Restman set user certificate error Certificate subject name does not match user login
search cancel

Restman set user certificate error Certificate subject name does not match user login

book

Article ID: 238440

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

I am having a challenge finding a proper body to set certificate for a user created using restman.

Please provide a valid sample that can work with an identity provider of type X.509.

Environment

Release : 10.0

Component :

Resolution

STEP 1: I created a new FIP with name SOMEFIP 
STEP 2: Get FIP ID.
https://MyGatewayServer:8443/restman/1.0/identityProviders?name=SOMEFIP
Value=
l7:Item>
<l7:Name>SOMEFIP</l7:Name>
<l7:Id>a760ef5024e4980615ab2662910c6d74</l7:Id>


STEP 3: Create User in FIP via restman
Command:

curl --insecure -u <UserName>:<Password> --location --request POST 'https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:User providerId="a760ef5024e4980615ab2662910c6d74" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Login>CN OF CERT PEM BELOW</l7:Login>
    <l7:FirstName></l7:FirstName>
    <l7:LastName></l7:LastName>
    <l7:Email></l7:Email>
    <l7:SubjectDn>CN OF CERT PEM BELOW</l7:SubjectDn>
    <l7:Properties>
        <l7:Property key="name">
            <l7:StringValue>test_user</l7:StringValue>
            </l7:Property>
    </l7:Properties>
 </l7:User>'
 
Result:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>HostName</l7:Name>
    <l7:Id>a760ef5024e4980615ab2662910c6f07</l7:Id>
    <l7:Type>USER</l7:Type>
    <l7:TimeStamp>2022-04-01T06:00:17.021-07:00</l7:TimeStamp>
    <l7:Link rel="self" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07"/>
    <l7:Link rel="template" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/template"/>
    <l7:Link rel="list" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users"/>
    <l7:Link rel="certificate" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate"/>
    <l7:Link rel="provider" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74"/>
</l7:Item>

STEP 4: Assign Certificate Data to ID 
From above result 
<l7:Link rel="certificate" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate"/>

This URI above is what the PUT goes to,

Command:

curl --insecure -u admin:7layer --location --request PUT 'https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate' \
--header 'Content-Type: application/xml' \
--data '<l7:CertificateData xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Encoded>SOMEENCODEDPEM</l7:Encoded>
</l7:CertificateData>'

Additional Information

Other Example but from Policy Manager view.

1. Error message when trying to update the certificate in identity provider

Resource validation failed due to 'INVALID_VALUES' Certificate subject name (ssg-token-revoke)does not match user login

2. The Login field should be same as certificate CN name.

IssuerName=CN%3Dssg-token-revoke
SubjectNamee=CN%3Dssg-token-revoke

But the Login was empty on user properties..

 

2. Customer updated above data to following and worked as expected.

 

 

Powered by Wolken Software