Test Connection to OIDC Provider REST Service
Use the Test Connection to OIDC Provider REST Service to test whether connection to the configured endpoint URLs of OpenID Connect (OIDC) provider from the IBM® Security Guardium® Key Lifecycle Manager container are reachable.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/authnConfigProperties/oidc/testConnection
By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Request Parameters
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
Request body
JSON object with the following specification:
Property name | Description |
---|---|
OIDC_CONNECT_CLIENT_CLIENT_ID | Specify the client ID of the OIDC provider to be connected to. Note: This parameter
is mandatory if you have specified true as a value in the
AUTH_TYPE_OIDC parameter.
|
OIDC_CONNECT_CLIENT_CLIENT_SECRET | Specify the client secret of the OIDC provider to be connected to. Note: This parameter
is mandatory if you have specified true as a value in the
AUTH_TYPE_OIDC parameter.
|
OIDC_CONNECT_CLIENT_SERVER_HOST | Specify the host name or IP address of the OIDC provider. Note: This parameter
is mandatory if you have specified true as a value in the
AUTH_TYPE_OIDC parameter.
|
OIDC_CONNECT_CLIENT_SERVER_PORT | Specify the port number of the OIDC provider. Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
OIDC_CONNECT_CLIENT_SERVER_AUTH_URL | Specify the authorization endpoint URL. For
example:
Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
OIDC_CONNECT_CLIENT_SERVER_TOKEN_URL | Specify the token endpoint URL. For
example:
Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
OIDC_CONNECT_CLIENT_SERVER_USERINFO_URL | Specify the userInfo endpoint URL. For
example:
Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
OIDC_CONNECT_CLIENT_SERVER_VALIDATION_METHOD | Specify the validation method for the OIDC provider. Possible values: introspect (default); userinfo |
OIDC_CONNECT_CLIENT_SERVER_VALIDATION_URL | Specify the validation endpoint URL for the OIDC provider. For
example: . |
Response
Response Headers
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
Success Response Body
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the success code. |
status | Returns a message that describes the status. |
Error Response Body
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Example
- Test connection to OIDC provider
-
POST https://localhost:port/SKLM/rest/v1/authnConfigProperties/oidc/testConnection { "OIDC_CONNECT_CLIENT_CLIENT_ID": "sklmRP_S1", "OIDC_CONNECT_CLIENT_CLIENT_SECRET": "secret", "OIDC_CONNECT_CLIENT_SERVER_DISCOVERY_URL": "https://host1/oidc/endpoint/OP/.well-known/openid-configuration", "OIDC_CONNECT_CLIENT_SERVER_VALIDATION_METHOD": "introspect", "OIDC_CONNECT_CLIENT_SERVER_VALIDATION_URL": "https://host1:443/oidc/endpoint/OP/introspect" }
- Success response
-
{ "code": "CTGKM6213I", "status": "CTGKM6213I OIDC Configured EndPoints are reachable." }
- Error response
-
{ "code": "CTGKM6222E", "message": "CTGKM6222E Discovery Endpoint test connection failed." }
Date | Change description |
20 Oct 2021 | Corrected the example. |
30 Sept 2021 | Removed ckms from the REST endpoint. |
10 Sept 2021 | Initial version. |