Update Authentication Configuration REST Service
Use Update Authentication Configuration REST Service to configure the authentication requirements in containerized IBM Security Guardium Key Lifecycle Manager.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/ckms/securityConfigurations/update
By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
JSON object with the following specification:
Property name | Description |
---|---|
FIPS | Specify the value as on or off
to enable or disable Federal Information Processing Standards (FIPS) publication 140-2 standard
compliance in Guardium Key Lifecycle Manager. By default, this flag is set to off. When you set this property to on,
Guardium Key Lifecycle Manager uses the |
Suite_B | Specify the value as on or off to enable or
disable US National Security Agency (NSA) Suite B standard compliance in Guardium Key Lifecycle Manager. By default, this flag is set to off. Set the property with one of the following values:
When you set this property to on, Guardium Key Lifecycle Manager uses the |
SP800_131A | Specify the value as on or off
to enable or disable Guardium Key Lifecycle Manager to communicate over
secure sockets in compliance with the National Institute of Standards and Technology (NIST) Special
Publication (SP) 800-131A standard in strict mode. By default, this flag is set to off. Set the property to on to enable this standard. |
securityLevel | Specify one of the following values to configure the cipher suite group to be used by the TLS
handshake.
This property is ignored if you set the enabledCiphers property with a specific list of ciphers. |
enabledCiphers | Specify a unique list of cipher suites. You can specify multiple cipher suites by separating
the cipher suites with a space. For example:
If you set this property, the securityLevel property is ignored. |
Response
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
JSON object with the following specification:
JSON property name | Description |
---|---|
code | Returns the code that is specified by the status property. |
status | Returns the status to indicate whether the node is added to the multi-master cluster. |
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Example
- Service request to specify FIPS security configuration
-
POST https://localhost:port/SKLM/rest/v1/ckms/SKLM/rest/v1/ckms/securityConfigurations/update {"FIPS":"on"}
- Success response
-
Status Code: 200 OK [ { "code":"0","status":"Succeeded" } ]
- Error response
-
{"code":"CTGKM6002E", "message":"CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}