Custom attributes

In addition to standard attributes describing SSO users, such as username, password or email, it is also possible to create and manage additional arbitrary attributes holding any kind of information required.

Custom user attributes exist either for as long as their user exists or, optionally, can be configured to expire after some time. They will persist across multiple login sessions but a related feature, session attributes, lets one set attributes for each session, each login, separately.

Name of an attribute is its identifier, there is no separate ID field. The name is unique independently for user and session attributes, i.e. there can be a user attribute of a given name and a distinct session attribute of the same name but there cannot be multiple user, nor session, attributes with the same name.

Each attribute can be optionally stored in the database in an encrypted form - this can be used, for instance, with Social Security Numbers or other Personally Identifiable information (PII). Encryption and decryption is performed on the fly, no programming is needed.

Regular users may access only their own attributes while super-users can manage attributes of any user.

The API is available for Python code and REST clients.

User attributes API

User attributes

x Topic x REST x Python
create/create_many POST /zato/sso/user/attr self.sso.user.attr.create*
update/update_many PATCH /zato/sso/user/attr self.sso.user.attr.update*
set/set_many PUT /zato/sso/user/attr self.sso.user.attr.set*
delete/delete_many DELETE /zato/sso/user/attr self.sso.user.attr.delete*
get/get_many GET /zato/sso/user/attr self.sso.user.attr.get*
exists/exists_many GET /zato/sso/user/attr/exists self.sso.user.attr.exists*
names GET /zato/sso/user/attr/names self.sso.user.attr.names

Session attributes

x Topic x REST x Python
create/create_many POST /zato/sso/session/attr self.sso.user.session.attr.create*
update/update_many PATCH /zato/sso/session/attr self.sso.user.session.attr.update*
set/set_many PUT /zato/sso/session/attr self.sso.user.session.attr.set*
delete/delete_many DELETE /zato/sso/session/attr self.sso.user.session.attr.delete*
get/get_many GET /zato/sso/session/attr self.sso.user.session.attr.get*
exists/exists_many GET /zato/sso/session/attr/exists self.sso.user.session.attr.exists*
names GET /zato/sso/session/attr/names self.sso.user.session.attr.names