8.7 Validating Access Using HTTPS

Use the following steps to validate you can access Oracle Unified Directory (OUD) via HTTPS:

Note:

The examples assume sample data was installed when creating the OUD instance.

HTTPS/REST API against External LBR Host:Port

Note:

In all the examples below:
  • You need to have an external IP assigned at ingress level.
  • "| json_pp" is used to format output in readable json format on the client side. It can be ignored if you do not have the json_pp library.
  • BASE64 of userDN:userPassword can be generated using:
    echo -n "userDN:userPassword" | base64
  • Example 1: Invoking the Data REST API:
    curl --noproxy "*" -k  --location \
    --request GET 'https://<External LBR Host>/rest/v1/directory/uid=user.1,ou=People,dc=example,dc=com?scope=sub&attributes=*' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp
    The output will look similar to the following:
    {
       "msgType" : "urn:ietf:params:rest:schemas:oracle:oud:1.0:SearchResponse",
       "totalResults" : 1,
       "searchResultEntries" : [
          {
             "dn" : "uid=user.1,ou=People,dc=example,dc=com",
             "attributes" : {
                "st" : "OH",
                "employeeNumber" : "1",
                "postalCode" : "93694",
                "description" : "This is the description for Aaren Atp.",
                "telephoneNumber" : "+1 390 103 6917",
                "homePhone" : "+1 280 375 4325",
                "initials" : "ALA",
                "objectClass" : [
                   "top",
                   "inetorgperson",
                   "organizationalperson",
                   "person"
                ],
                "uid" : "user.1",
                "sn" : "Atp",
                "street" : "70110 Fourth Street",
                "mobile" : "+1 680 734 6300",
                "givenName" : "Aaren",
                "mail" : "user.1@maildomain.net",
                "l" : "New Haven",
                "postalAddress" : "Aaren Atp$70110 Fourth Street$New Haven, OH  93694",
                "pager" : "+1 850 883 8888",
                "cn" : "Aaren Atp"
             }
          }
        ]
    }
  • Example 2 - Invoking the Data REST API against a specific Oracle Unified Directory interface:
    curl --noproxy "*" -k  --location \
    --request GET 'https://oud-ds-rs-http-0/rest/v1/directory/uid=user.1,ou=People,dc=example,dc=com?scope=sub&attributes=*' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp
    • In the above example it is assumed that the value ‘oud-ds-rs’ is used as the deployment/release name for helm chart installation. It is assumed that ‘oud-ds-rs-http-0’ points to an External LoadBalancer

HTTPS/REST API Against Kubernetes NodePort for Ingress Controller Service

Note:

In all the examples below:
  • "| json_pp" is used to format output in readable json format on the client side. It can be ignored if you do not have the json_pp library.
  • BASE64 of userDN:userPassword can be generated using:
    echo -n "userDN:userPassword" | base64
  • It is assumed that the value ‘oud-ds-rs’ is used as the deployment/release name for helm chart installation
  • Example 1: Invoking Data SCIM API against a specific Kubernetes node:
    curl --noproxy "*" -k --location \
    --request GET 'https://<Kubernetes Node>:30443/iam/directory/oud/scim/v1/Users' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp
    The output will look similar to the following:
    {
       "Resources" : [
          {
             "id" : "ad55a34a-763f-358f-93f9-da86f9ecd9e4",
             "userName" : [
                {
                   "value" : "user.0"
                }
             ],
             "schemas" : [
                "urn:ietf:params:scim:schemas:core:2.0:User",
                "urn:ietf:params:scim:schemas:extension:oracle:2.0:OUD:User",
                "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
             ],
             "meta" : {
                "location" : "http://<Kubernetes Node>:30443/iam/directory/oud/scim/v1/Users/ad55a34a-763f-358f-93f9-da86f9ecd9e4",
                "resourceType" : "User"
             },
             "addresses" : [
                {
                   "postalCode" : "50369",
                   "formatted" : "Aaccf Amar$01251 Chestnut Street$Panama City, DE  50369",
                   "streetAddress" : "01251 Chestnut Street",
                   "locality" : "Panama City",
                   "region" : "DE"
                }
             ],
             "urn:ietf:params:scim:schemas:extension:oracle:2.0:OUD:User" : {
                "description" : [
                   {
                      "value" : "This is the description for Aaccf Amar."
                   }
                ],
                "mobile" : [
                   {
                      "value" : "+1 010 154 3228"
                   }
                ],
                "pager" : [
                   {
                      "value" : "+1 779 041 6341"
                   }
                ],
                "objectClass" : [
                   {
                      "value" : "top"
                   },
                   {
                      "value" : "organizationalperson"
                   },
                   {
                      "value" : "person"
                   },
                   {
                      "value" : "inetorgperson"
                   }
                ],
                "initials" : [
                   {
                      "value" : "ASA"
                   }
                ],
                "homePhone" : [
                   {
                      "value" : "+1 225 216 5900"
                   }
                ]
             },
             "name" : [
                {
                   "givenName" : "Aaccf",
                   "familyName" : "Amar",
                   "formatted" : "Aaccf Amar"
                }
             ],
             "emails" : [
                {
                   "value" : "user.0@maildomain.net"
                }
             ],
             "phoneNumbers" : [
                {
                   "value" : "+1 685 622 6202"
                }
             ],
             "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : {
                "employeeNumber" : [
                   {
                      "value" : "0"
                   }
                ]
             }
          }
          ,
     .
     .
     .
     }
  • Example 2 - Invoking the Data SCIM API against a specific Oracle Unified Directory Interface:
    curl --noproxy "*" -k --location \
    --request GET 'https://oud-ds-rs-http-0:30443/iam/directory/oud/scim/v1/Users' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp

HTTPS/REST Admin API

Note:

In all the examples below:
  • "| json_pp" is used to format output in readable json format on the client side. It can be ignored if you do not have the json_pp library.
  • BASE64 of userDN:userPassword can be generated using:
    echo -n "userDN:userPassword" | base64
  • Example 1: Invoking the Admin REST API against External LBR:
    curl --noproxy "*" -k --insecure --location \
    --request GET 'https://<External LBR Host>/rest/v1/admin/?scope=base&attributes=vendorName&attributes=vendorVersion&attributes=ds-private-naming-contexts&attributes=subschemaSubentry' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp
    The output will look similar to the following:
    {
       "totalResults" : 1,
       "searchResultEntries" : [
          {
             "dn" : "",
             "attributes" : {
                "vendorVersion" : "Oracle Unified Directory 12.2.1.4.0",
                "ds-private-naming-contexts" : [
                   "cn=admin data",
                   "cn=ads-truststore",
                   "cn=backups",
                   "cn=config",
                   "cn=monitor",
                   "cn=schema",
                   "cn=tasks",
                   "cn=virtual acis",
                   "dc=replicationchanges"
                ],
                "subschemaSubentry" : "cn=schema",
                "vendorName" : "Oracle Corporation"
             }
          }
       ],
       "msgType" : "urn:ietf:params:rest:schemas:oracle:oud:1.0:SearchResponse"
    }
  • Example 2 - Invoking the Admin REST API against specific Oracle Unified Directory Admin Interface:
     curl --noproxy "*" -k --insecure --location \
    --request GET 'https://oud-ds-rs-admin-0/rest/v1/admin/?scope=base&attributes=vendorName&attributes=vendorVersion&attributes=ds-private-naming-contexts&attributes=subschemaSubentry' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp
  • Example 3 - Invoking the Admin REST API against Kubernetes NodePort for Ingress Controller Service:
    curl --noproxy "*" -k --insecure --location \
    --request GET 'https://oud-ds-rs-admin-0:30443/rest/v1/admin/?scope=base&attributes=vendorName&attributes=vendorVersion&attributes=ds-private-naming-contexts&attributes=subschemaSubentry' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp