Creates a token attribute rule for a trusted distinguished name (DN). This operation can be performed by the REST service or client. Only token attribute mapping is supported on the client side.
| Media Types: | application/json | 
The request body contains the details of the add request:
| Attribute | Description | 
|---|---|
| "attributes" | Groups the constraints filter and mapping attributes for trusted users. Note: This attribute is not required on the client side. | 
| "-dn" | On the service side, set this value to a trusted DN for which you are configuring an attribute rule. Use a string that conforms to RFC 2253, as described at the following URL: http://www.ietf.org/rfc/rfc2253.txtOn the client side, set this value to a URL of the domain hosting the targeted services using the following format:  | 
| "filter" | Defines the constraint values for trusted users and attributes. Note: This attribute is not applicable on the client side. | 
| "mapping" | Defines the mapping attributes for trusted users. | 
| "-name" | Name of the attribute rule. Note: This attribute is not applicable on the client side. | 
| "name-id" | Defines the users that are accepted for the trusted DN. | 
| "token-attribute-rule" | Groups information about a single token attribute rule. | 
| "tokn-attribute-rules" | Groups information about all token attribute rules. | 
| "user-attribute" | Defines the user attribute that the trusted DN can assert. Note: This attribute is not applicable on the client side. | 
| "user-mapping-attribute" | Defines the user mapping attribute that the trusted DN can assert. | 
| "value" | Defines values for the constraint filter attribute. This value can be a full name or name pattern with a wildcard character (*), such as "yourTrusted*". Multiple values must be separated by a comma.Note: This attribute is not applicable on the client side. | 
| Media Types: | application/json | 
The response body returns the status of the import operation, including:
| Attribute | Description | 
|---|---|
| "ERROR_CODE" | If "STATUS"is set to"Failed", provides the error code. | 
| "ERROR_MSG" | If "STATUS"is set to"Failed", provides the contents of the error message. | 
| "STATUS" | Status of operation. For example, "Succeeded"or"Failed". | 
The following example shows how to create a token attribute rule for a trusted DN by submitting a POST request on the REST resource using cURL. For more information, see "cURL Access".
curl -i -X POST -u username:password --data @createrule.json http://myhost:7001/idaas/webservice/admin/v1/trust/token
Example of Request Body - Service Side
The following shows an example of the request body in JSON format for creating a token attribute rule for a trusted DN on the service side.
{
    "token-attribute-rules":
    {
        "token-attribute-rule": 
        [
            {
                "-dn": "cn=orcladmin,o=oracle",
                "name-id":{
                    "filter": 
                    {
                        "value":[ "filter1" ]
                    },
                    "mapping":
                    {
                        "user-attribute": "val3",
                        "user-mapping-attribute":"val4"
                    }
                },
                "attributes":
                [
                    {
                        "-name": "tenant1",
                        "attribute":
                        {
                            "filter":
                            {
                                "value": [
                                    "filter1",
                                    "filter2"
                                ]
                            },
                            "mapping":{
                                "user-attribute": "val1",
                                "user-mapping-attribute":"val2"
                            }
                        }
                    }
                ]
            }
        ]
    }
}
Example of Request Body - Client Side
The following shows an example of the request body in JSON format for creating a token attribute rule on the client side.
{
    "token-attribute-rules":
    {
        "token-attribute-rule": 
        [
            {
                "-dn": "https://messaging.us2.com/",
                "name-id":{
                    "mapping":
                    {
                        "user-mapping-attribute":"mail"
                    }
                },
            }
        ]
        "token-attribute-rule": 
        [
            {
                "-dn": "https://messaging.us2.com/mysvcInstance1-acme/",
                "name-id":{
                    "mapping":
                    {
                        "user-mapping-attribute":"uid"
                    }
                },
            }
        ]
    }
}
The following shows an example of the response header.
HTTP/1.1 200 OK
The following shows an example of the response body in JSON format.
{
    "STATUS": "Succeeded"
}