Creating an Issuer
Use the POST /v1/cckm/GoogleWorkspaceCSE/issuers API to create an issuer (a third-party identity provider). This API adds a valid issuer for authentication JWT for validation of wrap and unwrap APIs.
When creating the issuer, specify:
- Name for the issuer. 
- Any of the following combinations: - issuerand- jwksURL
- issuer: Fetches- openidConfigurationURLand- jwksURLautomatically.
- openidConfigurationURL: Fetches the- issuerand- jwksURLautomatically.
 
Syntax
curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "<issuer-name>",\n  "iss": "<issuer-string-idp-jwt>"\n}' --compressed
Request Parameters
| Parameter | Type | Description | 
|---|---|---|
| AUTHTOKEN | string | Authorization token. | 
| name | string | Name for the issuer. | 
| dryRun | boolean | Whether to persist with the issuer. Set to trueto skip persisting the issuer. All the validation checks, auto-discovery, and connectivity checks will be performed. The server will return the same status codes and response. UsedryRunto test creating the issuer without modifying the server state. Default value isfalse. | 
| iss | string | Issuer string from the identity provider JWT, for example, https://abc.auth0.com/. | 
| openidConfigurationURL | string | Identity provider configuration URL, for example, https://abc.auth.com/.well-known/openid-configuration. | 
| jwksURL | string | URL of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json. | 
| meta | JSON | Additional information about the issuer. | 
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "demo_iss",\n  "iss": "https://abc.auth0.com/"\n}' --compressed
Example Response
{
    "id": "1fa6fd5a-01be-4b24-905f-21cba61c28a2",
    "uri": "kylo:kylo:cckm:kacls-endpoint:demo",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-10-15T13:19:39.991892753Z",
    "name": "demo_iss",
    "updatedAt": "2020-10-15T13:19:39.990470809Z",
    "iss": "https://abc.auth0.com/",
    "openidConfigurationURL": "https://abc.auth0.com/.well-known/openid-configuration",
    "jwksURL": "https://abc.auth0.com/.well-known/jwks.json",
    "meta": null
}
The output shows the issuer ID "1fa6fd5a-01be-4b24-905f-21cba61c28a2". Each issuer has a unique ID. This ID is needed when viewing or deleting an issuer. The ID is also required when creating an endpoint.
Response Codes
| Response Code | Description | 
|---|---|
| 2xx | Success | 
| 4xx | Client errors | 
Refer to HTTP status codes for details.