Creates a token attribute rule for a trusted distinguished name (DN). This operation can be performed by the REST service or client. Only token attribute mapping is supported on the client side.
Media Types: | application/json |
The request body contains the details of the add request:
Attribute | Description |
---|---|
"attributes" |
Groups the constraints filter and mapping attributes for trusted users.
Note: This attribute is not required on the client side. |
"-dn" |
On the service side, set this value to a trusted DN for which you are configuring an attribute rule. Use a string that conforms to RFC 2253, as described at the following URL: http://www.ietf.org/rfc/rfc2253.txt
On the client side, set this value to a URL of the domain hosting the targeted services using the following format: |
"filter" |
Defines the constraint values for trusted users and attributes.
Note: This attribute is not applicable on the client side. |
"mapping" |
Defines the mapping attributes for trusted users. |
"-name" |
Name of the attribute rule.
Note: This attribute is not applicable on the client side. |
"name-id" |
Defines the users that are accepted for the trusted DN. |
"token-attribute-rule" |
Groups information about a single token attribute rule. |
"tokn-attribute-rules" |
Groups information about all token attribute rules. |
"user-attribute" |
Defines the user attribute that the trusted DN can assert.
Note: This attribute is not applicable on the client side. |
"user-mapping-attribute" |
Defines the user mapping attribute that the trusted DN can assert. |
"value" |
Defines values for the constraint filter attribute. This value can be a full name or name pattern with a wildcard character (*), such as "yourTrusted*" . Multiple values must be separated by a comma.
Note: This attribute is not applicable on the client side. |
Media Types: | application/json |
The response body returns the status of the import operation, including:
Attribute | Description |
---|---|
"ERROR_CODE" |
If "STATUS" is set to "Failed" , provides the error code. |
"ERROR_MSG" |
If "STATUS" is set to "Failed" , provides the contents of the error message. |
"STATUS" |
Status of operation. For example, "Succeeded" or "Failed" . |
The following example shows how to create a token attribute rule for a trusted DN by submitting a POST request on the REST resource using cURL. For more information, see "cURL Access".
curl -i -X POST -u username:password --data @createrule.json http://myhost:7001/idaas/webservice/admin/v1/trust/token
Example of Request Body - Service Side
The following shows an example of the request body in JSON format for creating a token attribute rule for a trusted DN on the service side.
{ "token-attribute-rules": { "token-attribute-rule": [ { "-dn": "cn=orcladmin,o=oracle", "name-id":{ "filter": { "value":[ "filter1" ] }, "mapping": { "user-attribute": "val3", "user-mapping-attribute":"val4" } }, "attributes": [ { "-name": "tenant1", "attribute": { "filter": { "value": [ "filter1", "filter2" ] }, "mapping":{ "user-attribute": "val1", "user-mapping-attribute":"val2" } } } ] } ] } }
Example of Request Body - Client Side
The following shows an example of the request body in JSON format for creating a token attribute rule on the client side.
{ "token-attribute-rules": { "token-attribute-rule": [ { "-dn": "https://messaging.us2.com/", "name-id":{ "mapping": { "user-mapping-attribute":"mail" } }, } ] "token-attribute-rule": [ { "-dn": "https://messaging.us2.com/mysvcInstance1-acme/", "name-id":{ "mapping": { "user-mapping-attribute":"uid" } }, } ] } }
The following shows an example of the response header.
HTTP/1.1 200 OK
The following shows an example of the response body in JSON format.
{ "STATUS": "Succeeded" }