Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Related APIs

Creating an Issuer

search

Please Note:

Creating an Issuer

Use the POST /v1/cckm/GoogleWorkspaceCSE/issuers API to create an issuer (a third-party identity provider). This API adds a valid issuer for authentication JWT for validation of wrap and unwrap APIs.

When creating the issuer, specify:

  • Name for the issuer.

  • Any of the following combinations:

    • issuer and jwksURL

    • issuer: Fetches openidConfigurationURL and jwksURL automatically.

    • openidConfigurationURL: Fetches the issuer and jwksURL automatically.

Syntax

curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "<issuer-name>",\n  "iss": "<issuer-string-idp-jwt>"\n}' --compressed

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
namestringName for the issuer.
dryRunbooleanWhether to persist with the issuer. Set to true to skip persisting the issuer. All the validation checks, auto-discovery, and connectivity checks will be performed. The server will return the same status codes and response. Use dryRun to test creating the issuer without modifying the server state. Default value is false.
issstringIssuer string from the identity provider JWT, for example, https://abc.auth0.com/.
openidConfigurationURLstringIdentity provider configuration URL, for example, https://abc.auth.com/.well-known/openid-configuration.
jwksURLstringURL of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json.
metaJSONAdditional information about the issuer.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "demo_iss",\n  "iss": "https://abc.auth0.com/"\n}' --compressed

Example Response

{
    "id": "1fa6fd5a-01be-4b24-905f-21cba61c28a2",
    "uri": "kylo:kylo:cckm:kacls-endpoint:demo",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-10-15T13:19:39.991892753Z",
    "name": "demo_iss",
    "updatedAt": "2020-10-15T13:19:39.990470809Z",
    "iss": "https://abc.auth0.com/",
    "openidConfigurationURL": "https://abc.auth0.com/.well-known/openid-configuration",
    "jwksURL": "https://abc.auth0.com/.well-known/jwks.json",
    "meta": null
}

The output shows the issuer ID "1fa6fd5a-01be-4b24-905f-21cba61c28a2". Each issuer has a unique ID. This ID is needed when viewing or deleting an issuer. The ID is also required when creating an endpoint.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors

Refer to HTTP status codes for details.

On this page