search cancel

Restman set user certificate error Certificate subject name does not match user login

book

Article ID: 238440

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

I am having a challenge finding a proper body to set certificate for a user created using restman.

Please provide a valid sample that can work with an identity provider of type X.509.

Environment

Release : 10.0

Component :

Resolution

STEP 1: I created a new FIP with name SOMEFIP 
STEP 2: Get FIP ID.
https://MyGatewayServer:8443/restman/1.0/identityProviders?name=SOMEFIP
Value=
l7:Item>
<l7:Name>SOMEFIP</l7:Name>
<l7:Id>a760ef5024e4980615ab2662910c6d74</l7:Id>


STEP 3: Create User in FIP via restman
Command:

curl --insecure -u admin:7layer --location --request POST 'https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:User providerId="a760ef5024e4980615ab2662910c6d74" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Login>CN OF CERT PEM BELOW</l7:Login>
    <l7:FirstName></l7:FirstName>
    <l7:LastName></l7:LastName>
    <l7:Email></l7:Email>
    <l7:SubjectDn>CN OF CERT PEM BELOW</l7:SubjectDn>
    <l7:Properties>
        <l7:Property key="name">
            <l7:StringValue>test_user</l7:StringValue>
            </l7:Property>
    </l7:Properties>
 </l7:User>'
 
Result:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>eislapi-forpostmanjwt.qa.wmap.broadridge.net</l7:Name>
    <l7:Id>a760ef5024e4980615ab2662910c6f07</l7:Id>
    <l7:Type>USER</l7:Type>
    <l7:TimeStamp>2022-04-01T06:00:17.021-07:00</l7:TimeStamp>
    <l7:Link rel="self" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07"/>
    <l7:Link rel="template" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/template"/>
    <l7:Link rel="list" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users"/>
    <l7:Link rel="certificate" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate"/>
    <l7:Link rel="provider" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74"/>
</l7:Item>

STEP 4: Assign Certificate Data to ID 
From above result 
<l7:Link rel="certificate" uri="https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate"/>

This URI above is what the PUT goes to,

Command:

curl --insecure -u admin:7layer --location --request PUT 'https://MyGatewayServer:8443/restman/1.0/identityProviders/a760ef5024e4980615ab2662910c6d74/users/a760ef5024e4980615ab2662910c6f07/certificate' \
--header 'Content-Type: application/xml' \
--data '<l7:CertificateData xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Encoded>SOMEENCODEDPEM</l7:Encoded>
</l7:CertificateData>'