3.1.4.2 Put

The protocol client uses the Put operation to modify specific identity attributes of one existing configuration object.

The protocol client sends the message ModifyRequestMessage (section 2.2.2.12) to request the server to change the values of identity attributes on an existing configuration object. If the server accepts the request, then the server MUST send message ModifyResponseMessage (section 2.2.2.13) in response.

  
 s:Header/rm:ResourceReferenceProperty

The server MUST use the value in the request message SOAP header element rm: ResourceReferenceProperty (section 2.2.3.22) to identify which configuration object to modify. If the rm:ResourceReferenceProperty element is not present, then the server MUST respond with the InvalidRepresentation (section 2.2.2.21) SOAP fault.

If the server accepts the request, then the server MUST apply all changes to the configuration object.

If the client provides a malformed message ModifyRequestMessage that does not satisfy the definition in section 2.2.2.12, then the server MUST respond with an InvalidRepresentation (section 2.2.2.21) SOAP fault.

If the client does not have permission to change one or more of the identity attributes then the server MUST respond with a PermissionDeniedFault (section 2.2.2.11) SOAP fault.

If the client provides a new value that does not match the representation defined in [MS-UPSCDS], the server MUST respond with an InvalidRepresentation SOAP fault.

As a profile of [MS-WSTIM], this specification requires the WSDL operation Put (section 3.1.4.2) to distinguish modifying single-valued and multi-valued identity attributes. Single-valued and multi-valued are defined in [MS-UPSCDS] section 2. If the client requests to change a single-valued identity attribute with XML attribute da:operation of either values "add" or "delete", then the server MUST respond with an UnwillingToPerform (section 2.2.2.20) SOAP fault. If the client requests to change a single-valued identity attribute with XML attribute da:operation set to value "replace", and the server otherwise accepts the message, then the server MUST replace the existing value with the new value.

If the client requests to change a multi-valued identity attribute with XML attribute da:operation set to value "replace", then the server MUST respond with an UnwillingToPerform SOAP fault.

If the client requests to change a multi-valued identity attribute with XML attribute da:operation set to value "add", and the server otherwise accepts the message, then the server SHOULD<1> add the new value to the multi-valued identity attribute. There is no requirement that the order of added values be preserved. If the new value already exists as a value of the multi-valued identity attribute, then the server MUST respond with an UnwillingToPerform SOAP fault.

If the client requests to change a multi-valued identity attribute with XML attribute da:operation set to value "delete", and the server otherwise accepts the message, then the server SHOULD<2> remove the new value from the multi-valued identity attribute. If the new value does not exist in the multi-valued identity attribute, then the server MUST respond with an UnwillingToPerform SOAP fault.

If the client requests to change any of the following identity attributes:

  • ObjectID

  • ObjectType

  • Creator

  • CreatedTime

  • ResourceTime

  • DeletedTime

then the server MUST respond with an InvalidRepresentation SOAP fault.

 <wsdl:operation name="Put">
       <soap12:operation soapAction="http://schemas.xmlsoap.org/ws/2004/09/transfer/Put" style="document" />
       <wsdl:input message="da:ModifyRequestMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Put">
         <soap12:body use="literal" />
         <soap12:header message="da:ModifyRequestMessage" part="operationheader" use="literal"/>
       </wsdl:input>
       <wsdl:output message="da:ModifyResponseMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/PutResponse">
         <soap12:body use="literal" />
       </wsdl:output>
       <wsdl:fault name="InvalidRepresentation ">
         <soap12:fault use="literal" name="I" namespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" />
       </wsdl:fault>
       <wsdl:fault name="PermissionDeniedFault">
         <soap12:fault use="literal" name="PermissionDeniedFault" namespace="http://schemas.microsoft.com/2006/11/ResourceManagement" />
       </wsdl:fault>
       <wsdl:fault name="UnwillingToPerform ">
         <soap12:fault use="literal" name="UnwillingToPerform" namespace="http://schemas.microsoft.com/2006/11/IdentityManagement/DirectoryAccess" />
       </wsdl:fault>
     </wsdl:operation>