Creating an Issuer

Run the post /v1/cckm/oci/issuers API to create an issuer (third-party IDP). The issuer validates authentication JWT created for health check, encrypt, and decrypt APIs. When creating the issuer, you must specify a unique name that has one of the following combinations:

issuer and jwks_uri. Optionally, you can also specify regional_jwks_uris.
openid_config_url (recommended). Optionally, you can also specify regional_open_id_config_urls. openid_config_url will automatically fetch issuer and jwks_uri, and regional_jwks_uris (if regional_open_id_config_urls are provided).

Note

While creating an issuer, make sure to provide the exact CipherTrust Manager application's credentials (issuer and jwks_uri or openid_config_url), as received from Oracle; otherwise, external APIs might not work as expected.

Syntax

curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n  "name": "<issuer-name>",\n  "jwks_uri_protected": <false|true>,\n    "openid_config_url":"<openid-config-url>"\n  }' --compressed

Request Parameters

Parameter	Type	Description
AUTHTOKEN	string	Authentication token.
name	string	Unique name of the issuer.
jwks_uri_protected	boolean	Specifies whether jwks URI is protected. Set to `true` for a protected, `false` for an unprotected jwks URI. If set to `true`, you need to add the `CTMClientId`, `CTMClientSecret`, and `openid_config_url` parameters. If set to `false`, you need to add the `name` and `openid_config_url` parameters.
client_id	string	Client ID of the CipherTrust Manager application as registered on third-party IDP.
client_secret	string	Client secret of the CipherTrust Manager application as registered on third-party IDP.
issuer	string	Issuer string (URL) from the identity provider, for example, https://abc.auth0.com/.
jwks_uri	string	URI of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json.
openid_config_url	string	OpendID configuration URL for the issuer.
regional_jwks_uris	array of strings	List of the regional JWKS URIs.
regional_open_id_config_urls	array of strings	List of the regional OpendID configuration URLs for the issuer.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n  "name": "uk-issue",\n  "jwks_uri_protected": true,\n    "openid_config_url":"https://idcs-7d5ad58bec1b43efae281bb6fec8f42b.identity.oraclecloud.com/.well-known/openid-configuration"\n}' --compressed

Example Response

{
    "id": "6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
    "uri": "kylo:kylo:cckm:oci-issuer:uk-issue-6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-10-07T09:04:56.703088Z",
    "updatedAt": "2022-10-07T09:04:56.701766Z",
    "name": "uk-issue",
    "jwks_uri_protected": true,
    "openid_config_url": "https://www.example.com",
    "issuer": "https://identity.oraclecloud.com/",
    "jwks_uri": "jwks_uri": "https://www.example.com"
}

Response Codes

Response Code	Description
2xx	Success
4xx	Client errors
5xx	Server errors

Refer to HTTP status codes for details.

Creating an Issuer

Syntax

Request Parameters

Example Request

Example Response

Response Codes

On this page

Suggest A Change