1. REST API for Oracle Web Services ManagerREST API for Oracle Web Services Manager
  2. Use Cases
  3. Manage the Trusted Token Issuer

Manage the Trusted Token Issuer

You can view and manage the trusted token issuer for a token issuer trust document using the Token Issuer REST API.

The cURL command examples use the URL structure:
http(s)://host:port/wsm-pmrest/v2/trust/issuer

The following use case shows you how to:

  • Create the trusted issuers

  • Modify the trusted issuers

  • View the trusted issuers

  • Delete a trusted issuer

To manage token issuer trust using the Token Issuer Trust REST API:

  1. Specify the headers on the cURL command line:
    -H Accept:application/json
  2. Create two issuers www.example.com with the token type jwt and www.oracle.com with the token type saml.hok to the trusted issuer document myTrustDocument by running the following command:
    curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer

    Example

    curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer

    See Create TokenIssuer(s).

    The following shows an example of the request body.

    [
  {
    "issuername": "www.example.com",
    "tokentype": "jwt"
  },
  {
    "issuername": "www.oracle.com",
    "tokentype": "saml.hok"
  }
]

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20061",
  "MESSAGE": "Issuer \"[issuername:www.example.com, tokentype:jwt, issuername:www.oracle.com, tokentype:saml.hok]\" are successfully created."
}

    Note:

    To define the trusted key and add the discovery information and relaying party list to the token issuer trust, see:

  3. Disable the www.example.com issuer by running the following command:
    curl -i -X PATCH -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer

    Example

    curl -i -X PATCH -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer

    See Update TokenIssuer(s).

    The following shows an example of the request body.

    [
  {
    "issuername": "www.example.com",
    "tokentype": "jwt",
    "enabled": "false"
  }
]

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20062",
  "MESSAGE": "Issuer \"[issuername:www.example.com, tokentype:jwt]\" are successfully updated."
}

    See Update TokenIssuer(s).

  4. View the details for www.oracle.com issuer in the repository by specifying the issuername and tokentype query parameters:
    curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{aTrustDocName}/issuer?issuername={IssuerName}&tokentype={TokenTypeValue}

    Example

    curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/?issuername=www.oracle.com

    See Get TokenIssuer(s).

    The following shows an example of the response body:

    [
  {
    "issuername": "www.oracle.com",
    "tokentype": "saml.hok",
    "enabled": "true",
    "trustedkey": {
      "keyidentifiers": [
        {
          "keytype": "x509certificate",
          "valuetype": "dn",
          "value": "CN=Bob,OU=OASIS Interop Test Cert,O=OASIS",
          "enabled": "true"
        }
      ]
    }
  }
]
  5. Optionally, delete the www.example.com issuer from the repository by running the following command:
    curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer?issuername={IssuerName}&tokentype={TokenType}

    Example

    curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/?issuername=www.example.com

    See Delete TokenIssuer(s).

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20064",
  "MESSAGE": "Following Issuer(s) are successfully deleted: [issuername:www.example.com, tokentype:jwt]"
}
  6. Optionally, delete an issuer based on the token type saml.hok from the repository by running the following command:
    curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer?issuername={IssuerName}&tokentype={TokenType}

    Example

    curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer?tokentype=saml.hok

    See Delete TokenIssuer(s).

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20064",
  "MESSAGE": "Following Issuer(s) are successfully deleted: [issuername:www.oracle.com, tokentype:saml.hok]"
}