Use the POST method to create a token attribute rule for a trusted distinguished name (DN) for a domain context (that is, it applies to the entire domain). This operation can be performed by the REST service or client. Only token attribute mapping is supported on the client side.
| Media Types: | application/json |
The request body contains the details of the add request:
| Attribute | Description |
|---|---|
"attributes" |
Groups the constraints filter and mapping attributes for trusted users.
Note: This attribute is not required on the client side. |
"-dn" |
On the service side, set this value to a trusted DN for which you are configuring an attribute rule. Use a string that conforms to RFC 2253, as described at the following URL: http://www.ietf.org/rfc/rfc2253.txt
On the client side, set this value to a URL of the domain hosting the targeted services using the following format: |
"filter" |
Defines the constraint values for trusted users and attributes.
Note: This attribute is not applicable on the client side. |
"mapping" |
Defines the mapping attributes for trusted users. |
"-name" |
Name of the attribute rule.
Note: This attribute is not applicable on the client side. |
"name-id" |
Defines the users that are accepted for the trusted DN. |
"token-attribute-rule" |
Groups information about a single token attribute rule. |
"tokn-attribute-rules" |
Groups information about all token attribute rules. |
"user-attribute" |
Defines the user attribute that the trusted DN can assert.
Note: This attribute is not applicable on the client side. |
"user-mapping-attribute" |
Defines the user mapping attribute that the trusted DN can assert. |
"value" |
Defines values for the constraint filter attribute. This value can be a full name or name pattern with a wildcard character (*), such as "yourTrusted*". Multiple values must be separated by a comma.
Note: This attribute is not applicable on the client side. |
| Media Types: | application/json |
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
"ERROR_CODE" |
If "STATUS" is set to "Failed", provides the error code. |
"ERROR_MSG" |
If "STATUS" is set to "Failed", provides the contents of the error message. |
"STATUS" |
Status of operation. For example, "Succeeded" or "Failed". |
The following example shows how to create a token attribute rule for a trusted DN by submitting a POST request on the REST resource using cURL.
curl -i -X POST -u username:password --data @createrule.json http://myhost:7001/idaas/webservice/admin/v1/trust/token
Example of Request Body - Service Side
The following shows an example of the request body in JSON format for creating a token attribute rule for a trusted DN on the service side.
{
"token-attribute-rules":
{
"token-attribute-rule":
[
{
"-dn": "cn=orcladmin,o=oracle",
"name-id":{
"filter":
{
"value":[ "filter1" ]
},
"mapping":
{
"user-attribute": "val3",
"user-mapping-attribute":"val4"
}
},
"attributes":
[
{
"-name": "tenant1",
"attribute":
{
"filter":
{
"value": [
"filter1",
"filter2"
]
},
"mapping":{
"user-attribute": "val1",
"user-mapping-attribute":"val2"
}
}
}
]
}
]
}
}
Example of Request Body - Client Side
The following shows an example of the request body in JSON format for creating a token attribute rule on the client side.
{
"token-attribute-rules":
{
"token-attribute-rule":
[
{
"-dn": "https://messaging.us2.com/",
"name-id":{
"mapping":
{
"user-mapping-attribute":"mail"
}
},
}
]
"token-attribute-rule":
[
{
"-dn": "https://messaging.us2.com/mysvcInstance1-acme/",
"name-id":{
"mapping":
{
"user-mapping-attribute":"uid"
}
},
}
]
}
}
The following shows an example of the response header.
HTTP/1.1 200 OK
The following shows an example of the response body in JSON format.
{
"STATUS": "Succeeded"
}