Creating an Issuer
Run the post /v1/cckm/oci/issuers API to create an issuer (third-party IDP). The issuer validates authentication JWT created for health check, encrypt, and decrypt APIs. When creating the issuer, you must specify a unique name that has one of the following combinations:
issuerandjwks_uri. Optionally, you can also specifyregional_jwks_uris.openid_config_url(recommended). Optionally, you can also specifyregional_open_id_config_urls.openid_config_urlwill automatically fetchissuerandjwks_uri, andregional_jwks_uris(ifregional_open_id_config_urlsare provided).
Note
While creating an issuer, make sure to provide the exact CipherTrust Manager application's credentials (issuer and jwks_uri or openid_config_url), as received from Oracle; otherwise, external APIs might not work as expected.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name": "<issuer-name>",\n "jwks_uri_protected": <false|true>,\n "openid_config_url":"<openid-config-url>"\n }' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authentication token. |
| name | string | Unique name of the issuer. |
| jwks_uri_protected | boolean | Specifies whether jwks URI is protected. Set to true for a protected, false for an unprotected jwks URI.If set to true, you need to add the CTMClientId, CTMClientSecret, and openid_config_url parameters. If set to false, you need to add the name and openid_config_url parameters. |
| client_id | string | Client ID of the CipherTrust Manager application as registered on third-party IDP. |
| client_secret | string | Client secret of the CipherTrust Manager application as registered on third-party IDP. |
| issuer | string | Issuer string (URL) from the identity provider, for example, https://abc.auth0.com/. |
| jwks_uri | string | URI of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json. |
| openid_config_url | string | OpendID configuration URL for the issuer. |
| regional_jwks_uris | array of strings | List of the regional JWKS URIs. |
| regional_open_id_config_urls | array of strings | List of the regional OpendID configuration URLs for the issuer. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name": "uk-issue",\n "jwks_uri_protected": true,\n "openid_config_url":"https://idcs-7d5ad58bec1b43efae281bb6fec8f42b.identity.oraclecloud.com/.well-known/openid-configuration"\n}' --compressed
Example Response
{
"id": "6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
"uri": "kylo:kylo:cckm:oci-issuer:uk-issue-6c7d8562-f3bb-41eb-89d1-b30d8e32deb1",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-10-07T09:04:56.703088Z",
"updatedAt": "2022-10-07T09:04:56.701766Z",
"name": "uk-issue",
"jwks_uri_protected": true,
"openid_config_url": "https://www.example.com",
"issuer": "https://identity.oraclecloud.com/",
"jwks_uri": "jwks_uri": "https://www.example.com"
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
