You can view and manage the trusted keys for a token issuer using the
Token Issuer REST API.
The cURL command examples use the URL
structure:
http(s)://host:port/wsm-pmrest/v2/trust/issuer/{issuername}/{tokentype}/trustedkey
The following use case shows you how to:
-
Add the trusted keys
-
Modify the trusted keys
-
View the trusted keys
-
Delete a trusted keys
To manage the trusted key using the Token Issuer Trust REST API:
- Specify the headers on the cURL command line:
-H Accept:application/json
- Add the trusted key for the issuer
www.example.com (token type
jwt) and specify the metadata URL, refresh interval, and
trust by running the following command:
curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey
Example
curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey
See Create the TrustedKey.
The following shows an example of the request body.
{
"mdurl": "http://www.google.com",
"refreshinterval": "10",
"trust": "jwk.jwt"
}
The following shows an example of the response indicating the
request succeeded.
{
"STATUSCODE": "20071",
"MESSAGE": "TrustedKey is successfully created."
}
- Add the trusted key with trusted key identifiers for the issuer
www.oracle.com by running the following command:
curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey
Example
curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.oracle.com/saml.hok/trustedkey
See Create the TrustedKey.
The following shows an example of the request body.
{
"keyidentifiers": [
{
"keytype": "x509certificate",
"valuetype": "dn",
"value": "cn=admin",
"enabled": "true"
}
]
}
The following shows an example of the response indicating the
request succeeded.
{
"STATUSCODE": "20071",
"MESSAGE": "TrustedKey is successfully created."
}
- Change the refresh interval to
20 for the
issuerwww.example.com by running the following
command:
curl -i -X PATCH -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey
Example
curl -i -X PATCH -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.example.com/jwt/trustedkey
For more information, see Update the TrustedKey.
The following shows an example of the request body.
{
"refreshinterval": "20"
}
The following shows an example of the response indicating the
request succeeded.
{
"STATUSCODE": "20072",
"MESSAGE": "TrustedKey is successfully updated."
}
- View the trusted key details for the issuer
www.oracle.com
with token type saml.hok in the repository by running the
following command:
curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey
Example
curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.oracle.com/saml.hok/trustedkey
See Get the TrustedKey.
The following shows an example of the response body:
{
"keyidentifiers": [
{
"keytype": "x509certificate",
"valuetype": "dn",
"value": "cn=admin",
"enabled": "true"
}
]
}
- Optionally, delete the trusted key for the issuer
www.oracle.com from the repository by running the following
command:
curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/issuer/{issuername}/{tokentype}/trustedkey
Example
curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/issuer/www.oracle.com/saml.hok/trustedkey
See Delete the TrustedKey.
The following shows an example of the response indicating the
request succeeded.
{
"STATUSCODE": "20074",
"MESSAGE": "TrustedKey is successfully deleted."
}