Bootstrap FreeKB - Broadcom API Gateway - List Identity Provider certificate using the Gateway Migration Utility
Broadcom API Gateway - List Identity Provider certificate using the Gateway Migration Utility

Updated:   |  Broadcom API Gateway articles

This assumes you are familiar with the basic usage of the Gateway Migration Utility. First, you will want to return the XML of the identity provider. Refer to Broadcom API Gateway - List Identity Providers using the Gateway Migration Utility (GMU). Here is an example of the output that should be returned. In this example, the trustedCertificate is da698409abc96df215cf2f80b2175a41.

    <l7:Item>
        <l7:Name>Sample Identity Provider</l7:Name>
        <l7:Id>da698409abc96df215cf2f80b2175a41</l7:Id>
        <l7:Type>ID_PROVIDER_CONFIG</l7:Type>
        <l7:TimeStamp>2020-08-27T17:04:52.377-05:00</l7:TimeStamp>
        <l7:Link rel="self" uri="https://api.example.com:8443/restman/1.0/identityProviders/da698409abc96df215cf2f80b2175a41"/>
        <l7:Resource>
            <l7:IdentityProvider id="da698409abc96df215cf2f80b2175a41" version="1">
                <l7:Name>Sample Identity Provider</l7:Name>
                <l7:IdentityProviderType>Federated</l7:IdentityProviderType>
                <l7:Properties>
                    <l7:Property key="certificateValidation">
                        <l7:StringValue>Validate Certificate Path</l7:StringValue>
                    </l7:Property>
                    <l7:Property key="enableCredentialType.saml">
                        <l7:BooleanValue>false</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="enableCredentialType.x509">
                        <l7:BooleanValue>true</l7:BooleanValue>
                    </l7:Property>
                </l7:Properties>
                <l7:Extension>
                    <l7:FederatedIdentityProviderDetail>
                        <l7:CertificateReferences resourceUri="http://ns.l7tech.com/2010/04/gateway-management/trustedCertificates">
                            <l7:Reference id="da698409abc96df215cf2f80b2175a41"/>
                        </l7:CertificateReferences>
                    </l7:FederatedIdentityProviderDetail>
                </l7:Extension>
            </l7:IdentityProvider>
        </l7:Resource>
    </l7:Item>

 

Then you can return the trusted certifiate. Refer to Broadcom API Gateway - List Certificates using the Gateway Migration Utility (GMU). Here is an example of the output that should be returned.

<l7:List>
    <l7:Item>
        <l7:Name>Foo Bar CA</l7:Name>
        <l7:Id>fa003c1f2478cc407b0a8acbba2aa199</l7:Id>
        <l7:Type>TRUSTED_CERT</l7:Type>
        <l7:TimeStamp>2020-05-28T00:53:39.838-05:00</l7:TimeStamp>
        <l7:Link rel="self" uri="https://example.com:8443/restman/1.0/trustedCertificates/fa003c1f2478cc407b0a8acbba2aa199"/>
        <l7:Resource>
            <l7:TrustedCertificate id="fa003c1f2478cc407b0a8acbba2aa199" version="3">
                <l7:Name>Foo Bar CA</l7:Name>
                <l7:CertificateData>
                    <l7:IssuerName>CN%3DVeriSign+Class+3+Public+Primary+Certification+Authority+-+G5%2COU%3D%28c%29+2006+VeriSign%5C%2C+Inc.+-+For+authorized+use+only%2COU%3DVeriSign+Trust+Network%2CO%3DVeriSign%5C%2C+Inc.%2CC%3DUS</l7:IssuerName>
                    <l7:SerialNumber>109878343814372231238216740661118760447</l7:SerialNumber>
                    <l7:SubjectName>CN%3DFoo+Bar+CA</l7:SubjectName>
                    <l7:Encoded>MIIFODCCBCCgaaaBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVabcEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW5123MgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKF2d6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIK1234QUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIKKBNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4WKo8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8tTRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=</l7:Encoded>
                </l7:CertificateData>
                <l7:Properties>
                    <l7:Property key="revocationCheckingEnabled">
                        <l7:BooleanValue>true</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="trustAnchor">
                        <l7:BooleanValue>true</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="trustedAsSamlAttestingEntity">
                        <l7:BooleanValue>false</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="trustedAsSamlIssuer">
                        <l7:BooleanValue>false</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="trustedForSigningClientCerts">
                        <l7:BooleanValue>false</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="trustedForSigningServerCerts">
                        <l7:BooleanValue>true</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="trustedForSsl">
                        <l7:BooleanValue>false</l7:BooleanValue>
                    </l7:Property>
                    <l7:Property key="verifyHostname">
                        <l7:BooleanValue>false</l7:BooleanValue>
                    </l7:Property>
                </l7:Properties>
            </l7:TrustedCertificate>
        </l7:Resource>
    </l7:Item>
</l7:List>

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 62b67e in the box below so that we can be sure you are a human.