REST API
4.0.0
REST API for SafeNet Network HSMs
|
Object roles: Object type: array items: Object id: Object type: string description: id is an internal reference for the role action. Use this identifier to complete the action with a POST. Valid actions are: reset - return the password for the role to the factory default or to a specified value or resets the contents of the black PED token. Note that the reset action applies to both password- and PED-based partitions. In the case of a PED-based partition, if it has a challenge, an administrator can reset the challenge by providing the PIN. Otherwise, for a PED-based partition, an administrator can reset the secret on the black PED token by providing no password. See "Applied Example" below for a password-based partition. createChallenge - create a challenge for the partition role. deactivate - decache the partition PED key data.
url: string (see POST /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}/actions/{actionid})
CO role is locked out.
GET /api/lunasa/hsms/150607/partitions/350659181751/roles/co {} ==> OK. SERVER RESPONSE (200): {"loginAttemptsLeft": 0, "name": "Crypto Officer", "lockedOut": true, "activated": false, ---------------- "challengeToBeChanged": false, "initialized": true, "pinToBeChanged": false, "id": "co"}
Login as Security Officer and perform the reset password action.
POST /api/lunasa/hsms/150607/partitions/350659181751/roles/co/actions/reset {"password": "password"} ==> OK. SERVER RESPONSE (204): {}
Get information on the CO role to verify that the role is no longer locked out.
GET /api/lunasa/hsms/150607/partitions/350659181751/roles/co {} ==> OK. SERVER RESPONSE (200): {"loginAttemptsLeft": 10, "name": "Crypto Officer", "lockedOut": false, "activated": false, ----------------- "challengeToBeChanged": false, "initialized": true, "pinToBeChanged": false, "id": "co"}