Use the following cURL command to create an OCI Identity Propagation Trust:
curl -X POST <DOMAIN_URL>/admin/v1/IdentityPropagationTrusts \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
-H "Content-Type: application/scim+json" \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:IdentityPropagationTrust"],
"name": "britive-wif",
"issuer": "<BRITIVE_ISSUER_URL>",
"type": "JWT",
"active": true,
"allowImpersonation": true,
"oauthClients": ["<CLIENT_ID>"],
"publicCertificate": "<BRITIVE_WIF_CERTIFICATE>",
"impersonationServiceUsers": [ { "rule": "sub eq *", "value": "<USER_ID>" } ]
}'Replace the following fields in the above cURL:
Parameter | Value |
|---|---|
<DOMAIN_URL> | The domain URL of your Oracle Cloud. |
<ACCESS_TOKEN> | The access token created in this step: Getting an OCI access token (REST) |
<BRITIVE_ISSUER_URL> | Get the Britive Issuer URL during the creation of the Britive WIF application in this step (Link to Onboarding OCI WIF Application in Britive. |
<CLIENT_ID> | Client ID of the confidential app created in this step Creating a Confidential Application in Oracle Cloud |
<BRITIVE_WIF_CERTIFICATE> | It must be base64, with no BEGIN/END lines and no newlines. Run below command in linux terminal: |
<USER_ID> | The ID of the service user created in this step: Creating an OCI Service User (REST) |
Note:
publicCertificate must be the cert body only (strip the -----BEGIN/END----- lines and newlines). rule must be exactly sub eq *. value is the service user id created in this step:Creating an OCI Service User (REST)