8.7 Validating Access Using HTTPS
Use the following steps to validate you can access Oracle Unified Directory (OUD) via
HTTPS:
Note:
The examples assume sample data was installed when creating the OUD instance.HTTPS/REST API against External LBR Host:Port
Note:
In all the examples below:- You need to have an external IP assigned at ingress level.
- "
| json_pp" is used to format output in readable json format on the client side. It can be ignored if you do not have thejson_pplibrary. - BASE64 of
userDN:userPasswordcan be generated using:echo -n "userDN:userPassword" | base64
- Example 1: Invoking the Data REST
API:
The output will look similar to the following:curl --noproxy "*" -k --location \ --request GET 'https://<External LBR Host>/rest/v1/directory/uid=user.1,ou=People,dc=example,dc=com?scope=sub&attributes=*' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp{ "msgType" : "urn:ietf:params:rest:schemas:oracle:oud:1.0:SearchResponse", "totalResults" : 1, "searchResultEntries" : [ { "dn" : "uid=user.1,ou=People,dc=example,dc=com", "attributes" : { "st" : "OH", "employeeNumber" : "1", "postalCode" : "93694", "description" : "This is the description for Aaren Atp.", "telephoneNumber" : "+1 390 103 6917", "homePhone" : "+1 280 375 4325", "initials" : "ALA", "objectClass" : [ "top", "inetorgperson", "organizationalperson", "person" ], "uid" : "user.1", "sn" : "Atp", "street" : "70110 Fourth Street", "mobile" : "+1 680 734 6300", "givenName" : "Aaren", "mail" : "user.1@maildomain.net", "l" : "New Haven", "postalAddress" : "Aaren Atp$70110 Fourth Street$New Haven, OH 93694", "pager" : "+1 850 883 8888", "cn" : "Aaren Atp" } } ] } - Example 2 - Invoking the Data REST API against a specific Oracle Unified
Directory
interface:
curl --noproxy "*" -k --location \ --request GET 'https://oud-ds-rs-http-0/rest/v1/directory/uid=user.1,ou=People,dc=example,dc=com?scope=sub&attributes=*' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp- In the above example it is assumed that the value
‘
oud-ds-rs’ is used as the deployment/release name for helm chart installation. It is assumed that ‘oud-ds-rs-http-0’ points to an External LoadBalancer
- In the above example it is assumed that the value
‘
HTTPS/REST API Against Kubernetes NodePort for Ingress Controller Service
Note:
In all the examples below:- "
| json_pp" is used to format output in readable json format on the client side. It can be ignored if you do not have thejson_pplibrary. - BASE64 of
userDN:userPasswordcan be generated using:echo -n "userDN:userPassword" | base64 - It is assumed that the value ‘
oud-ds-rs’ is used as the deployment/release name for helm chart installation
- Example 1: Invoking Data SCIM API against a specific Kubernetes
node:
The output will look similar to the following:curl --noproxy "*" -k --location \ --request GET 'https://<Kubernetes Node>:30443/iam/directory/oud/scim/v1/Users' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp{ "Resources" : [ { "id" : "ad55a34a-763f-358f-93f9-da86f9ecd9e4", "userName" : [ { "value" : "user.0" } ], "schemas" : [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OUD:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "meta" : { "location" : "http://<Kubernetes Node>:30443/iam/directory/oud/scim/v1/Users/ad55a34a-763f-358f-93f9-da86f9ecd9e4", "resourceType" : "User" }, "addresses" : [ { "postalCode" : "50369", "formatted" : "Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369", "streetAddress" : "01251 Chestnut Street", "locality" : "Panama City", "region" : "DE" } ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OUD:User" : { "description" : [ { "value" : "This is the description for Aaccf Amar." } ], "mobile" : [ { "value" : "+1 010 154 3228" } ], "pager" : [ { "value" : "+1 779 041 6341" } ], "objectClass" : [ { "value" : "top" }, { "value" : "organizationalperson" }, { "value" : "person" }, { "value" : "inetorgperson" } ], "initials" : [ { "value" : "ASA" } ], "homePhone" : [ { "value" : "+1 225 216 5900" } ] }, "name" : [ { "givenName" : "Aaccf", "familyName" : "Amar", "formatted" : "Aaccf Amar" } ], "emails" : [ { "value" : "user.0@maildomain.net" } ], "phoneNumbers" : [ { "value" : "+1 685 622 6202" } ], "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : { "employeeNumber" : [ { "value" : "0" } ] } } , . . . } - Example 2 - Invoking the Data SCIM API against a specific Oracle Unified
Directory
Interface:
curl --noproxy "*" -k --location \ --request GET 'https://oud-ds-rs-http-0:30443/iam/directory/oud/scim/v1/Users' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp
HTTPS/REST Admin API
Note:
In all the examples below:- "
| json_pp" is used to format output in readable json format on the client side. It can be ignored if you do not have thejson_pplibrary. - BASE64 of
userDN:userPasswordcan be generated using:echo -n "userDN:userPassword" | base64
- Example 1: Invoking the Admin REST API against External
LBR:
The output will look similar to the following:curl --noproxy "*" -k --insecure --location \ --request GET 'https://<External LBR Host>/rest/v1/admin/?scope=base&attributes=vendorName&attributes=vendorVersion&attributes=ds-private-naming-contexts&attributes=subschemaSubentry' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp{ "totalResults" : 1, "searchResultEntries" : [ { "dn" : "", "attributes" : { "vendorVersion" : "Oracle Unified Directory 12.2.1.4.0", "ds-private-naming-contexts" : [ "cn=admin data", "cn=ads-truststore", "cn=backups", "cn=config", "cn=monitor", "cn=schema", "cn=tasks", "cn=virtual acis", "dc=replicationchanges" ], "subschemaSubentry" : "cn=schema", "vendorName" : "Oracle Corporation" } } ], "msgType" : "urn:ietf:params:rest:schemas:oracle:oud:1.0:SearchResponse" } - Example 2 - Invoking the Admin REST API against specific Oracle Unified Directory
Admin
Interface:
curl --noproxy "*" -k --insecure --location \ --request GET 'https://oud-ds-rs-admin-0/rest/v1/admin/?scope=base&attributes=vendorName&attributes=vendorVersion&attributes=ds-private-naming-contexts&attributes=subschemaSubentry' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp - Example 3 - Invoking the Admin REST API against Kubernetes NodePort for Ingress
Controller
Service:
curl --noproxy "*" -k --insecure --location \ --request GET 'https://oud-ds-rs-admin-0:30443/rest/v1/admin/?scope=base&attributes=vendorName&attributes=vendorVersion&attributes=ds-private-naming-contexts&attributes=subschemaSubentry' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic <Base64 of userDN:userPassword>' | json_pp