Hello, We have the following problem with AM 7.1.1, we are testing to remove the tokens and sessionhadle of a user through a rest call, but in order to have access to the user’s active sessions we need to log in as root administrator, this is useful for internal testing, but for Prod would be a security breach as the amadmin and password would be exposed to the public. We thought of giving the session permissions to the Realm adminUser, when we try to obtain the user’s session information with this Realm AdminUser credentials we do not have the permissions. how could we do this procedure.
The commands for the session we use is the following:
https://am.example.com:8443 (change for {{amUrl}})
Authentication as Admin (We use Same for Realm UserAdmin)
curl -k -X POST -H ‘X-OpenAM-Username: amadmin’ -H ‘X-OpenAM-Password: password’ -H ‘Content-Type: application/json’ -H ‘Accept-API-Version: resource=2.1’ {{amUrl}}/openam/json/realms/root/authenticate’
Get session
curl -k
–request GET
–header “iPlanetDirectoryPro: XBVyw.AAJTSAAIwMQ…”
–header “Accept-API-Version: resource=3.1, protocol=1.0”
{{amUrl}}/openam/json/realms/root/realms//sessions?_queryFilter=username%20eq%20%22%22%20and%20realm%20eq%20%22%2F%22
Delete Session
curl -k
–request POST
–header “Content-Type: application/json”
–header “iPlanetDirectoryPro: AAIwMQ…”
–header “Accept-API-Version: resource=3.1, protocol=1.0”
–data ‘{
“sessionHandles”: [
“shandle:f-D66Gk-t-An8H*”]
}’
{{amUrl}}/openam/json/realms/root/realms/realm/sessions/?_action=logoutByHandle