No description, website, or topics provided.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Release 1.4.1 Nov 17, 2018
.java-version Update .java-version May 25, 2017 First version, 1.0.0 May 25, 2017
LICENSE First version, 1.0.0 May 25, 2017 Release 1.4.1 Nov 17, 2018
pom.xml Release 1.4.1 Nov 17, 2018

OneLogin's Java SDK

This SDK will let you execute all the API methods, version/1, described at




The toolkit is hosted on github. You can download it from:


The toolkit is hosted at Sonatype OSSRH (OSS Repository Hosting) that is synced to the Central Repository.

Install it as a maven dependecy:



onelogin-java-sdk (com.onelogin:onelogin-java-sdk) has the following dependencies:


  • org.apache.oltu.oauth2.common
  • org.apache.oltu.oauth2.client
  • commons-code:commons
  • javax.servlet:servlet-api
  • org.apache.httpcomponents:httpclient
  • org.json:json
  • joda-time:joda-time


  • junit:junit


  • org.slf4j:slf4j-api
  • ch.qos.logback:logback-classic

also the Java Cryptography Extension (JCE) is required. If you don't have it, download the version of jce-6, jce-7 or jce-8, unzip it, and drop its content at ${java.home}/jre/lib/security/


  • org.apache.maven.plugins:maven-jar-plugin
  • org.apache.maven.plugins:maven-surefire-plugin
  • org.apache.maven.plugins:maven-enforcer-plugin

For more info, open and read the pom.xml file.

Working with the github repository code and Eclipse.

Get the sdk.

The sdk is hosted on github. You can download it from:

Adding onelogin-java-sdk components as a project

  1. Open Eclipse and set a workspace
  2. File > Import > Maven : Existing Maven Projects > Select the path where the sdk was downloaded, resolve the Workspace project and select the pom.xml

Getting started


Javadocs of this SDK are published at:


SDK settings are stored in a file named that can be found at src/resources folder.

The SDK has 3 settings parameters:

  • onelogin.sdk.client_id Onelogin OAuth2 client ID
  • onelogin.sdk.client_secret Onelogin OAuth2 client secret
  • onelogin.sdk.region Indicates where the instance is hosted. Possible values: 'us' or 'eu'.
  • onelogin.sdk.ip Set an ip address value that can later be retrieved with the getIP method and used on the getSAMLAssertion method to bypass MFA protection if that IP was whitelisted on the user's policy.

Read more about Onelogin API credentials at:

Errors and exceptions

Onelogin's API can return 400, 401, 403 or 404 when there was any issue executing the action. When that happens, the methods of the SDK will raise an OAuthProblemException.

If you want to avoid this kind of exceptions to be raised, you can initialize the Client with the parameter throwOAuthProblemException = false.

In some scenarios there is an attribute not provided or invalid that causes the error on the execution of the API call, when that happens is available a client.getErrorAttribute() method that contains the name of the attribute that caused the issue. See the API documentation to verify when this data is provided by the API.

How it works

Following there is Java code that executes calls on all the available methods on the SDK.

It assumes that there are 2 users on the OL instance: '' and other with MFA enabled '' and some roles, custom attributes and groups defined.

package com.onelogin.sdk;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathExpressionException;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.xml.sax.SAXException;

import com.onelogin.sdk.conn.Client;
import com.onelogin.sdk.exception.Error;

import com.onelogin.sdk.model.App;
import com.onelogin.sdk.model.Event;
import com.onelogin.sdk.model.EventType;
import com.onelogin.sdk.model.Group;
import com.onelogin.sdk.model.MFA;
import com.onelogin.sdk.model.RateLimit;
import com.onelogin.sdk.model.Role;
import com.onelogin.sdk.model.SAMLEndpointResponse;
import com.onelogin.sdk.model.SessionTokenInfo;
import com.onelogin.sdk.model.SessionTokenMFAInfo;
import com.onelogin.sdk.model.User;

public class AppTest
    public static void main( String[] args ) throws IOException, Error, OAuthSystemException, OAuthProblemException, URISyntaxException, XPathExpressionException, ParserConfigurationException, SAXException, NoSuchFieldException
        Client client = new Client();

        /* Get an AccessToken */

        /* Refresh an AccessToken */

        /* Revoke an AccessToken */

        // By default methods call internally to getAccessToken()
        // if there is not valid access_token

        /* Get rate limits */
        RateLimit ratelimit = client.getRateLimit();

        /* Get Custom Attributes */
        List<String> globalCustomAttributes = client.getCustomAttributes();

        /* Get Users with no query parameters */
        List<User> users = client.getUsers();

        /* Get Users with query parameters */
        HashMap<String,String> userQueryParameters = new HashMap<String,String>();
        userQueryParameters.put("email", "");
        List<User> usersFiltered = client.getUsers(userQueryParameters);

        HashMap<String,String> userQueryParameters2 = new HashMap<String,String>();
        userQueryParameters2.put("email", "");
        List<User> usersFiltered2 = client.getUsers(userQueryParameters2);

        /* Get User By ID */
        User user = client.getUser(usersFiltered.get(0).id);
        User userMFA = client.getUser(usersFiltered2.get(0).id);

        /* Update User with specific id */
        Map<String, Object> updateUserParams = user.getUserParams();
        updateUserParams.put("firstname", "modified_firstname");
        user = client.updateUser(, updateUserParams);

        /* Get Global Roles */
        List<Role> roleIds = client.getRoles();

        /* Get Role */
        Role role = client.getRole(roleIds.get(0));
        Role role2 = client.getRole(roleIds.get(1));

        /* Assign & Remove Roles On Users */
        List<Long> newRoleIds = new ArrayList<Long>();
        client.assignRoleToUser(, newRoleIds);
        user = client.getUser(;
        client.removeRoleFromUser(, newRoleIds);
        user = client.getUser(;

        /* Sets Password by ID Using Cleartext */
        String password = "Aa765431-XxX";
        client.setPasswordUsingClearText(, password, password);

        /* Sets Password by ID Using Salt and SHA-256 */
        password = "Aa765432-YyY";
        String salt = "11xxxx1";
        String hashedSaltedPassword = DigestUtils.sha256Hex(salt+password);
        client.setPasswordUsingHashSalt(, hashedSaltedPassword, hashedSaltedPassword, "salt+sha256", salt);

        /* Set Custom Attribute Value to User */
        Map<String, Object> customAttributes = new HashMap<String,Object>();
        customAttributes.put("customattr1", "xxxx");
        customAttributes.put("customattr2", "yyyy");
        client.setCustomAttributeToUser(, customAttributes);

        /* Log Out User */

        /* Lock User */
        client.lockUser(, 1);  // Lock the user 1 min

        /* Get User apps */
        List<App> userApps = client.getUserApps(;

        /* Get User Roles */
        List<Integer> userRolesIds = client.getUserRoles(;

        /* Create user */
        Map<String, Object> newUserParams = new HashMap<String, Object>();
        newUserParams.put("email", "");
        newUserParams.put("firstname", "testcreate_1_fn");
        newUserParams.put("lastname", "testcreate_1_ln");
        newUserParams.put("username", "");
        User createdUser = client.createUser(newUserParams);

        /* Delete user */
        Boolean removed = client.deleteUser(;

        /* Get EventTypes */
        List<EventType> eventTypes = client.getEventTypes();

        /* Get Events */
        List<Event> events = client.getEvents();

        /* Get 30 Events */
        List<Event> events2 = client.getEvents(30);

        /* Get Event */
        Event event = client.getEvent(events.get(0).id);

        /* Create Event */
        int eventTypeId = 000;
        Long accountId = 00000L;
        String actorSystem = 00;

        Map<String, Object> eventParams = new HashMap<String, Object>();
        eventParams.put("event_type_id", eventTypeId);
        eventParams.put("account_id", accountId);
        eventParams.put("actor_system", actorSystem);
        eventParams.put("user_name", user.username);
        eventParams.put("custom_message", "test creating event");

        /* Get Filtered Events */
        HashMap<String, String> eventQueryParameters = new HashMap<String, String>();
        eventQueryParameters.put("event_type_id", Long.toString(eventTypeId));
        eventQueryParameters.put("user_id", Long.toString(;
        List<Event> filteredEvents = client.getEvents(eventQueryParameters);

        /* Get Groups */
        List<Group> groups = client.getGroups();

        /* Get Group */
        Group group = client.getGroup(groups.get(0).id);

        String appId = "000000";

        /* Get SAMLResponse directly */
        SAMLEndpointResponse samlEndpointResponse = client.getSAMLAssertion("", "Aa765431-XxX", appId, "example-onelogin-subdomain");

        /* Get SAMLResponse after MFA */
        SAMLEndpointResponse samlEndpointResponse2 = client.getSAMLAssertion("", "Aa765432-YyY", appId, "example-onelogin-subdomain");
        MFA mfa = samlEndpointResponse2.getMFA();
        String otpCode2 = "000000";
        SAMLEndpointResponse samlEndpointResponseAfterVerify = client.getSAMLAssertionVerifying(appId, String.valueOf(mfa.getDevices().get(0).getID()), mfa.getStateToken(), otpCode2, null);

        /* Create Session Login Token */
        Map<String, Object> sessionLoginTokenParams = new HashMap<String, Object>();
        sessionLoginTokenParams.put("username_or_email", "");
        sessionLoginTokenParams.put("password", "Aa765431-XxX");
        sessionLoginTokenParams.put("subdomain", "example-onelogin-subdomain");
        SessionTokenInfo sessionTokenData = (SessionTokenInfo) client.createSessionLoginToken(sessionLoginTokenParams);

        /* Create Session Login Token MFA , after verify */
        Map<String, Object> sessionLoginTokenMFAParams = new HashMap<String, Object>();
        sessionLoginTokenMFAParams.put("username_or_email", "");
        sessionLoginTokenMFAParams.put("password", "Aa765432-YyY");
        sessionLoginTokenMFAParams.put("subdomain", "example-onelogin-subdomain");
        SessionTokenMFAInfo sessionTokenMFAData = (SessionTokenMFAInfo) client.createSessionLoginToken(sessionLoginTokenMFAParams);
        String otpCode = "645645";
        SessionTokenInfo sessionTokenData2 = client.getSessionTokenVerified(Long.toString(sessionTokenMFAData.devices.get(0).getID()), sessionTokenMFAData.stateToken, otpCode);

        long userId = 00000000;

        # Get Available Authentication Factors
        List<AuthFactor> authFactors = client.getFactors(userId);

        # Enroll an Authentication Factor
        AuthFactor enrollFactor = client.enrollFactor(userId, authFactors.get(0).id, 'My Device', '+14156456830');

        # Get Enrolled Authentication Factors
        List<OTPDevice> otpDevices = client.getEnrolledFactors(userId);

        long deviceId = 0000000;

        # Activate an Authentication Factor
        FactorEnrollmentResponse enrollmentResponse = client.activateFactor(userId, deviceId);

        String otpToken= "XXXXXXXXXX";

        # Verify an Authentication Factor
        Boolean verified = client.verifyFactor(userId, deviceId, otpToken);

        # Remove an Authentication Factor
        Boolean removed = client.removeFactor(userId, deviceId);

        /* Generate Invite Link */
        String urlLink = client.generateInviteLink("");

        /* Send Invite Link */
        Boolean sent  = client.sendInviteLink("");

        /* Get Apps to Embed for a User */
        String embedToken = "30e256c101cd0d2e731de1ec222e93c4be8a1578"
        List<App> apps = client.getEmbedApps(embedToken, "");