2 Use Cases for the REST API

This section demonstrates several use cases using the REST API.

Managing the Credential Store Framework Using the REST API

You can view and manage the credential store framework using the REST APIs described in the following use case. Specifically, this use case shows you how to:

  • Create a credential in the credential store

  • View all credentials in the credential store

  • Delete a credential from the credential store

Note:

For more information about credential store management, see "Configuring the Credential Store" in Security and Administrator's Guide for Web Services.

To manage the credential store framework using the REST API:

  1. Create a credential in the credential store framework by performing the following steps:

    1. Create a JSON document, createcred.json, that defines the credential that you want to create.

      The following shows an example of the request document. In this example, the name of the credential map is default, the credential key is myKey, and the username and password credentials are myUsr and myPwd, respectively.

      {
          "username" : "username",
          "credential" : "pwd",
          "key" : "mykey",
          "map" : "oracle.wsm.security"
      }
      

      For more information about the request attributes, see "POST Credential Method".

    2. Using cURL, create a credential in the credential store framework, passing the JSON document defined in the previous step.

      curl -i -X POST -u username:password --data @createcred.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/credential
      

      The following shows an example of the response indicating the request succeeded.

      {
          "STATUS": "Succeeded"
      }
      

      For more information, see "POST Credential Method".

  2. View all credentials in the credential store.

    curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/credential
    

    The following shows an example of the response, showing all credentials in the credential store:

    {
        "CSF_MAP_NAME": "CSF_KEY_NAME",
        "default": "systemuser",
        "oracle.wsm.security": [
            "sign-csf-key",
            "jwt-sign-csf-key",
            "owsmtest.credentials",
            "basic.client.credentials",
            "weblogic-csf-key",
            "enc-csf-key",
            "mykey",
            "dummy-pwd-csf-key",
            "weblogic-kerberos-csf-key",
            "keystore-csf-key",
            "weblogic-windowsdomain-csf-key",
            "oratest-csf-key",
            "csr-csf-key",
            "invalid-csf-key",
            "ca-signed-sign-csf-key"
        ]
    }
    

    For more information, see "GET Credential Method".

  3. Delete the credential from the credential store.

    curl -i -X DELETE -u username:password http://myhost:7001/idaas/webservice/admin/v1/credential?"key=mykey&map=oracle.wsm.security"
    
    

    You must pass query parameters to define the map and key names associated with the credential store that you want to delete. For more information, see "DELETE Credential Method".

    The following shows an example of the response indicating the request succeeded.

    {
        "STATUS": "Succeeded"
    }
    

Managing JKS Keystores Using the REST API

You can view and manage Java Keystore (JKS) certificates within the current domain using the REST APIs described in the following use case. Specifically, this use case shows you how to:

  • View all aliases in the JKS keystore.

  • Import a trusted certificate into the JKS keystore.

  • View a trusted certificate in the JKS keystore.

  • Delete a trusted certificate from the JKS keystore.

Note:

For information about JKS keystore management, see "Configuring Keystores for Message Protection" in Security and Administrator's Guide for Web Services.

To manage JKS keystores using the REST API:

  1. View all of the aliases that currently exist in the JKS keystore within the current domain:

    curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore
    

    The following shows an example of the response, showing all aliases in the JKS keystore.

    {
       "aliases":"oratest,orakey,testkey,jkstest,ms-oauthkey"
    }
    

    For more information, see "GET All Aliases Trusted Certificate JKS Keystore Method".

  2. Import the trusted certificate into the JKS keystore at the specified alias, by performing the following steps:

    1. Create a JSON document, importjks.json, that defines the trusted certificate to import into the JKS keystore.

      The following shows an example of the request document. In this example, the trusted certificate provided must be Base64-encoded and the component type must be set to JKS for this release.

      {   "component":"JKS",
        "certificate": "MIIC7DCCAqqgAwIBAgIEalhBSjALBgcqhkjOOAQDBQAwSDEKMAgGA1UEBhMBeTEKMAgGA1UECBMB\neTEKMAgGA1UEBxMBeTEKMAgGA1UEChMBeTEKMAgGA1UECxMBeTEKMAgGA1UEAxMBeTAeFw0xNDA3\nMDMxMTAwMTZaFw0xNDEwMDExMTAwMTZaMEgxCjAIBgNVBAYTAXkxCjAIBgNVBAgTAXkxCjAIBgNV\nBAcTAXkxCjAIBgNVBAoTAXkxCjAIBgNVBAsTAXkxCjAIBgNVBAMTAXkwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7/s9JKgOBhAACgYBrvzkjozmv6t6T0GNJES1R3ypRsBs8VLX2g3GotHd7Kht/TCj4HikelZDd\nuL0t96R5Q4A3srOgSIZ+0INRs1ER8y1Q37LyJNfyqYn5KqLBlN9bhSYAfcuIpjwIXGVfLQGdByD7\ntr4PSvZQx18K6p68HUCh+jXQT9+7n3ZUIBzH5aMhMB8wHQYDVR0OBBYEFPdMpcEBbYSCYMdJiE4r\ncQxf7Me4MAsGByqGSM44BAMFAAMvADAsAhQH/G1ixrEaWAG3lGWafkHgXxnzhwIUW5eSctgmaQBj\nvKaY0E6fYJzcp5c="
      }
      

      For more information about the request attributes, see "POST Specified Alias Trusted Certificate JKS Keystore Method".

    2. Using cURL, import the trusted certificate, specifying the alias of the trusted key to be imported, mytestkey, and passing the JSON request document defined in the previous step.

      curl -i -X POST -u username:password -H Content-type:application/json --data @importjks.json http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
      

      The following shows an example of the response indicating the request succeeded.

      {
          "STATUS":"Succeeded",
          "SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y"
      }
      

      For more information, see "POST Specified Alias Trusted Certificate JKS Keystore Method".

  3. View the trusted certificate that you imported in step 3:

    curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
    

    The following shows an example of the response, showing the details for the trusted certificate.

    {
        "SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
        "ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
        "NOT_BEFORE":"Thu Jul 03 04:00:16 PDT 2014",
        "NOT_AFTER":"Wed Oct 01 04:00:16 PDT 2014",
        "SERIAL_NO":"1784168778",
        "SIGNING_ALGORITHM":"1.2.840.10040.4.3",
        "CONTENT":"-----BEGIN CERTIFICATE-----\
    nMIIC7DCCAqqgAwIBAgIEalhBSjALBgcqhkjOOAQDBQAw
    SDEKMAgGA1UEBhMBeTEKMAgGA1UECBMB\neTEKMAgGA1UEBxMBeTEKMAgGA1UEChMBeTEKMAgGA1UECx
    MBeTEKMAgGA1UEAxMBeTAeFw0xNDA3\nMDMxMTAwMTZaFw0xNDEwMDExMTAwMTZaMEgxCjAIBgNVBAYT
    AXkxCjAIBgNVBAgTAXkxCjAIBgNV\nBAcTAXkxCjAIBgNVBAoTAXkxCjAIBgNVBAsTAXkxCjAIBgNVBA
    MTAXkwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA\/X9TgR11EilS30qcLuzk5\/YRt1I870QAwx4\/g
    LZRJmlFXUAiUftZPY1Y+r\/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5\/oBHsQIsJPu6nX\/rfG
    G\/g7V+fGqKYVDwT7g\/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu\/yIgMZndFIAccCFQCXYFCPFSMLzLK
    SuYKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu\/o66oL5V0wLPQeCZ1FZV4661FlP5nEH
    EIGAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qF
    GQiaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7\/s9JKgOBhAACgYBrvzkjozmv6t6T0GNJES1R3ypRsBs8VLX
    2g3GotHd7Kht\/TCj4HikelZDd\nuL0t96R5Q4A3srOgSIZ+0INRs1ER8y1Q37LyJNfyqYn5KqLBlN9b
    hSYAfcuIpjwIXGVfLQGdByD7\ntr4PSvZQx18K6p68HUCh+jXQT9+7n3ZUIBzH5aMhMB8wHQYDVR0OBB
    YEFPdMpcEBbYSCYMdJiE4r\ncQxf7Me4MAsGByqGSM44BAMFAAMvADAsAhQH\/G1ixrEaWAG3lGWafkH
    gXxnzhwIUW5eSctgmaQBj\nvKaY0E6fYJzcp5c=\n-----END CERTIFICATE-----",
        "SIGNATURE": "7JmdaAc+5T+spDFFo9gsRA==",
        "Extensions": "{subjectKeyIDExtension {oid = 2.5.29.14, critical = false, value = f74ca5c1016d848260c749884e2b710c5fecc7b8}}"
    }
    

    For more information, see "GET Specified Alias Trusted Certificate JKS Keystore Method".

  4. Delete the trusted certificate from the JKS keystore.

    curl -i -X DELETE -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
    

    The following shows an example of the response indicating the request succeeded.

    {
        "STATUS": "Succeeded"
    }
    

    For more information, see "DELETE Trusted Certificate JKS Keystore Method".

Managing KSS Keystores Using the REST API

You can view and manage Keystore Service (KSS) keystores using the REST APIs described in the following use case. Specifically, this use case shows you how to:

  • Create a KSS keystore

  • View all KSS keystores for a stripe

  • Import a trusted certificate into the KSS keystore

  • View a trusted certificate in the JKS keystore

  • Delete the KSS keystore

Note:

For more information about KSS keystore management, see "Configuring the OPSS Keystore Service for Message Protection" in Security and Administrator's Guide for Web Services.

To manage KSS keystores using the REST API:

  1. Create a KSS keystore by performing the following steps:

    1. Create a JSON document, createkss.json, that defines the KSS keystore that you want to create.

      The following shows an example of the request document. In this example, the KSS stripe and keystore names are myStripe and myKeystore, respectively; the password for the KSS keystore is mypwd; and the KSS keystore created is not permission-based.

      {
          "stripe" : "myStripe",
          "keystore" : "myKeystore",
          "pwd" : "mypwd",
          "permission" : "false"
      }
      

      For more information about the request attributes, see "POST New KSS Keystore Method".

    2. Using cURL, create a KSS keystore, passing the JSON document defined in the previous step.

      curl -i -X POST -u username:password -H Content-Type:application/json --data @createkss.json http://myhost:7001/idaas/platform/admin/v1/keystoreservice
      

      The following shows an example of the response indicating the request succeeded.

      {
          "STATUS": "Succeeded"
      }
      

      For more information, see "POST New KSS Keystore Method".

  2. View all KSS keystores for a stripe to confirm the KSS keystore was created.

    curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice/myStripe
    

    The following shows an example of the response, showing all KSS keystores in the stripe:

    {
        "keystore 1:"myKeystore"
    }
    

    For more information, see "GET Stripe KSS Keystores Method".

  3. Import a trusted certificate into the KSS keystore by performing the following steps:

    1. Create a JSON document, importkss.json, that defines the details of the trusted certificate that you want to import into the KSS keystore.

      The following shows an example of the request document. In this example, the KSS keystore is identified by its stripe and keystore names, myStripe and myKeystore, respectively; the KSS keystore password, mypwd, is required; the alias for the key is myAlias; the certificate is defined as a TrustedCertificate; and keystoreEntry specifies the encrypted certificate contents.

      {
          "keyAlias" : "myAlias",
          "keystoreEntry":
      "MIIC7DCCAqqgAwIBAgIEalhBSjALBgcqhkjOOAQDBQAwSDEKMAgGA1UEBhMBeTEKMAgGA1UECBMB\neTEKMAgGA1UEBxMBeTEKMAgGA1UEChMBeTEKMAgGA1UECxMBeTEKMAgGA1UEAxMBeTAeFw0xNDA3\nMDMxMTAwMTZaFw0xNDEwMDExMTAwMTZaMEgxCjAIBgNVBAYTAXkxCjAIBgNVBAgTAXkxCjAIBgNV\nBAcTAXkxCjAIBgNVBAoTAXkxCjAIBgNVBAsTAXkxCjAIBgNVBAMTAXkwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7/s9JKgOBhAACgYBrvzkjozmv6t6T0GNJES1R3ypRsBs8VLX2g3GotHd7Kht/TCj4HikelZDd\nuL0t96R5Q4A3srOgSIZ+0INRs1ER8y1Q37LyJNfyqYn5KqLBlN9bhSYAfcuIpjwIXGVfLQGdByD7\ntr4PSvZQx18K6p68HUCh+jXQT9+7n3ZUIBzH5aMhMB8wHQYDVR0OBBYEFPdMpcEBbYSCYMdJiE4r\ncQxf7Me4MAsGByqGSM44BAMFAAMvADAsAhQH/G1ixrEaWAG3lGWafkHgXxnzhwIUW5eSctgmaQBj\nvKaY0E6fYJzcp5c=",
          "keystoreEntryType" : "TrustedCertificate",
          "keystoreName" : "myKeystore",
          "stripeName" : "myStripe",
          "keystorePassword" : "myPwd"
      }
      

      For more information about the request attributes, see "POST Trusted Certificate KSS Keystore Method".

    2. Using cURL, import a trusted certificate into the KSS keystore, passing the JSON document defined in the previous step.

      curl -i -X POST -u username:password -H Content-Type:application/json --data @importcertkss.json http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates
      

      The following shows an example of the response indicating the request succeeded.

      {
          "STATUS": "Succeeded"
          "SUBJECT_DN": "CN=y,OU=y,O=y,L=y,ST=y,C=y"
      }
      

      For more information, see "POST Trusted Certificate KSS Keystore Method".

  4. View the trusted certificate that you just imported into the KSS keystore.

    curl -i -X GET -u username:password -H keystorePassword:cHdkMQ== http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myAlias&keystoreEntryType=TrustedCertificate"
    

    You must pass query parameters to define the stripe name, keystore name and entry type, and alias name associated with the trusted certificate you want to view.

    The following shows an example of the response, showing the details of the trusted certificate.

    {
        "SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
        "ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
        "NOT_BEFORE":"Fri Jul 25 02:45:11 PDT 2014",
        "NOT_AFTER":"Thu Oct 23 02:45:11 PDT 2014",
        "SERIAL_NO":"982191050",
        "SIGNING_ALGORITHM":"1.2.840.10040.4.3",
        "CONTENT":"-----BEGIN CERTIFICATE----- \nMIIC7DCCAqqgAwIBAgIEOosLyjALBgcqhkjOOAQDBQAwS
    EKMAgGA1UEBhMBcjEKMAgGA1UECBMB\ncjEKMAgGA1UEBxMBcjEKMAgGA1UEChMBcjEKMAgGA1UECxM
    cjEKMAgGA1UEAxMBUjAeFw0xNDA3\nMjUwOTQ1MTFaFw0xNDEwMjMwOTQ1MTFaMEgxCjAIBgNVBAYTA
    IxCjAIBgNVBAgTAXIxCjAIBgNV\nBAcTAXIxCjAIBgNVBAoTAXIxCjAIBgNVBAsTAXIxCjAIBgNVBAM
    AVIwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA\/X9TgR11EilS30qcLuzk5\/YRt1I870QAwx4\/gL
    RJmlFXUAiUftZPY1Y+r\/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5\/oBHsQIsJPu6nX\/rfGG
    /g7V+fGqKYVDwT7g\/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu\/yIgMZndFIAccCFQCXYFCPFSMLzLKS
    YKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu\/o66oL5V0wLPQeCZ1FZV4661FlP5nEHE
    GAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFG
    iaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7\/s9JKgOBhAACgYAjhpZybXj6rlXDow8srnSFE9dZJJpCKaQV
    ACagQogePV+xlqPClDOoiQJ\nuvuUGHerDrThC1\/Wq5Uj1+TnkSKTy0qYxmQoq56xALa47np9TKtqt
    4Vy8eUUorakG4lrjNt\/EgR\nfO675n+qINkKXKpcxaCicupRCYPkPXlnT4mtyKMhMB8wHQYDVR0OBB
    EFDKbmPa2Il6SylJRPTv8\nQ+4CqpEhMAsGByqGSM44BAMFAAMvADAsAhQbkmlaUG5QDR5mXUiYC74p
    \/FBOwIUGx5lc5Y01ppo\nvK3UgL7M8E3eOfc=\n-----END CERTIFICATE-----",
        "SIGNATURE":FEZN2l4SPFEK5jt2QZRb5Q==",
        "Extensions":"{subjectKeyIDExtension {oid = 2.5.29.14 critical = false, value = 329b98f6b6225e92ca52513d3bfc43ee02aa9121}}"
    }
    
    

    For more information, see "GET Trusted Certificate KSS Keystore Method".

  5. Delete the KSS keystore.

    curl -i -X DELETE -u username:password -H keystorePassword:cHdkMQ== http://myhost:7001/idaas/platform/admin/v1/keystoreservice?"stripeName=myStripe&keystoreName=myKeystore"
    
    

    You must pass query parameters to define the stripe and keystore name of the KSS keystore you want to delete. For more information, see "DELETE Keystore Service KSS Keystore Method".

    The following shows an example of the response indicating the request succeeded.

    HTTP/1.1 204 No Content
    

Managing Token Issuer Trust Using the REST API

You can view and manage token issuer trust using the REST APIs described in the following use case. Specifically, this use case shows you how to:

  • View all trusted issuers

  • Create a trusted issuer

  • Create a token attribute rule

  • Delete a trusted issuer

  • Create a trust document

Note:

For more information about token issuer trust management, see "Defining Trusted Issuers and a Trusted DN List for Signing Certificates" in Security and Administrator's Guide for Web Services.

To manage token issuer trust using the REST API:

  1. Create a trusted issuer document.

    curl -i -X POST -u username:password http://myhost:7001/idaas/webservice/admin/v1/trustdocument?"documentName=myTrustDocument&displayName=myTrustDocument"
    
    

    You must pass query parameters to define the document and display names for the trusted issuer document.

    The following shows an example of the response indicating the request succeeded.

    {
        "STATUS": "Succeeded",
        "Result": "New Token Issuer Trust document named "myTrustDocument" created."
    }
    

    For more information, see "POST TrustDocument Name Method".

  2. Create the trusted issuers and DN lists, by performing the following steps:

    1. Create a JSON document, createtrust.json, that defines the trusted issuers and distinguished name (DN) lists that you want to create.

      The following shows an example of the request document. In this example, the following types of trusted issuers are created: SAML holder-of-key, SAML sender vouches, and JSON Web Token (JWT). For each trusted issuer, the name and DN list is defined.

      { 
          "saml-trusted-dns": 
          { 
               "saml-hok-trusted-dns": 
               { 
                   "issuer": [ 
                   { 
                       "-name": "www.oracle.com", 
                       "dn": [ "wls1", ]
                   } 
                   ] 
               }, 
              "saml-sv-trusted-dns": 
              { 
                  "issuer": [ 
                      { 
                          "-name": "www.oracle.com", 
                          "dn": [ "wls2", ] 
                      } 
                 ] 
              }, 
              "jwt-trusted-issuers": 
              { 
                  "issuer": [ 
                  { 
                      "-name": "www.oracle.com", 
                      "dn": [ "CN=orakey, OU=Orakey,O=Oracle, C=US", ] 
                  }
                  ] 
              } 
          } 
      }
      

      For more information about the request attributes, see "POST Domain Trusted Issuers and Distinguished Name Lists Method".

    2. Using cURL, create the trusted issuers and DN lists, passing the JSON document defined in step 2.

      curl -i -X POST -u username:password --data @createtrust.json -H Content-Type:application/json http://myhost:7001/idaas/webservice/admin/v1/trust/issuers
      

      The following shows an example of the response body indicating the request succeeded.

      {
          "STATUS": "Succeeded"
      }
      

      For more information, see "POST Domain Trusted Issuers and Distinguished Name Lists Method".

  3. Create a JSON document, createtoken.json, that defines the token attribute rules for the trusted DN lists.

    The following shows an example of the request document. In this example:

    • Create a separate "token-attribute-rule" entry for each trusted DN list for which you want to create a token attribute rule.

    • Specify filters for the name-id and user attributes, as required.

    For more information about the request attributes, see "POST Token Attribute Rule Distinguished Name Method (Domain Context)".

    {
        "token-attribute-rules":
        {
            "token-attribute-rule": 
            [
                {
                    "-dn": "cn=orcladmin,o=oracle",
                    "name-id":{
                        "filter": 
                        {
                            "value":[ "filter1" ]
                        },
                        "mapping":
                        {
                            "user-attribute": "val3",
                            "user-mapping-attribute":"val4"
                        }
                    },
                    "attributes":
                    [
                        {
                            "-name": "tenant1",
                            "attribute":
                            {
                                "filter":
                                {
                                    "value": [
                                        "filter1",
                                        "filter2"
                                    ]
                                },
                                "mapping":{
                                    "user-attribute": "val1",
                                    "user-mapping-attribute":"val2"
                                }
                            }
                        }
                    ]
                }
            ]
        }
    }
    
  4. Create the token attribute rules for the trusted DN lists, passing the JSON document defined in step 4.

    curl -i -X POST -u username:password --data @createrule.json http://myhost:7001/idaas/webservice/admin/v1/trust/token
    

    The following shows an example of the response body indicating the request succeeded.

    {
        "STATUS": "Succeeded"
    }
    

    For more information, see "POST Token Attribute Rule Distinguished Name Method (Domain Context)".

  5. View the configuration details for the trusted issuer.

    curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/trustdocument?"documentName=myTrustDocument"
    

    The following shows an example of the response body, showing the configuration details:

    {
        "STATUS":"Succeeded",
        "Result":"List of token issuer trust documents in the Repository:\nDetails of the document matching your request:\nName         : myTrustDocument\tDisplay Name : myTrustDocument\tStatus       : DOCUMENT_STATUS_COMMITED \nList of trusted issuers for this type:\tNone\nList of Token Attribute Rules\tNone"
    }
    

    For more information, see "GET TrustDocument Method".

  6. Delete the trusted issuer document.

    curl -i -X DELETE -u username:password http://myhost:7001/idaas/webservice/admin/v1/trustdocument?"documentName=myTrustDocument&displayName=myTrustDocument"
    
    

    You must pass query parameters to define the document and display names for the trusted issuer document that you want to delete. For more information, see "DELETE Credential Method".

    The following example shows the contents of the response body.

    {
        "STATUS": "Succeeded",
        "Result": "Token Issuer Trust document named "myTrustDocument" deleted from the repository."
    }