I am having a challenge finding a proper body to set certificate for a user created using restman.
Please provide a valid sample that can work with an identity provider of type X.509.
Release : 10.0
Component :
STEP 1: I created a new FIP with name SOMEFIP
STEP 2: Get FIP ID.
https://MyGatewayServer:8443/restman/1.0/identityProviders?name=SOMEFIP
Value=
l7:Item>
<l7:Name>SOMEFIP</l7:Name>
<l7:Id>a760ef5024e4980615ab2662910c6d74</l7:Id>
STEP 3: Create User in FIP via restman
Command:
curl --insecure -u <UserName>:<Password> --location --request POST 'https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:User providerId="a760ef5024e4980615ab2662910c6d74" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Login>CN OF CERT PEM BELOW</l7:Login>
<l7:FirstName></l7:FirstName>
<l7:LastName></l7:LastName>
<l7:Email></l7:Email>
<l7:SubjectDn>CN OF CERT PEM BELOW</l7:SubjectDn>
<l7:Properties>
<l7:Property key="name">
<l7:StringValue>test_user</l7:StringValue>
</l7:Property>
</l7:Properties>
</l7:User>'
Result:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>HostName</l7:Name>
<l7:Id>a760ef5024e4980615ab2662910c6f07</l7:Id>
<l7:Type>USER</l7:Type>
<l7:TimeStamp>2022-04-01T06:00:17.021-07:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07"/>
<l7:Link rel="template" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/template"/>
<l7:Link rel="list" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users"/>
<l7:Link rel="certificate" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate"/>
<l7:Link rel="provider" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74"/>
</l7:Item>
STEP 4: Assign Certificate Data to ID
From above result
<l7:Link rel="certificate" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate"/>
This URI above is what the PUT goes to,
Command:
curl --insecure -u admin:7layer --location --request PUT 'https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate' \
--header 'Content-Type: application/xml' \
--data '<l7:CertificateData xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Encoded>SOMEENCODEDPEM</l7:Encoded>
</l7:CertificateData>'
Other Example but from Policy Manager view.
1. Error message when trying to update the certificate in identity provider
Resource validation failed due to 'INVALID_VALUES' Certificate subject name (ssg-token-revoke)does not match user login
2. The Login field should be same as certificate CN name.
IssuerName=CN%3Dssg-token-revoke
SubjectNamee=CN%3Dssg-token-revoke
But the Login was empty on user properties..
2. Customer updated above data to following and worked as expected.