indigo-iam
Query user by DN of the certificate.
We have started working on a story to support the case where GMS(group membership service) is called with an X.509 Certificate. It should be able to use the DN of the certificate to query IAM for the group information, as is done currently with tokens.
while checking indigo IAM docs we have not found any api which can allow us to query by DN of the certificate and provide group info in response, it is only be done with bearer token or user id.
Currently we are fetching all the users of IAM using GET /scim/Users and matching DN of the certificate ourself but this does not seems to be a ideal solution in case we have large number of users.
is there a way we could find a user with matching DN in IAM ?
Hi, have you tried the IAM account API (https://indigo-iam.github.io/v/v1.8.1/docs/reference/api/account-api/#account-filtering)? You can filter user information by certificate subject in this way:
https://<your-iam-instance>/iam/account/find/bycertsubject?certificateSubject=XXX
This endpoint /iam/account/find/bycertsubject is not available with scim:read privileges and currently require admin privileges. This may be solved by new admin:read scope that comes with 1.8.2, but currently there is no usable way to filter results and in our tools we also started to list all SCIM users ... not really optimal way for searching one account.
In the IAM documentation it is mentioned
SCIM Filtering and sorting of results are currently not supported.
Do you plan to add support for filtering (sorting)?
The endpoint is available with iam:admin.read scope (not sure since when), so I'm closing the issue. If it still does not satisfy your use-case please feel free to reopen it.
