createSecurityRealm

A Graze API POST request that creates a new SAML security realm from an Identity Provider (IdP) URL. The request also adds the realm configuration you provide.

Warning

Warn any users who are logged into Moogsoft AIOps using the default realm before using this request. Moogsoft AIOps may log out users when the new realm becomes active.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createSecurityRealm takes the following request arguments:

Name

Type

Required

Description

auth_token

String

Yes

A valid auth_token returned from the authenticate request. See the authenticate endpoint for more information.

name

String

Yes

Name of the security realm.

type

String

Yes

Security realm type. This must be "SAML2".

active

Boolean

Yes

Determines whether the new realm is active in Moogsoft AIOps on creation.

You can create an inactive realm for testing purposes. For example, you can verify if a security realm with that name already exists or if it fails.

configuration

JSON Object

Yes

JSON object containing the realm configuration. For information on the configuration properties, see Security Configuration Reference.

Upload your IdP metadata file using idpMetadata or specify the location of the file using idpMetadataUrl. For example:

"idpMetadataUrl":"http://<location_of_idp_metadata>"

"idpMetadata":"<raw_ipd_metadata.xml>"

Response

Endpoint createSecurityRealm returns the following response:

Examples

The following examples demonstrate typical use of endpoint createSecurityRealm:

Request example

Example cURL request to create a security realm:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createSecurityRealm" -d '{
    "name":"mySamlRealm",
    "type":"SAML2",
    "active:"true",
    "configuration":
    {
            "idpMetadataUrl":"http://exampleIdP:18080/auth/realms/master/protocol/saml/descriptor",
            "defaultRoles":["Operator"],
            "defaultTeams":["Cloud DevOps"],
            "defaultGroup":"End-User",
            "existingUserMappingField":"username",
            "username":"$username",
            "email":"$email",
            "fullname":"$firstname $lastname",
            "maximumAuthenticationLifetime":60
    }
}'

Response example