Creating an Issuer
Use the POST /v1/cckm/GoogleWorkspaceCSE/issuers
API to create an issuer (a third-party identity provider). This API adds a valid issuer for authentication JWT for validation of wrap
and unwrap
APIs.
When creating the issuer, specify:
-
Name for the issuer.
-
Any of the following combinations:
-
issuer
andjwksURL
-
issuer
: FetchesopenidConfigurationURL
andjwksURL
automatically. -
openidConfigurationURL
: Fetches theissuer
andjwksURL
automatically.
-
Syntax
curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<issuer-name>",\n "iss": "<issuer-string-idp-jwt>"\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
name | string | Name for the issuer. |
dryRun | boolean | Whether to persist with the issuer. Set to true to skip persisting the issuer. All the validation checks, auto-discovery, and connectivity checks will be performed. The server will return the same status codes and response. Use dryRun to test creating the issuer without modifying the server state. Default value is false . |
iss | string | Issuer string from the identity provider JWT, for example, https://abc.auth0.com/ . |
openidConfigurationURL | string | Identity provider configuration URL, for example, https://abc.auth.com/.well-known/openid-configuration . |
jwksURL | string | URL of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json . |
meta | JSON | Additional information about the issuer. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "demo_iss",\n "iss": "https://abc.auth0.com/"\n}' --compressed
Example Response
{
"id": "1fa6fd5a-01be-4b24-905f-21cba61c28a2",
"uri": "kylo:kylo:cckm:kacls-endpoint:demo",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-10-15T13:19:39.991892753Z",
"name": "demo_iss",
"updatedAt": "2020-10-15T13:19:39.990470809Z",
"iss": "https://abc.auth0.com/",
"openidConfigurationURL": "https://abc.auth0.com/.well-known/openid-configuration",
"jwksURL": "https://abc.auth0.com/.well-known/jwks.json",
"meta": null
}
The output shows the issuer ID "1fa6fd5a-01be-4b24-905f-21cba61c28a2"
. Each issuer has a unique ID. This ID is needed when viewing or deleting an issuer. The ID is also required when creating an endpoint.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
Refer to HTTP status codes for details.