Hi Pantelis,

I am pasting here Andreas' reply on a similar question :

------
Nina Jeliazkova wrote on 06/07/2010 07:24 PM:
Andreas,

Is it possible to retrieve a list of groups, supported by OpenSSO ?

If a client wants to upload a dataset and restrict the access to
particular group how will he know which groups are available ?

Regards,
Nina

The groups must be set in Plone (by Micha), since OpenSSO uses live
access to the Plone LDAP backend for all identity information. They are
immediately accessible in OpenSSO and can be searched for, provided your
token has administrative permissions (here I used the OpenSSO admin
account to receive a token):

Display all groups:

am at z21:~/aa$ curl -i -d "attributes_names=objecttype" -d
"attributes_values_objecttype=group" -d
"admin=AQIC5wM2LY4Sfcx8QFIIIagJH2prVX8o5YXh7EtJa024ps8=@AAJTSQACMDE=#"
http://opensso.in-silico.ch/opensso/identity/search
HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Tue, 08 Jun 2010 07:50:30 GMT
Content-Type: text/plain;charset=UTF-8
Connection: keep-alive
Content-Length: 34

string=development
string=partner


Please see http://docs.sun.com/app/docs/doc/820-3748/gjduj?l=en&a=view.
I will look around for how to provide normal users read access to groups.

Greetings
Andreas

Hi Nina,

you should now be able to search for groups also as ordinary user (as
described in my previous mail). I will now investigate how to search
members of groups.

Greetings
Andreas

Ok, in addition to the search for groups below, you can find out the
groups a specific user belongs to:

am at z21:~/aa$ curl -i -d "name=amaunz" -d attributes_names="group" -d
"admin=AQIC5wM2LY4SfcwSwYFi4MY2Z%2Ff52VpgCovcl%2FItde2OC0I%3D%40AAJTSQACMDE%3D%23"
http://opensso.in-silico.ch/opensso/identity/read
HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Tue, 08 Jun 2010 10:43:34 GMT
Content-Type: text/plain;charset=UTF-8
Connection: keep-alive
Content-Length: 230

identitydetails.name=amaunz
identitydetails.type=user
identitydetails.realm=dc=opensso,dc=java,dc=net
identitydetails.group=development
identitydetails.group=partner
identitydetails.attribute=
identitydetails.attribute.name=group

Thus, in contrast to the former, this call uses the "read" service, not
the "search" service. "read" is used to display (a subset of) the
attributes of a specific entry, while "search" searches for entries only.

I will put it in the documentation.

Andreas
-----

chung wrote:
> Hello Andreas, All,
>  Some questions about openSSO and subject groups:
>
> * Is there a way to create a new group of users in openSSO using the
> API? 
>
> * Are there any other groups now apart from partners and development?
>
> * What is the difference between these groups?
>
> Best regards,
> Pantelis
>
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development
>