Test Connection to OIDC Provider REST Service

Use the Test Connection to OIDC Provider REST Service to test whether connection to the configured endpoint URLs of OpenID Connect (OIDC) provider from the IBM® Security Guardium® Key Lifecycle Manager container are reachable.

Operation
POST
URL
https://host:port/SKLM/rest/v1/authnConfigProperties/oidc/testConnection

By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Request body

JSON object with the following specification:

Property name Description
OIDC_CONNECT_CLIENT_CLIENT_ID Specify the client ID of the OIDC provider to be connected to.
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_OIDC parameter.
OIDC_CONNECT_CLIENT_CLIENT_SECRET Specify the client secret of the OIDC provider to be connected to.
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_OIDC parameter.
OIDC_CONNECT_CLIENT_SERVER_HOST Specify the host name or IP address of the OIDC provider.
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_OIDC parameter.
OIDC_CONNECT_CLIENT_SERVER_PORT Specify the port number of the OIDC provider.
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_LDAP parameter.
OIDC_CONNECT_CLIENT_SERVER_AUTH_URL Specify the authorization endpoint URL. For example:
"oidc/endpoint/OP/authorize"
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_LDAP parameter.
OIDC_CONNECT_CLIENT_SERVER_TOKEN_URL Specify the token endpoint URL. For example:
"oidc/endpoint/OP/token"
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_LDAP parameter.
OIDC_CONNECT_CLIENT_SERVER_USERINFO_URL Specify the userInfo endpoint URL. For example:
"oidc/endpoint/OP/userinfo"
Note: This parameter is mandatory if you have specified true as a value in the AUTH_TYPE_LDAP parameter.
OIDC_CONNECT_CLIENT_SERVER_VALIDATION_METHOD Specify the validation method for the OIDC provider.

Possible values: introspect (default); userinfo

OIDC_CONNECT_CLIENT_SERVER_VALIDATION_URL Specify the validation endpoint URL for the OIDC provider. For example:
"oidc/endpoint/OP/introspect"
.

Response

Response Headers
Header name Value and description
Status Code
200 OK
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success Response Body

JSON object with the following specification.

JSON property name Description
code Returns the success code.
status Returns a message that describes the status.
Error Response Body

JSON object with the following specification.

JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.

Example

Test connection to OIDC provider
POST https://localhost:port/SKLM/rest/v1/authnConfigProperties/oidc/testConnection
{
  "OIDC_CONNECT_CLIENT_CLIENT_ID": "sklmRP_S1",
  "OIDC_CONNECT_CLIENT_CLIENT_SECRET": "secret",
  "OIDC_CONNECT_CLIENT_SERVER_DISCOVERY_URL": "https://host1/oidc/endpoint/OP/.well-known/openid-configuration",
  "OIDC_CONNECT_CLIENT_SERVER_VALIDATION_METHOD": "introspect",
  "OIDC_CONNECT_CLIENT_SERVER_VALIDATION_URL": "https://host1:443/oidc/endpoint/OP/introspect"
 
}
Success response
{
  "code": "CTGKM6213I",
  "status": "CTGKM6213I OIDC Configured EndPoints are reachable."
}
Error response
{
  "code": "CTGKM6222E",
  "message": "CTGKM6222E Discovery Endpoint test connection failed."
}
Table 1. Topic change log
Date Change description
20 Oct 2021 Corrected the example.
30 Sept 2021 Removed ckms from the REST endpoint.
10 Sept 2021 Initial version.