REST API
8.0.0
REST API for SafeNet Luna Network HSMs
|
The indirect login capability allows you to use one SafeNet Luna Network HSM to provide login credentials for a group of others. This can be useful when you need to configure multiple HSMs. The instructions below will allow you to configure indirect login.
In the examples below, "adminHSMid" refers to the serial number of the HSM that holds the private key used for indirect login, and "serviceHSMid" is the serial number of the HSM being configured.
GET https://LUNAIPADDRESS:PORT/api/lunasa/hsms/{adminHSMid}/partitions/{partitionid}/indirect/keyOutput:
{ "exponent": "AQAB", "modulus": "tGHiZBb/Ou+VVutU/I9XZhvF410zw307r+..." }
POST https://LUNAIPADDRESS:PORT/api/lunasa/hsms/{serviceHSMid}/indirect/key { "exponent":"<as above>", "modulus":"<as above>" }Output:
{ 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': '/api/lunasa/hsms/{serviceHSMid}/indirect/challenges', 'Content-Length': '{length}}', 'Access-Control-Allow-Credentials': 'true' }
GET https://LUNAIPADDRESS:PORT/api/lunasa/hsms/{adminHSMid}/certificateOutput:
{ "certificate": "AwAAADCCBAswggHzoAMCAQICAQAwDQYJKoZ..." }
POST https://LUNAIPADDRESS:PORT/api/lunasa/hsms/{serviceHSMid}/indirect/challenges { "role":"so", "ped":"1", "certificate":"<as above>" }Output:
{ 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': '/api/lunasa/hsms/{serviceHSMid}/indirect/challenges/{challengeid}', 'Content-Length': '{length}', 'Access-Control-Allow-Credentials': 'true' } { "challenge": "AAEAAHlUqZ5blhyvdl/bW9EqXwY9xwlVA..." }Note: This object is persistent for the duration of the session. There is no GET indirect/challenges to obtain a list of objects. The challenge can be retrieved with GET /api/lunasa/hsms/{serviceHSMid}/indirect/challenges/{challengeid}.
POST https://LUNAIPADDRESS:PORT/api/lunasa/hsms/{adminHSMid}/partitions/{partitionid}/indirect/responses { "challenge":"<as above>" }Output:
{ 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': '/api/lunasa/hsms/{adminHSMid}/indirect/responses/{responseid}', 'Content-Length': '{length}', 'Access-Control-Allow-Credentials': 'true' } { "response": "GZvvxqRYqk6LD3fRKm6MtikoBLjUOsgfMdclectEvoo=" }Note: This object is persistent for the duration of the session. There is no GET indirect/responses to obtain a list of objects. The response can be retrieved with GET /api/lunasa/hsms/{serviceHSMid}/indirect/responses/{responseid}.
POST https://LUNAIPADDRESS:PORT/api/lunasa/hsms/{serviceHSMid}/login { "response":"<as above>" }Output:
{ 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': '/api/lunasa/hsms/{adminHSMid}/roles/{roleid}', 'Content-Length': '{length}', 'Access-Control-Allow-Credentials': 'true' }You are now logged into serviceHSMid as the Security Officer ("so").