. You can set scopes, claims, and other properties on an OIDC provider through the UI and the OIDC Provider Manager service. For more information, see Authentication on the RelativityOne documentation site.

The OIDC Provider Manager service provides the following functionality for programmatically working with providers:

  • CRUD operations on OIDC providers.
  • CRUD operations on group claim mappings.
  • CRUD operations on required claims.

Sample use cases for this service include the following:

  • Updating the trusted IPs on an OIDC provider.
  • Creating a new OIDC provider used for users who are added during Just-In-time provisioning.
  • Adding one or more required claims that a user must have to log in successfully.

You can also use the OIDC Provider Manager service through .NET. For more information, see OpenID Connect Provider Manager (.NET).

OIDC Provider Manager fundamentals

The URLs for REST endpoints contain path parameters that you need to set before making a call:

  • Set the {versionNumber} placeholder to the version of the REST API that you want to use, using the format lowercase v and the version number, for example v1.
  • Set other path parameters in the URLs to the Artifact ID of a given entity, for example setting {workspaceID} to the Artifact ID of a workspace.
    • Note: To indicate the admin-level context, set the {workspaceID} path parameter to -1.

For example, you can use the following URL to read an OIDC provider:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

Set the path parameters as follows:

  • {versionNumber} to the version of the service, such as v2.
  • {providerID} to the Artifact ID of the provider that you want to read.

Client code sample

You need to create a client to make calls to the OIDC Provider service. See the following sample code:

Copy 
Uri relativityRestUri = new Uri(@"http://localhost/relativity.rest/api");
Credentials credentials = new UsernamePasswordCredentials("username", "password");
 
ServiceFactorySettings settings = new ServiceFactorySettings(relativityRestUri, credentials);
 
ServiceFactory factory = new ServiceFactory(settings);
 
using (var manager = factory.CreateProxy<IOpenIDConnectProviderManager>())
{
    manager.ReadAsync(1231223);
}

Create an OIDC provider

To create an OIDC provider, send a POST request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers

The request must contain a "provider" object with the following fields:

  • Name - a string representing the name for the provider. This name must be unique within the profile.
  • Description - a string used as a description for the provider.
  • IsEnabled - a Boolean value indicating whether the provider is enabled.
  • SiteUri - indicates the site URI of the Relativity instance.
  • DisplayOnLoginPage - a Boolean value indicating whether a button is displayed for the provider on the Relativity login page.
  • Caption - a string used as the caption text for the button.
  • ClientID - a string used as the client identifier registered at the provider.
  • ClientSecret - a string used as the client secret registered at the provider. This field is used only in code flow.
  • Authority - indicates the URI for an external OIDC provider.
  • Flow - an OAuth2Flow used as the authentication flow communicating with the external provider.
  • SubjectClaimType - a string representing the claim type for getting the subject mapping for a user. The default value is "sub".
  • Scopes - an array of strings representing the OIDC scopes to request. The default scope is "openid' and it's included in this array of scopes.
  • JITSettings - a JITSettings object with properties for Just-In-Time provisioning set on an OIDC provider as follows:
    • Enabled - a Boolean value indicating whether Just-In-Time user provisioning is available for the authentication provider.
    • PersonalGroup - a Boolean value indicating whether a user should be assigned a personal group.
    • FirstNameClaimType - a string representing the claim type of the claim value used for the first name of a user during Just-In-Time provisioning.
    • LastNameClaimType - a string representing the claim type of the claim value used for the last name of a user during Just-In-Time provisioning.
    • EmailClaimType - a string representing the claim type of the claim value used for the email address of a user during Just-In-Time provisioning.
    • PersonalGroupClaimType - a string representing the claim type of the claim value used for the name of the personal group during Just-In-Time provisioning.
    • GroupClaimType - a string representing the claim type of the claim value used for the name of the group during Just-In-Time provisioning.
    • DefaultTrustedIPs - a string representing the set of default trusted IP addresses that a user can use for logging in. These IP addresses are newline delimited.
    • Client - the identifier for the client used when creating a user during Just-In-Time provisioning.
      • Value - contains the following field:
        • ArtifactID - an integer representing a unique identifier for the client.
Copy 
{
    "provider": {          
        "Name": "OIDC Auth Provider",
        "Description": "Description here",
        "IsEnabled": true,
        "SiteUri": "https://relativity.com/Relativity",
        "DisplayOnLoginPage": true,
        "Caption": "OIDC Provider 1",
        "ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
        "ClientSecret": "secret",
        "Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
        "Flow": "Code",
        "SubjectClaimType": "email",
        "Scopes": "openid email profile",
        "JITSettings": {
            "Enabled": true,
            "PersonalGroup": false,
            "FirstNameClaimType": "firstnameclaim",
            "LastNameClaimType": "lastnameclaim",
            "EmailClaimType": "emailclaim",
            "PersonalGroupClaimType": "personalgroupclaim",
            "GroupClaimType": "groupclaim",
            "DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost"
            "Client": {
                "Value":{
                    "ArtifactID": 1015644
                }
            }
        }    
    }
}

The response contains following fields:

  • ArtifactID - an integer used as the unique identifier for the authentication provider.
  • Name - a string representing the name for the provider. This name must be unique within the profile.
  • Description - a string used as a description for the provider.
  • IsEnabled - a Boolean value indicating whether the provider is enabled.
  • SiteUri - indicates the site URI of the Relativity instance.
  • DisplayOnLoginPage - a Boolean value indicating whether a button is displayed for the provider on the Relativity login page.
  • Caption - a string used as the caption text for the button.
  • ClientID - a string used as the client identifier registered at the provider.
  • ClientSecret - a string used as the client secret registered at the provider. This field is used only in code flow.
  • Authority - indicates the URI for an external OIDC provider.
  • Flow - an OAuth2Flow used as the authentication flow communicating with the external provider.
  • RedirectUri - the redirect URI that needs to get set at the identity provider.
  • SubjectClaimType - a string representing the claim type for getting the subject mapping for user. The default value is "sub".
  • Scopes - an array of strings representing the OIDC scopes to request. The default scope is "openid' and it's included in this array of scopes.
  • JITSettings - a JITSettings object with properties for Just-In-Time provisioning set on an OIDC provider as follows:
    • ArtifactID - an integer used as the unique identifier for the JITSettings object.
    • Enabled - a Boolean value indicating whether Just-In-Time user provisioning is available for the authentication provider.
    • PersonalGroup - a Boolean value indicating whether a user should be assigned a personal group.
    • FirstNameClaimType - a string representing the claim type of the claim value used for the first name of a user during Just-In-Time provisioning.
    • LastNameClaimType - a string representing the claim type of the claim value used for the last name of a user during Just-In-Time provisioning.
    • EmailClaimType - a string representing the claim type of the claim value used for the email address of a user during Just-In-Time provisioning.
    • PersonalGroupClaimType - a string representing the claim type of the claim value used for the name of the personal group during Just-In-Time provisioning.
    • GroupClaimType - a string representing the claim type of the claim value used for the name of the group during Just-In-Time provisioning.
    • DefaultTrustedIPs - a string representing the set of default trusted IP addresses that a user can use for logging in. These IP addresses are newline delimited.
    • Client - the identifier for the client used when creating a user during Just-In-Time provisioning.
      • Secured - indicates whether the current user has permissions to view the setting in the Value field.
      • Value - contains the following field:
        • ArtifactID - an integer representing a unique identifier for the client.
        • Guids - an array of GUIDs for the client.
  • Resource - a string indicating the target service or resource to which access is being requested.
  • ResponseType - an enumeration that includes the following values:
    • Code.
    • IDToken
    • Token
  • TrustedIPs - an array of trusted IP addresses available for login.
Copy 
"ArtifactID": 1020049,
    "Name": "OIDC Auth Provider",
    "Description": "Description here",
    "IsEnabled": true,
    "SiteUri": "https://relativity.com/Relativity",
    "DisplayOnLoginPage": true,
    "Caption": "OIDC Provider 1",
    "ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
    "ClientSecret": "secret",
    "Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
    "Flow": "Code",
    "RedirectUri": "https://relativity.com:443/Relativity/Identity/1F7F411E1C520578D7FA48CEE9364F8E71AC9ACA",
    "SubjectClaimType": "email",
    "Scopes": "openid email profile",
    "JITSettings": {
        "ArtifactID": 1020050,
        "Enabled": true,
        "PersonalGroup": false,
        "FirstNameClaimType": "firstnameclaim",
        "LastNameClaimType": "lastnameclaim",
        "EmailClaimType": "emailclaim",
        "PersonalGroupClaimType": "personalgroupclaim",
        "GroupClaimType": "groupclaim",
        "DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost",
        "Client": {
            "Secured": false,
            "Value": {
                "ArtifactID": 1015644,
                "Guids": []
            }
        }
    },
    "Resource": "",
    "ResponseType": "code",
    "TrustedIPs": []
}

Retrieve an OIDC provider

To read an OIDC provider, send a GET request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

The response for a read operation contains the same fields as those for a create response. See the field descriptions for the response in Create an OIDC provider.

Copy 
{
    "ArtifactID": 1020049,
    "Name": "OIDC Auth Provider",
    "Description": "Description here",
    "IsEnabled": true,
    "SiteUri": "https://relativity.com/Relativity",
    "DisplayOnLoginPage": true,
    "Caption": "OIDC Provider 1",
    "ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
    "ClientSecret": "secret",
    "Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
    "Flow": "Code",
    "RedirectUri": "https://relativity.com:443/Relativity/Identity/1F7F411E1C520578D7FA48CEE9364F8E71AC9ACA",
    "SubjectClaimType": "email",
    "Scopes": "openid email profile",
    "JITSettings": {
        "ArtifactID": 1020050,
        "Enabled": true,
        "PersonalGroup": false,
        "FirstNameClaimType": "firstnameclaim",
        "LastNameClaimType": "lastnameclaim",
        "EmailClaimType": "emailclaim",
        "PersonalGroupClaimType": "personalgroupclaim",
        "GroupClaimType": "groupclaim",
        "DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost",
        "Client": {
            "Secured": false,
            "Value": {
                "Name": "Relativity",
                "ArtifactID": 1015644,
                "Guids": []
            }
        }
    },
    "Resource": "",
    "ResponseType": "code",
    "TrustedIPs": []
}

Update an OIDC provider

To update an OIDC provider, send a PUT request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers

The request for an update operation contains providerID, which is an integer used as the unique identifier for the authentication provider. The other fields in the request are the same those for a create request. See the field descriptions in Create an OIDC provider.

Copy 
{
    "providerID": {providerID},
     "provider": {          
        "Name": "OIDC Auth Provider",
        "Description": "Description here",
        "IsEnabled": true,
        "SiteUri": "https://relativity.com/Relativity",
        "DisplayOnLoginPage": true,
        "Caption": "OIDC Provider 1",
        "ClientID": "1ba9d293-fde9-4501-9b12-b2c4234234324",
        "ClientSecret": "secret",
        "Authority": "https://login.microsoftonline.com/8afe73f9-0d93-4821-a898-c5c2dc320953/",
        "Flow": "Code",
        "SubjectClaimType": "email",
        "Scopes": "openid email profile",
        "JITSettings": {
            "Enabled": true,
            "PersonalGroup": false,
            "FirstNameClaimType": "firstnameclaim",
            "LastNameClaimType": "lastnameclaim",
            "EmailClaimType": "emailclaim",
            "PersonalGroupClaimType": "personalgroupclaim",
            "GroupClaimType": "groupclaim",
            "DefaultTrustedIPs": "fe80::c20:8e40:319f:b84d%22\r\nlocalhost"
            "Client": {
                "Value":{
                    "ArtifactID": 1015644
                }
            }
        }    
    }
}

When the provider is successfully updated, the response returns the status code of 200.

Delete an OIDC provider

To delete an existing OIDC provider, send a DELETE request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

When the provider is successfully deleted, the response returns the status code of 200.

Create multiple group claim mappings for a provider

To create multiple group claim mappings for an OIDC provider, send a POST request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/groupclaimmappings

The request contains an array of GroupClaimMapping objects, which have the following fields:

  • Group - represents the group that the user is added to.
    • Secured - indicates whether the current user has permissions to view the setting in the Value field.
    • Value - contains the following fields:
      • Name - a user-friendly name for the group.
      • ArtifactID - an integer representing a unique identifier for the group.
      • Guids - an array of GUIDs for the group.
  • ClaimValue - a string representing the claim value expected for the mapping to succeed.
Copy 
{
    "groupClaimMappings": [
    {
        "Group": {
            "Secured": false,
            "Value": {
                "Name": "First Level Group",
                "ArtifactID": 1015025,
                "Guids": []
            }
        },
        "ClaimValue": "firstgroup"
    },
    {
        "Group": {
            "Secured": false,
            "Value": {
                "Name": "Third Level Group",
                "ArtifactID": 1015027,
                "Guids": []
            }
        },
        "ClaimValue": "thirdgroup"
    }]   
}

The response contains an array of RelativityObjects, which have the following fields:

  • ParentObject - contains the following field:
    • ArtifactID - an integer representing a unique identifier for the parent object of the specific RelativityObject.
  • FieldValues - an array containing FieldValuePair objects as follows:
    • Field - a field associated with a specific value. The Field object contains the following:
      • ArtifactID - an integer representing a unique identifier for the object.
      • FieldCategory - indicates the specific functionality assigned to a field, such as stores descriptive text, acts as a relational field, represents grouping for batching, and others. The FieldCategory enumeration defines these categories.
      • FieldType - the type of a Relativity field, such as fixed-length text, date, single object, or others. The FieldType enumeration defines these types.
      • Guids - an array of GUIDs used to identify the field.
      • Name - a user-friendly name for the field.
      • ViewFieldID - a unique identifier used to reference a view field.
    • Value - the data assigned to a field. It contains the following:
      • ArtifactID - an integer representing a unique identifier for the object.
      • Guids - an array of GUIDs used to identify the object.
      • Name - a user-friendly name for the object.
      • ItemSecured - a Boolean value indicating whether users can access the item.
  • ArtifactID - a unique identifier for the RelativityObject instance, which is represented as an integer.
  • Guids - an array of GUIDs used to identify the RelativityObject.
Copy 
[
    {
        "ParentObject": {
            "ArtifactID": 1020049
        },
        "FieldValues": [
            {
                "Field": {
                    "ArtifactID": 1018417,
                    "FieldCategory": "Generic",
                    "FieldType": "SingleObject",
                    "Guids": [],
                    "Name": "Group",
                    "ViewFieldID": 0
                },
                "Value": {
                    "ArtifactID": 1015025,
                    "Guids": [],
                    "Name": "First Level Group",
                    "ItemSecured": false
                }
            },
            {
                "Field": {
                    "ArtifactID": 1018418,
                    "FieldCategory": "Generic",
                    "FieldType": "FixedLengthText",
                    "Guids": [],
                    "Name": "Claim Value",
                    "ViewFieldID": 0
                },
                "Value": "firstgroup"
            }
        ],
        "ArtifactID": 1020055,
        "Guids": []
    },
    {
        "ParentObject": {
            "ArtifactID": 1020049
        },
        "FieldValues": [
            {
                "Field": {
                    "ArtifactID": 1018417,
                    "FieldCategory": "Generic",
                    "FieldType": "SingleObject",
                    "Guids": [],
                    "Name": "Group",
                    "ViewFieldID": 0
                },
                "Value": {
                    "ArtifactID": 1015027,
                    "Guids": [],
                    "Name": "Third Level Group",
                    "ItemSecured": false
                }
            },
            {
                "Field": {
                    "ArtifactID": 1018418,
                    "FieldCategory": "Generic",
                    "FieldType": "FixedLengthText",
                    "Guids": [],
                    "Name": "Claim Value",
                    "ViewFieldID": 0
                },
                "Value": "thirdgroup"
            }
        ],
        "ArtifactID": 1020056,
        "Guids": []
    }
]

Retrieve all group claim mappings for a provider

To retrieve all the group claim mappings for an OIDC provider, send a GET request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/groupclaimmappings

The request body is empty.

The response contains an array of GroupClaimMapping objects, which have the following fields:

  • ArtifactID - an integer representing a unique identifier for the GroupClaimMapping object.
  • Group - represents the group that the user is added to.
    • Secured - indicates whether the current user has permissions to view the setting in the Value field.
    • Value - contains the following fields:
      • Name - a user-friendly name for the group.
      • ArtifactID - an integer representing a unique identifier for the group.
      • Guids - an array of GUIDs for the group.
  • ClaimValue - a string representing the claim value expected for the mapping to succeed.
Copy 
[
    {
        "ArtifactID": 1020052,
        "Group": {
            "Secured": false,
            "Value": {
                "Name": "First Level Group",
                "ArtifactID": 1015025,
                "Guids": []
            }
        },
        "ClaimValue": "firstgroup"
    },
    {
        "ArtifactID": 1020053,
        "Group": {
            "Secured": false,
            "Value": {
                "Name": "Second Level Group",
                "ArtifactID": 1015026,
                "Guids": []
            }
        },
        "ClaimValue": "secondgroup"
    }
]

Retrieve a group claim mapping

To read a group claim mapping from an OIDConnect provider, send a GET request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

The response contains a GroupClaimMapping object, which has the following fields:

  • ArtifactID - an integer representing a unique identifier for the GroupClaimMapping object.
  • Group - represents the group that the user is added to.
    • Secured - indicates whether the current user has permissions to view the setting in the Value field.
    • Value - contains the following fields:
      • Name - a user-friendly name for the group.
      • ArtifactID - an integer representing a unique identifier for the group.
      • Guids - an array of GUIDs for the group.
  • ClaimValue - a string representing the claim value expected for the mapping to succeed.
Copy 
{
    "ArtifactID": 1020052,
    "Group": {
        "Secured": false,
        "Value": {
            "Name": "First Level Group",
            "ArtifactID": 1015025,
            "Guids": []
        }
    },
    "ClaimValue": "firstgroup"
}

Update a group claim mapping

To update a group claim mapping for an OIDC provider, send a PUT request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The response contains a GroupClaimMapping object, which has the following fields:

  • Group - represents the group that the user is added to.
    • Secured - indicates whether the current user has permissions to view the setting in the Value field.
    • Value - contains the following fields:
      • Name - a user-friendly name for the group.
      • ArtifactID - an integer representing a unique identifier for the group.
      • Guids - an array of GUIDs for the group.
  • ClaimValue - a string representing the claim value expected for the mapping to succeed.
Copy 
{
    "gcm": {           
        "Group": {
            "Secured": false,
            "Value": {
                "Name": "Third Level Group",
                "ArtifactID": 1015027,
                "Guids": []
            }
        },
        "ClaimValue": "thirdgroupupdated"
    }
}

When the mapping is successfully updated, the response returns the status code of 200.

Delete a group claim mapping

To delete a group claim mapping from an OIDC provider, send a DELETE request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}

The request body is empty.

When the mapping is successfully deleted, the response returns the status code of 200.

Create multiple required claims for a provider

To create multiple required claims for an existing OIDC provider, send a POST request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims

The request contains an array of RequiredClaim objects, which have the following fields:

  • ClaimType - a string representing the name of the claim type.
  • ClaimValue - a string representing the value required in the claim.
Copy 
{
    "requiredClaims": [
    {
        "ClaimType": "type1"
        "ClaimValue": "value1"
    },
    {
        "ClaimType": "type2"
        "ClaimValue": "value2"
    }]   
}

The response contains a RelativityObject, which has the following fields:

  • ParentObject - contains the following field:
    • ArtifactID - an integer representing a unique identifier for the parent object of the specific RelativityObject.
  • FieldValues - an array containing FieldValuePair objects as follows:
    • Field - a field associated with a specific value. The Field object contains the following:
      • ArtifactID - an integer representing a unique identifier for the object.
      • FieldCategory - indicates the specific functionality assigned to a field, such as stores descriptive text, acts as a relational field, represents grouping for batching, and others. The FieldCategory enumeration defines these categories.
      • FieldType - the type of a Relativity field, such as fixed-length text, date, single object, or others. The FieldType enumeration defines these types.
      • Guids - an array of GUIDs used to identify the field.
      • Name - a user-friendly name for the field.
      • ViewFieldID - a unique identifier used to reference a view field.
    • Value - the data assigned to a field. It contains the following:
      • ArtifactID - an integer representing a unique identifier for the object.
      • Guids - an array of GUIDs used to identify the object.
      • Name - a user-friendly name for the object.
      • ItemSecured - a Boolean value indicating whether users can access the item.
  • ArtifactID - a unique identifier for the RelativityObject instance, which is represented as an integer.
  • Guids - an array of GUIDs used to identify the RelativityObject.
Copy 
[
    {
        "ParentObject": {
            "ArtifactID": 1018685
        },
        "FieldValues": [
            {
                "Field": {
                    "ArtifactID": 1018675,
                    "FieldCategory": "Generic",
                    "FieldType": "FixedLengthText",
                    "Guids": [],
                    "Name": "Claim Value",
                    "ViewFieldID": 0
                },
                "Value": "claim1value"
            },
            {
                "Field": {
                    "ArtifactID": 1018676,
                    "FieldCategory": "Generic",
                    "FieldType": "FixedLengthText",
                    "Guids": [],
                    "Name": "Claim Type",
                    "ViewFieldID": 0
                },
                "Value": "claim1type"
            }
        ],
        "ArtifactID": 1018687,
        "Guids": []
    },
    {
        "ParentObject": {
            "ArtifactID": 1018685
        },
        "FieldValues": [
            {
                "Field": {
                    "ArtifactID": 1018675,
                    "FieldCategory": "Generic",
                    "FieldType": "FixedLengthText",
                    "Guids": [],
                    "Name": "Claim Value",
                    "ViewFieldID": 0
                },
                "Value": "claim2value"
            },
            {
                "Field": {
                    "ArtifactID": 1018676,
                    "FieldCategory": "Generic",
                    "FieldType": "FixedLengthText",
                    "Guids": [],
                    "Name": "Claim Type",
                    "ViewFieldID": 0
                },
                "Value": "claim2type"
            }
        ],
        "ArtifactID": 1018688,
        "Guids": []
    }
]

Retrieve all required claims for a provider

To retrieve all the required claims for an OIDC provider, send a GET request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims

The request body is empty.

The response contains an array of RequiredClaim objects, which have the following fields:

  • ArtifactID - an integer representing a unique identifier for the required claim.
  • ClaimType - a string representing the name of the claim type.
  • ClaimValue - a string representing the value required in the claim.
Copy 
[
    {
        "ArtifactID": 1020052,
        "ClaimType": "type1"
        "ClaimValue": "value1"
    },
    {
        "ArtifactID": 1020053,
        "ClaimType": "type2"
        "ClaimValue": "value2"
    }
]

Retrieve required a claim for a provider

To read a required claim from an OIDC provider, send a GET request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}

The request body is empty.

The response contains a RequiredClaim object, which has the following fields:

  • ArtifactID - an integer representing a unique identifier for the required claim.
  • ClaimType - a string representing the name of the claim type.
  • ClaimValue - a string representing the value required in the claim.
Copy 
{
    "ArtifactID": 1020052,
    "ClaimType": "type1",
    "ClaimValue": "value1"
}

Update a required claim

To update a required group claim mapping for an OIDC provider, send a PUT request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}

The request contains a of RequiredClaim object, which has the following fields:

  • ClaimType - a string representing the name of the claim type.
  • ClaimValue - a string representing the value required in the claim.
Copy 
{
    "requiredClaim": {           
        "ClaimType": "type1",
        "ClaimValue": "value1"
    }
}

When the mapping is successfully updated, the response returns the status code of 200.

Delete required claim

To delete a required group claim mapping for an OIDC provider, send a DELETE request with a URL in the following format:

Copy 
<host>/Relativity.Rest/API/Relativity-Identity/{versionNumber}/openid-connect-providers/{providerID}/requiredclaims/{requiredClaimID}

The request body is empty.

When the mapping is successfully deleted, the response returns the status code of 200.