 |
REST API
4.0.0
REST API for SafeNet Network HSMs
|
|
REST API
4.0.0
REST API for SafeNet Network HSMs
|
Object
roles: Object
type: array
items: Object
id: Object
type: string
description: id is an internal reference for the role action.
Use this identifier to complete the action with a POST.
Valid actions are:
reset - return the password for the role to the factory default or
to a specified value or resets the contents of the black
PED token. Note that the reset action applies
to both password- and PED-based partitions. In the case of
a PED-based partition, if it has a challenge, an administrator
can reset the challenge by providing the PIN. Otherwise, for
a PED-based partition, an administrator can reset the secret
on the black PED token by providing no password.
See "Applied Example" below for a password-based partition.
createChallenge - create a challenge for the partition role.
deactivate - decache the partition PED key data.
url: string (see POST /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}/actions/{actionid})
CO role is locked out.
GET /api/lunasa/hsms/150607/partitions/350659181751/roles/co
{}
==> OK. SERVER RESPONSE (200):
{"loginAttemptsLeft": 0, "name": "Crypto Officer", "lockedOut": true, "activated": false,
----------------
"challengeToBeChanged": false, "initialized": true, "pinToBeChanged": false, "id": "co"}
Login as Security Officer and perform the reset password action.
POST /api/lunasa/hsms/150607/partitions/350659181751/roles/co/actions/reset
{"password": "password"}
==> OK. SERVER RESPONSE (204):
{}
Get information on the CO role to verify that the role is no longer locked out.
GET /api/lunasa/hsms/150607/partitions/350659181751/roles/co
{}
==> OK. SERVER RESPONSE (200):
{"loginAttemptsLeft": 10, "name": "Crypto Officer", "lockedOut": false, "activated": false,
-----------------
"challengeToBeChanged": false, "initialized": true, "pinToBeChanged": false, "id": "co"}