This post will walk you through the very basics of using Postman to use the VMware Identity Manager REST APIs to either GET or POST data.
This post assumes either VMware Identity Manager 2.8.x on-premises tenant or newer or a VMware Identity Manager SaaS tenant.
NOTE: Some additional API calls may ONLY exist for on-premises tenants (e.g. node health status, etc.) which may not be accessible for VMware Identity Manager SaaS tenants.
The Basics:
On some occasions, customers may need to have a resource send a command to VMware Identity Manager but then redirect back. By default, VMware Identity Manager does not do redirects (this is by design), however, it can support them with a slight modification to trusts. The changes are a one-time change per VMware Identity Manager tenant and remain from that point forward unless removed by an administrator.
In this example, we are showing the settings to both GET and POST updates to the "Allow Redirects" API, which tells the VMware Identity Manager what 3rd party sites the vIDM tenant is allowed to safely redirect a user to.
Warning/Notice!
Download 3rd party software at your own risk! VMware does not assume responsibility or liability for your actions on any system or your use of 3rd party software or any damages which may be caused through the use of third party software.
Prerequisites:
- Postman - If you search for Postman, you'll likely come to the Download Postman App web page (This is the primary source as far as I can tell).
- A VMware Identity Manager tenant. Preferably a test tenant (DO NOT TEST ON A PRODUCTION TENANT!).
- Admin credentials to the VMware Identity Manager (TEST) tenant
Getting the Bearer Token from the HZN Cookie in the Browser
The following are the instructions for grabbing the bearer token from the HZN cookie and then applying using Postman to access the APIs to update the settings for allowing redirects.
NOTE: Most modern browsers have an inspection mode. Usually this is accessed by right-clicking on the web page and selecting INSPECT.
- Open a browser such as Chrome and authenticate as admin account to your Workspace ONE tenant (Note: Make sure you have the option to view the Administrator console).
- Open INSPECT mode in the browser by right-clicking on the page and selecting INSPECT from the context menu.
- Select APPLICATION from the inspection window.
- Select your Workspace ONE / VMware Identity Manager portal under cookies.
- Find HZN under the name column and copy the value data to your clipboard.
- In step 5.) of the below instructions, paste the token in for authentication as a Bearer Token.
Using PostMan to access Workspace ONE APIs to GET Values
When you define the parameters in PostMan, make sure the following are set.
- Start with GET command to test URL.
- URL to the API with correct FQDN of VMware Identity Manager tenant. In this case, to read the “allowedredirects” value from the Workspace ONE tenant, use the below URL.
https://<FQDN>/SAAS/jersey/manager/api/authsettings/allowedredirects - Open Authorization tab…
- Set authentication type to BEARER TOKEN.
- Paste in token from HZN cookie from browser (see above procedure to get token from HZN cookie).
- When you press SEND, the Body value should appear as shown in the image below.
Using PostMan to access Workspace ONE APIs to POST Values
When you define the parameters in PostMan, make sure the following are set.
- Start with POST command to test URL.
- URL to the API with correct FQDN of VMware Identity Manager tenant. In this case, to update the “allowedredirects” value from the Workspace ONE tenant, use the below URL.
https://<FQDN>/SAAS/jersey/manager/api/authsettings/allowedredirects
To note: Allowed redirects are per tenant (not per node within a tenant) so they only need to be set using the LB FQDN (e.g. portal.flaming.ws or workspace.mydomain.com). - Open Authorization tab…
- Set authentication type to BEARER TOKEN.
- Paste in token from HZN cookie from browser (see above procedure to get token from HZN cookie).
- Switch to the HEADERS tab in Postman.
- For updating the allowedredirects value we need to add in the “Accept” header with the following value:
application/vnd.vmware.horizon.manager.authsettings.allowedredirects+json
- For updating the allowedredirects value we need to add in the “Content-Type” header with the following value:
application/vnd.vmware.horizon.manager.authsettings.allowedredirects+json
NOTE: If you do not see the above image, you are likely in Bulk Edit mode. If you’d like, you can just paste in the text per the next image, or shift to the Key-Value Edit mode in postman to see the above screen.
- Within Postman, switch to the Body tab.
- Select “raw” for the entry type. This allows you to type in whatever code you wish.
- Select the code type. This is optional as TEXT or TEXT PLAIN will also work. The code we are entering is JSON so either TEXT/TEXT PLAIN or JSON will work.
- Enter the following code. PUT YOUR CAREGATE LOGOUT/LOGIN PAGE AND ANY OTHER PAGES IN COMMA SEPARATED FORMAT BETWEEN THE DOUBLE QUOTES. ENSURE YOU ADD THE ASTERISK AT THE END OF EACH TO BE ABLE TO POINT TO ANY SUBPAGE.
Single Site Code Example:{
"allowedRedirects":["https://www.flaming.ws*"]
}
Multi-Site Code Example:{
"allowedRedirects":["https://www.google.com*,https://www.flaming.ws*"]
}
- When you press SEND, the pages you define will show up under “allowedRedirects” within the Body outcome.
NOTE: If you make an error, just correct it and repost the update.
If you wish to remove all redirects, simply delete all web sites between the quotes and POST the update.
Remove All Redirects Code Example:
{
"allowedRedirects":[""]
}
Conclusion:
This should get you started with using Postman to use the REST APIs within VMware Identity Manager / Workspace ONE to help with better administering and programmatically calling for information and updates to/from Workspace ONE.
For a list of VMware Identity Manager APIs, see the VMware Identity Manager API explorer on code.vmware.com.
