Creates a token attribute rule for a trusted distinguished name (DN). This operation can be performed by the REST service or client. Only token attribute mapping is supported on the client side.
| Media Types: | application/json |
The request body contains the details of the add request:
| Attribute | Description |
|---|---|
"attributes" |
Groups the constraints filter and mapping attributes for trusted users.
Note: This attribute is not required on the client side. |
"-dn" |
On the service side, set this value to a trusted DN for which you are configuring an attribute rule. Use a string that conforms to RFC 2253, as described at the following URL: http://www.ietf.org/rfc/rfc2253.txt
On the client side, set this value to a URL of the domain hosting the targeted services using the following format: |
"filter" |
Defines the constraint values for trusted users and attributes.
Note: This attribute is not applicable on the client side. |
"mapping" |
Defines the mapping attributes for trusted users. |
"-name" |
Name of the attribute rule.
Note: This attribute is not applicable on the client side. |
"name-id" |
Defines the users that are accepted for the trusted DN. |
"token-attribute-rule" |
Groups information about a single token attribute rule. |
"tokn-attribute-rules" |
Groups information about all token attribute rules. |
"user-attribute" |
Defines the user attribute that the trusted DN can assert.
Note: This attribute is not applicable on the client side. |
"user-mapping-attribute" |
Defines the user mapping attribute that the trusted DN can assert. |
"value" |
Defines values for the constraint filter attribute. This value can be a full name or name pattern with a wildcard character (*), such as "yourTrusted*". Multiple values must be separated by a comma.
Note: This attribute is not applicable on the client side. |
| Media Types: | application/json |
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
"ERROR_CODE" |
If "STATUS" is set to "Failed", provides the error code. |
"ERROR_MSG" |
If "STATUS" is set to "Failed", provides the contents of the error message. |
"STATUS" |
Status of operation. For example, "Succeeded" or "Failed". |
The following example shows how to create a token attribute rule for a trusted DN by submitting a POST request on the REST resource using cURL. For more information, see "cURL Access".
curl -i -X POST -u username:password --data @createrule.json http://myhost:7001/idaas/webservice/admin/v1/trust/token
Example of Request Body - Service Side
The following shows an example of the request body in JSON format for creating a token attribute rule for a trusted DN on the service side.
{
"token-attribute-rules":
{
"token-attribute-rule":
[
{
"-dn": "cn=orcladmin,o=oracle",
"name-id":{
"filter":
{
"value":[ "filter1" ]
},
"mapping":
{
"user-attribute": "val3",
"user-mapping-attribute":"val4"
}
},
"attributes":
[
{
"-name": "tenant1",
"attribute":
{
"filter":
{
"value": [
"filter1",
"filter2"
]
},
"mapping":{
"user-attribute": "val1",
"user-mapping-attribute":"val2"
}
}
}
]
}
]
}
}
Example of Request Body - Client Side
The following shows an example of the request body in JSON format for creating a token attribute rule on the client side.
{
"token-attribute-rules":
{
"token-attribute-rule":
[
{
"-dn": "https://messaging.us2.com/",
"name-id":{
"mapping":
{
"user-mapping-attribute":"mail"
}
},
}
]
"token-attribute-rule":
[
{
"-dn": "https://messaging.us2.com/mysvcInstance1-acme/",
"name-id":{
"mapping":
{
"user-mapping-attribute":"uid"
}
},
}
]
}
}
The following shows an example of the response header.
HTTP/1.1 200 OK
The following shows an example of the response body in JSON format.
{
"STATUS": "Succeeded"
}