Creating an Issuer
Run the post /v1/cckm/oci/issuers
API to create an issuer (third-party IDP). The issuer validates authentication JWT created for health check, encrypt, and decrypt APIs. When creating the issuer, you must specify a unique name that has one of the following combinations:
-
issuer
andjwks_uri
-
openid_config_url
: Will be used to auto-fetch theissuer
andjwks_uri
. This is the recommended option.
Note
While creating an issuer, make sure to provide the exact CipherTrust Data Security Platform Service application's credentials (issuer
and jwks_uri
, or openid_config_url
), as received from Oracle; otherwise, external APIs might not work as expected.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name": "<issuer-name>",\n "jwks_uri_protected": <false|true>,\n "openid_config_url":"<openid-config-url>"\n }' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authentication token. |
name | string | Unique name of the issuer. |
jwks_uri_protected | boolean | Specifies whether jwks URI is protected. Set to true for a protected, false for an unprotected jwks URI.If set to true , you need to add the CTMClientId , CTMClientSecret , and openid_config_url parameters. If set to false , you need to add the name and openid_config_url parameters. |
client_id | string | Client ID of the CipherTrust Data Security Platform Service application as registered on third-party IDP. |
client_secret | string | Client secret of the CipherTrust Data Security Platform Service application as registered on third-party IDP. |
issuer | string | Issuer string (URL) from the identity provider, for example, https://abc.auth0.com/. |
jwks_uri | string | URI of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json. |
openid_config_url | string | OpendID configuration URL for the issuer. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name": "uk-issue",\n "jwks_uri_protected": true,\n "openid_config_url":"https://idcs-7d5ad58bec1b43efae281bb6fec8f42b.identity.oraclecloud.com/.well-known/openid-configuration"\n}' --compressed
Example Response
{
"id": "6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
"uri": "kylo:kylo:cckm:oci-issuer:uk-issue-6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-10-07T09:04:56.703088Z",
"updatedAt": "2022-10-07T09:04:56.701766Z",
"name": "uk-issue",
"jwks_uri_protected": true,
"openid_config_url": "https://www.example.com",
"issuer": "https://identity.oraclecloud.com/",
"jwks_uri": "jwks_uri": "https://www.example.com"
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.