Using realName as a query filter

You can use the realmName parameter in SCIM APIs to filter user and group queries.

When you use the /identity/v3/idsource API, the realmName parameter shows the IdP connection name. See the following example:

"urn:ietf:params:scim:schemas:extension:ibmcp:2.0:User": {
        "realmName": "openLDAP"
}

You can filter user and group queries based on the realmName.

Get the RealmName for IdP

Use the following API to get the realmName.

See these API parameters:

curl -k -X "Authorization: Bearer $ACCESS_TOKEN" "https://<cp-console>/idprovider/v3/auth/idsource?protocol=ldap" | jq -r .idp | jq -r '.[0].idp_config.name'

The following output is an example:

OutPut: openLDAP

Use the realmName to query users and groups

Use the realmName that you get from the https://<cp-console>/idprovider/v3/auth/idsource?protocol=<protocol-value> API to run a filter on user and group queries.

Note: The only supported operator for realmName is equal or eq. You can use any other filter with the realmName by using and or or operator.

See the following example:

https://<cp-console>/idmgmt/identity/api/v1/scim/users/?filter=urn:ietf:params:scim:schemas:extension:ibmcp:2.0:User:realmName eq "openLDAP" and displayName eq "icpuser1"
https://<cp-console>/idmgmt/identity/api/v1/scim/users/?filter=urn:ietf:params:scim:schemas:extension:ibmcp:2.0:User:realmName eq "openLDAP" or displayName eq "icpuser1"

Limitations

The use of a realmName filter has the following limitations: