How can I create a user in OpenAM/OpenSSO with create realm privilege (Other than amAdmin)? We need this feature to be make our b2b users able to create sub-organizations in turn.
Some of the delegation API is available via the ClientSDK, however if memory serves older versions of the ClientSDK required additional server side libraries to be on the classpath to actually allow those APIs to work.
The essence of creating delegated admins via ClientSDK would be something like:
The Java code for the last part would be:
DelegationManager delegationManager = new DelegationManager(adminToken, realmName);
Set<String> groups = Collections.singleton(group.getUniversalId());
DelegationPrivilege realmAdminPrivilege = new DelegationPrivilege("RealmAdmin", groups, realmName);
delegationManager.addPrivilege(realmAdminPrivilege);
When using the REST APIs, I would suggest to interact with the policies instead (delegation privileges are in fact just "special" policies stored under a hidden realm under the sunAMDelegationService policy set).