Registering OPSS Clients

2 Registering OPSS Clients

Oracle Platform Security Services (OPSS) uses the Registration service to provision an authorization policy for a client. The Security service uses these policies to make authorization decisions. REST clients are required to register themselves to access security services.

Section	Method	Resource Path
POST Registration Method	`POST`	/opss/v2/
GET Registration Method	`GET`	/opss/v2/
PUT Registration Method	`PUT`	/opss/v2/
DELETE Registration Method	`DELETE`	/opss/v2/

POST Registration Method

Use the POST method to register a new client. An application role with a unique name inside the OPSS rest application stripe is created. Users and groups that are passed as input of the POST method are made members of the application role. Grants to the specified resources are automatically provisioned in the OPSS REST application stripe.

Note:

The same clientName attribute value is required to identify the client when making changes to registration data.

REST Request

POST /opss/v2/opssRestClient/

Request Body

Media types for the request or response body.

Media Types: application/json

The request body contains the details of the register request:

Table 2-1 Registration Attributes

Attribute	Description	Required
`“clientName“`	Unique name that identifies the client.	Yes
`“policystoreStripe“`	Policy store stripe to which the client is assigned.	No
`“keystore“`	List of keystores used for the client.	No
`“credentialMap“`	Name of the credential map that is used to store credential keys.	No
`“auditComponent“`	Unique name to identify the audit rules for a client.	No
`“trustIssueIDD“`	List of identity domains that can issue trust tokens	No
`“trustValidateIDD“`	List identity domains that can validate trust tokens	No
`“adminGroup“`	Group with the administrator role.	No
`“operatorGroup“`	Group with the operator role.	No
`“viewerGroup“`	Group with the viewer role.	No

All attributes other than clientName can be specified multiple times. A user should specify at least one of either: policystoreStripe, keystore, credentialMap, auditComponent, trustIssueIDD, or trustValidateIDD for the service scopes. In addition, a user should specify at least one of either: adminGroup, operatorGroup, or viewerGroup so that some group has privileges.

For service scope attributes, a wild card (*) can be specified to grant all scopes to the client. The wildcard should be used carefully.

Response Body

The output of a POST request is a Resource ID.

cURL Example

The following example shows how to register a client by submitting a POST request on the REST resource using cURL

curl -i -X POST -u username:password --data @register.json 
   -H Content-Type:application/json https://myhost:7001/opss/v2/opssRestClient

Example of Request Body

The following shows an example of the request body in JSON format.

{
    "clientName": "myClientName",
    "policystoreStripe": "CRM",
    "keystore": ["appA", "appB/store1"],
    "credentialMap": "mapA",
    "auditComponent": "myComponent",
    "trustIssueIDD" : ["cisco", "intel"],
    "trustValidateIDD" : ["cisco", "intel"],
    "adminGroup":"myGroup1",
    "operatorGroup":"myGroup2",
    "viewerGroup":"myGroup3"
}

GET Registration Method

Use the GET method to view the client attributes for a registered client.

REST Request

GET /opss/v2/opssRestClient/clientName

Response Body

Media types for the request or response body.

Media Types: application/json

The response body contains the client registration attributes. For details about the registration attributes, see Table 2-1.

cURL Example

The following example shows how to view the registered client by submitting a GET request on the REST resource using cURL

curl -i -X GET -u username:password https://myhost:7001/opss/v2/opssRestClient/
   myClientName

Example of Response Header

The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.

HTTP/1.1 200 OK

Example of Response Body

The following example shows the response body in JSON format.

{
    "clientName": "myClientName",
    "policystoreStripe": "CRM",
    "keystore": ["appA", "appB/store1"],
    "credentialMap": "mapA",
    "auditComponent": "myComponent",
    "trustIssueIDD" : ["cisco", "intel"],
    "trustValidateIDD" : ["cisco", "intel"],
    "adminGroup":"myGroup1",
    "operatorGroup":"myGroup2",
    "viewerGroup":"myGroup3"
}

PUT Registration Method

Use the PUT method to update the attributes of a registered client.

REST Request

PUT /opss/v2/opssRestClient/clientName

Request Body

Media types for the request or response body.

Media Types: application/json

The request body contains the client registration attributes. For details about the registration attributes, see Table 2-1.

cURL Example

The following example shows how to update client attributes by submitting a PUT request on the REST resource using cURL.

curl -i -X POST -u username:password --data @register.json 
   -H Content-Type:application/json https://myhost:7001/opss/v2/opssRestClient/
   myClientName

Example of Request Body

The following example shows the request body in JSON format.

{
    "clientName": "myClientName",
    "policystoreStripe": "CRM",
    "keystore": ["appA", "appB/store1"],
    "credentialMap": "mapA",
    "auditComponent": "myComponent",
    "trustIssueIDD" : ["cisco", "intel"],
    "trustValidateIDD" : ["cisco", "intel"],
    "adminGroup":"myGroup1",
    "operatorGroup":"myGroup2",
    "viewerGroup":"myGroup3"
}

DELETE Registration Method

Use the DELETE method to remove a registered client.

REST Request

DELETE /opss/v2/opssRestClient/clientName

cURL Example

The following example shows how to delete a delete a registered client by submitting a DELETE request on the REST resource using cURL.

curl -i -X DELETE -u username:password https://myhost:7001/opss/v2/opssRestClient/
   myClientName