Assign Username as _id in Identity Cloud

Creating users in Identity Cloud via Postman. Would like _id to be the actual username instead of GUID (hex value). I want to refer to username in statements and not the GUID. I can create other objects like organizations with my name of choice and refer to them accordingly. Can’t seem to do it with username. Any guidance is appreciated.

Username Example:
“_id”: “b326efb2-4587-228c-a204-383cb8fe36fa”,
“_rev”: “e68caa44-6190-4b12-a27c-3ee26b9c0569-174842”,
“mail”: “”,
“givenName”: “Test”,
“accountStatus”: “active”,
“sn”: “User”,
“userName”: “testuser”

Organization Example:
“_id”: “Postman_Org”,
“_rev”: “e68caa44-6190-4b12-a57c-3ee25b9c0569-122674”,

Teria, I recently had another customer asking a similar question around roles which allows you to configure them with your own _id just like organizations in the Cloud:

Example Role TestDan creates no issue:

curl 'https://<tenant-url>/openidm/managed/alpha_role?_action=create' \-H 'content-type: application/json' \-H 'authorization: Bearer <Access-Token>--data-raw '{"_id":"TestDan","name":"TestDan","condition":"/mail pr","description":"TestDan"}' \--compressed

However when it comes to creating a custom _ID it is supported when you are running the OnPrem IDM.

Docs example:

However in Identity Cloud this is not not supported, and requires you to use a UUID and have been advised by the engineer group you would hit problems.

If you try try to create a user with a custom ID it will fail:


curl 'https://<tenant-url>/openidm/managed/alpha_user?_action=create' \
-H 'authorization: Bearer <VALID-TOKEN>' \
-H 'content-type: application/json' \
--data-raw $'{"_id": "dadams","userName":"dadams","givenName":"Dan","sn":"Adams","mail":"","password":"Abc!#32sd4u0021"}' \

Will Result in the following Message: (All UUID values must have a length of exactly 36 bytes)

{"code":400,"reason":"Bad Request","message":"Invalid Attribute Syntax: Entry &#34;fr-idm-uuid&#61;dadamsid,ou&#61;user,o&#61;alpha,o&#61;root,ou&#61;identities&#34; contains a value &#34;dadamsid&#34; for attribute fr-idm-uuid that is invalid according to the syntax for that attribute: The provided value &#34;dadamsid&#34; has an invalid length for a UUID.  All UUID values must have a length of exactly 36 bytes, but the provided value had a length of 8 bytes","detail":{"passwordQualityAdvice":{"attributeType":"userPassword","passingCriteria":[{"type":"length-based","parameters":{"max-password-length":0,"min-password-length":8}},{"type":"attribute-value","parameters":{"min-substring-length":5,"match-attributes":["givenName","mail","sn","uid"],"check-substrings":true,"test-reversed-password":true}},{"type":"character-set","parameters":{"min-character-sets":0,"character-sets":["1:0123456789","1:ABCDEFGHIJKLMNOPQRSTUVWXYZ","1:abcdefghijklmnopqrstuvwxyz","1:~!&#64;#$%^&amp;*()-_&#61;&#43;[]{}|;:,.&lt;&gt;/?&#34;&#39;\\&#96;"],"allow-unclassified-characters":true,"character-set-ranges":[]}}],"failingCriteria":[]}}}%                                                                      

I can generate my Own ID with a valid 36 character UUID → Example (67219797-2fb2-40f3-91af-0e20f5bc52f8):

curl 'https://<Tenant-URL>/openidm/managed/alpha_user?_action=create' \
-H 'authorization: Bearer <Access-Token>' \
-H 'content-type: application/json' \
--data-raw $'{"_id": "67219797-2fb2-40f3-91af-0e20f5bc52f8","userName":"dadamsid","givenName":"Dan","sn":"Adams","mail":"","password":"P@55w0rd\u0021"}' \

When the above cloud doc was first published it did mention the same format as On Prem but was removed in the following Jira as its not possible:

  1. OPENIDM-18436 Update docs to remove/update the section around creating users with user defined IDs

  2. OPENIDM-18520 DOC: Use readable variables for object UUIDs and _ref ids which is related to internal FORGEROCK-1128 DOC: Use readable variables for object UUIDs and _ref ids. You can track this RFE using issues tracker here →

Again, this is working as currently designed and not available in the cloud at this time

1 Like