Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Issuers APIs

Creating an Issuer

search

Please Note:

Creating an Issuer

Run the post /v1/cckm/oci/issuers API to create an issuer (third-party IDP). The issuer validates authentication JWT created for health check, encrypt, and decrypt APIs. When creating the issuer, you must specify a unique name that has one of the following combinations:

  • issuer and jwks_uri

  • openid_config_url: Will be used to auto-fetch the issuer and jwks_uri. This is the recommended option.

Note

While creating an issuer, make sure to provide the exact CipherTrust Manager application's credentials (issuer and jwks_uri, or openid_config_url), as received from Oracle; otherwise, external APIs might not work as expected.

Syntax

curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n  "name": "<issuer-name>",\n  "jwks_uri_protected": <false|true>,\n    "openid_config_url":"<openid-config-url>"\n  }' --compressed

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthentication token.
namestringUnique name of the issuer.
jwks_uri_protectedbooleanSpecifies whether jwks URI is protected. Set to true for a protected, false for an unprotected jwks URI.
If set to true, you need to add the CTMClientId, CTMClientSecret, and openid_config_url parameters. If set to false, you need to add the name and openid_config_url parameters.
client_idstringClient ID of the CipherTrust Manager application as registered on third-party IDP.
client_secretstringClient secret of the CipherTrust Manager application as registered on third-party IDP.
issuerstringIssuer string (URL) from the identity provider, for example, https://abc.auth0.com/.
jwks_uristringURI of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json.
openid_config_urlstringOpendID configuration URL for the issuer.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n  "name": "uk-issue",\n  "jwks_uri_protected": true,\n    "openid_config_url":"https://idcs-7d5ad58bec1b43efae281bb6fec8f42b.identity.oraclecloud.com/.well-known/openid-configuration"\n}' --compressed

Example Response

{
    "id": "6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
    "uri": "kylo:kylo:cckm:oci-issuer:uk-issue-6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-10-07T09:04:56.703088Z",
    "updatedAt": "2022-10-07T09:04:56.701766Z",
    "name": "uk-issue",
    "jwks_uri_protected": true,
    "openid_config_url": "https://www.example.com",
    "issuer": "https://identity.oraclecloud.com/",
    "jwks_uri": "jwks_uri": "https://www.example.com"
}

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page