Example 2: AWS ADFS credential
This example shows you how to call POST Credentials/Create.
A Windows server, which hosts Trust Protection Platform, requires standard SSL or TLS validation to trust the certificate securing the Active Directory Federated Service (ADFS) URL. For example, the certificate name (CN), and Subject Alternate Name (SAN) must match the DNS name. The certificate is issued by a trusted CA and it cannot be expired or revoked.
TIP Know your CA's requirements for credentials. Remember that you are adding credentials as is. Always validate the Credential object. The best way to check is to create a CA Template in the UI and apply your credential. If an error occurs, correct the credential, and retry.
The Values array needs these elements:
- Name: Source, Type:string and Value of ADFS. List the Source of the credential first in the Values array. This clears other attributes to avoid non-applicable data from being retained.
- Name: AdfsUrl,Type:string, and Value that is a ADFS URL.
- Name: AdfsCredential, Type:string, and Value that is the location of the credential in the Policy tree.
- Name: Role: with Value that is the Amazon Resource Name (ARN).
Example: Create a local ADFS Amazon credential
Request
POST https://tpp.venafi.example/vedsdk/Credentials/Create
Authorization:Bearer 4MyGeneratedBearerTknz==
{
"CredentialPath":"\\VED\\Policy\\Credentials\\AWS ADFS Credential",
"FriendlyName":"Amazon",
"Expiration":"\/Date(1893456000000)\/",
"Values":[
{
"Name":"Source",
"Type":"string",
"Value":"ADFS"
},
{
"Name":"AdfsUrl",
"Type":"string",
"Value":"https://adfs.venafi.example/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices"
},
{
"Name":"AdfsCredential",
"Type":"string",
"Value":"\\VED\\Policy\\Credentials\\ADFS Username Credential"
},
{
"Name":"Role",
"Type":"string",
"Value":"arn:aws:iam::077141312839:role/COMPANY-VenafiTPP,arn:aws:iam::077141312839:saml-provider/COMPANY"
}
]
}
Response
HTTP/1.1 200 OK
{
"Result":1
}