1. REST API for Oracle Web Services ManagerREST API for Oracle Web Services Manager
  2. Use Cases
  3. Manage the Trusted Token Issuer
  4. Configure the Trusted Keys

Configure the Trusted Keys

You can view and manage the trusted keys for a token issuer using the Token Issuer REST API.

The cURL command examples use the URL structure: 
http(s)://host:port/wsm-pmrest/v2/trust/issuer/{issuername}/{tokentype}/trustedkey

The following use case shows you how to:

  • Add the trusted keys

  • Modify the trusted keys

  • View the trusted keys

  • Delete a trusted keys

To manage the trusted key using the Token Issuer Trust REST API:

  1. Specify the headers on the cURL command line: 
    -H Accept:application/json
  2. Add the trusted key for the issuer www.example.com (token type jwt) and specify the metadata URL, refresh interval, and trust by running the following command: 
    curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey

    Example

    curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey

    See Create the TrustedKey.

    The following shows an example of the request body.

    {
  "mdurl": "http://www.google.com",
  "refreshinterval": "10",
  "trust": "jwk.jwt"
}

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20071",
  "MESSAGE": "TrustedKey is successfully created."
}

    Note:

    To add the trusted key identifiers, see Manage the Trusted key Identifiers
  3. Add the trusted key with trusted key identifiers for the issuer www.oracle.com by running the following command: 
    curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey

    Example

    curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.oracle.com/saml.hok/trustedkey

    See Create the TrustedKey.

    The following shows an example of the request body.

    {
  "keyidentifiers": [
    {
      "keytype": "x509certificate",
      "valuetype": "dn",
      "value": "cn=admin",
      "enabled": "true"
    }
  ]
}

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20071",
  "MESSAGE": "TrustedKey is successfully created."
}
  4. Change the refresh interval to 20 for the issuerwww.example.com by running the following command: 
    curl -i -X PATCH -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey

    Example

    curl -i -X PATCH -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey

    For more information, see Update the TrustedKey.

    The following shows an example of the request body.

    {
  "refreshinterval": "20"
}

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20072",
  "MESSAGE": "TrustedKey is successfully updated."
}
  5. View the trusted key details for the issuer www.oracle.com with token type saml.hok in the repository by running the following command: 
    curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey

    Example

    curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.oracle.com/saml.hok/trustedkey

    See Get the TrustedKey.

    The following shows an example of the response body:

    {
  "keyidentifiers": [
    {
      "keytype": "x509certificate",
      "valuetype": "dn",
      "value": "cn=admin",
      "enabled": "true"
    }
  ]
}
  6. Optionally, delete the trusted key for the issuer www.oracle.com from the repository by running the following command: 
    curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey

    Example

    curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.oracle.com/saml.hok/trustedkey

    See Delete the TrustedKey.

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20074",
  "MESSAGE": "TrustedKey is successfully deleted."
}