1. REST API for Oracle Web Services ManagerREST API for Oracle Web Services Manager
  2. Use Cases
  3. Manage the Trusted Token Issuer
  4. Configure the Trusted Keys
  5. Configure the Trusted key Identifiers

Configure the Trusted key Identifiers

You can view and manage the trusted key identifiers for the trusted keys using the Token Issuer REST API.

The cURL command examples use the URL structure: 
http(s)://host:port/wsm-pmrest/v2/trust/issuer/{issuername}/{tokentype}/trustedkey/keyidentifier

The following use case shows you how to:

  • Add the trusted key identifiers

  • Modify the trusted key identifiers

  • View the trusted key identifiers

  • Delete the trusted key identifiers

To manage the trusted key identifiers for trusted key:

  1. Specify the headers on the cURL command line: 
    -H Accept:application/json
  2. Add the trusted key identifiers to the trusted key for the issuer www.example.com and jwt as the token type and specify the metadata URL and refresh interval by running the following command: 
    curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey/keyidentifier

    Example

    curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey/keyidentifier

    See Add KeyIdentifier(s).

    The following shows an example of the request body with a single key identifier.

    [
  {
    "keytype": "x509certificate",
    "valuetype": "dn",
    "value": "cn=john",
    "enabled": "false"
  }
]

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20081",
  "MESSAGE": "KeyIdentifier \"[keytype:x509certificate, valuetype:x509certificate, value:cn=john]\" is successfully created."
}
  3. Enable the trusted key identifiers for the issuer www.example.com by running the following command: 
    curl -i -X PATCH -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey/keyidentifier

    Example

    curl -i -X PATCH -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey/keyidentifier

    See Update KeyIdentifier(s).

    The following shows an example of the request body with a single key identifier.

    [
  {
    "keytype": "x509certificate",
    "valuetype": "dn",
    "value": "cn=john",
    "enabled": "true"
  }
]

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20082",
  "MESSAGE": "KeyIdentifier \"[keytype:x509certificate, valuetype:x509certificate, value:cn=john]\" is successfully updated."
}
  4. View the details of all the trusted key identifiers for the issuer www.example.com and token type jwt by running the following command: 
    curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey/keyidentifier

    Example

    curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey/keyidentifier

    See Get KeyIdentifier(s).

    The following shows an example of the response body:

    [
  {
    "keytype": "x509certificate",
    "valuetype": "dn",
    "value": "cn=john",
    "enabled": "true"
  }
]
  5. View the details of a specific trusted key identifier for the issuer www.example.com by specifying the keytype, value, and valuetype query parameters: 
    curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey/keyidentifier?keytype={PredefinedKeyType}&valuetype={PredefinedValueType}&value={KeyValue}

    Example

    curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey/keyidentifier?keytype=x509certificate&valuetype=dn&value=cn=john

    The following shows an example of the response body:

    [
  {
    "keytype": "x509certificate",
    "valuetype": "dn",
    "value": "cn=john",
    "enabled": "true"
  }
]
  6. Optionally, delete all the trusted key identifiers for the issuer www.example.com by running the following command: 
    curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey/keyidentifier

    Example

    curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey/keyidentifier

    See Delete KeyIdentifier(s).

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20084",
  "MESSAGE": "KeyIdentifier(s) are successfully deleted."
}