Broadcom API Gateway - List Identity Provider certificate using the Gateway Migration Utility
by
Jeremy Canfield |
Updated: February 23 2022
| Broadcom API Gateway articles
This assumes you are familiar with the basic usage of the Gateway Migration Utility. First, you will want to return the XML of the identity provider. Refer to Broadcom API Gateway - List Identity Providers using the Gateway Migration Utility (GMU). Here is an example of the output that should be returned. In this example, the trustedCertificate is da698409abc96df215cf2f80b2175a41.
<l7:Item>
<l7:Name>Sample Identity Provider</l7:Name>
<l7:Id>da698409abc96df215cf2f80b2175a41</l7:Id>
<l7:Type>ID_PROVIDER_CONFIG</l7:Type>
<l7:TimeStamp>2020-08-27T17:04:52.377-05:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://api.example.com:8443/restman/1.0/identityProviders/da698409abc96df215cf2f80b2175a41"/>
<l7:Resource>
<l7:IdentityProvider id="da698409abc96df215cf2f80b2175a41" version="1">
<l7:Name>Sample Identity Provider</l7:Name>
<l7:IdentityProviderType>Federated</l7:IdentityProviderType>
<l7:Properties>
<l7:Property key="certificateValidation">
<l7:StringValue>Validate Certificate Path</l7:StringValue>
</l7:Property>
<l7:Property key="enableCredentialType.saml">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="enableCredentialType.x509">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
</l7:Properties>
<l7:Extension>
<l7:FederatedIdentityProviderDetail>
<l7:CertificateReferences resourceUri="http://ns.l7tech.com/2010/04/gateway-management/trustedCertificates">
<l7:Reference id="da698409abc96df215cf2f80b2175a41"/>
</l7:CertificateReferences>
</l7:FederatedIdentityProviderDetail>
</l7:Extension>
</l7:IdentityProvider>
</l7:Resource>
</l7:Item>
Then you can return the trusted certifiate. Refer to Broadcom API Gateway - List Certificates using the Gateway Migration Utility (GMU). Here is an example of the output that should be returned.
<l7:List>
<l7:Item>
<l7:Name>Foo Bar CA</l7:Name>
<l7:Id>fa003c1f2478cc407b0a8acbba2aa199</l7:Id>
<l7:Type>TRUSTED_CERT</l7:Type>
<l7:TimeStamp>2020-05-28T00:53:39.838-05:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://example.com:8443/restman/1.0/trustedCertificates/fa003c1f2478cc407b0a8acbba2aa199"/>
<l7:Resource>
<l7:TrustedCertificate id="fa003c1f2478cc407b0a8acbba2aa199" version="3">
<l7:Name>Foo Bar CA</l7:Name>
<l7:CertificateData>
<l7:IssuerName>CN%3DVeriSign+Class+3+Public+Primary+Certification+Authority+-+G5%2COU%3D%28c%29+2006+VeriSign%5C%2C+Inc.+-+For+authorized+use+only%2COU%3DVeriSign+Trust+Network%2CO%3DVeriSign%5C%2C+Inc.%2CC%3DUS</l7:IssuerName>
<l7:SerialNumber>109878343814372231238216740661118760447</l7:SerialNumber>
<l7:SubjectName>CN%3DFoo+Bar+CA</l7:SubjectName>
<l7:Encoded>MIIFODCCBCCgaaaBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVabcEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW5123MgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKF2d6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIK1234QUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIKKBNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4WKo8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8tTRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=</l7:Encoded>
</l7:CertificateData>
<l7:Properties>
<l7:Property key="revocationCheckingEnabled">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustAnchor">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlAttestingEntity">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlIssuer">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningClientCerts">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningServerCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSsl">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="verifyHostname">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
</l7:Properties>
</l7:TrustedCertificate>
</l7:Resource>
</l7:Item>
</l7:List>
Did you find this article helpful?
If so, consider buying me a coffee over at 