Authenticate

Oracle Identity Governance (OIG) uses a certificate authority (CA) certificate, issued by Verisign, to enable clients to connect securely to the server.

The FacadeWebApp Token Service REST API supports authentication via Authorization header for enforcing access controls to web resources.

The authentication type the API support is governed by the OWSM policy used. FacadeWebApp Token Service supports oracle/multi-token-rest-service-policy, which has the following authentication:

• HTTP Basic Auth

• SAML 2.0 Bearer token in HTTP header

• HTTP OAM security

• JWT token in HTTP header

You access the OIG REST resources over HTTPS and you must provide the following information for authentication:

• An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign CA certificate.

• User name and password for your OIG account.

For example, to authenticate using cURL:

• Set the cURL environment variable, CURL_CA_BUNDLE, to the location of your local CA certificate bundle. For information about CA certificate verification using cURL, see: http://curl.haxx.se/docs/sslcerts.html.

• Pass the user name and password for your OIG account using the -u cURL option.

The following is the syntax of the cURL command:

curl  -X GET  -u <username>:<password> https://<subdomain>.<domain>.com:<port>/<resource-path> 

The following provides an example cURL command:

curl -X POST -u username:password -d @post.json https://pseudo.com/iam/goverance/selfservice/api/v1/users