Extract SSL certificate from Oracle Autonomous Database Wallet

 

In most real-world environments, Autonomous Databases are deployed within a private subnet, where network access is restricted either to specific VCNs or to whitelisted IP addresses. However, there are scenarios where the database needs to be accessed by external resources or applications. In such cases, one option is to expose the database through a public Load Balancer. The Load Balancer accepts incoming traffic and securely routes it to the Autonomous Database.

To further strengthen this communication, encryption is essential. This can be achieved using SSL certificates and keys. An important point to note is that Autonomous Database provides both keys and certificates as part of its wallet. By retrieving the public and private keys from the wallet, you can establish secure SSL communication between the Load Balancer and the database.

In this article, we will walk through the step-by-step process of extracting these keys from the wallet and configuring SSL-based encryption to ensure a robust and secure connectivity setup.

 

Download the Autonomous database wallet. Make a note of the password. It is required later to extract the certificate content.

 

The file ewallet.p12 has the certificate.

$ ls -lrt

total 45

-rw-r--r-- 1 kunka 197609 5710 Sep 20 15:55 ewallet.pem

-rw-r--r-- 1 kunka 197609 3025 Sep 20 15:55 README

-rw-r--r-- 1 kunka 197609 1280 Sep 20 15:55 tnsnames.ora

-rw-r--r-- 1 kunka 197609 5349 Sep 20 15:55 cwallet.sso

-rw-r--r-- 1 kunka 197609 2056 Sep 20 15:55 truststore.jks

-rw-r--r-- 1 kunka 197609  691 Sep 20 15:55 ojdbc.properties

-rw-r--r-- 1 kunka 197609  114 Sep 20 15:55 sqlnet.ora

-rw-r--r-- 1 kunka 197609 5304 Sep 20 15:55 ewallet.p12

-rw-r--r-- 1 kunka 197609 3190 Sep 20 15:55 keystore.jks

 

Lets validate ewallet.p12 using openssl command. The command will ask for the password that has been provided while downloading the wallet.

$ openssl pkcs12 -in ewallet.p12 -info -noout

Enter Import Password:

 

MAC: sha1, Iteration 10000

MAC length: 20, salt length: 8

PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 10000

Key bag

Secret bag

Bag Attributes

    friendlyName: orakey

    localKeyID: E6 B6 52 DD 00 00 00 04 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01

Bag Type: <Random characters>

Certificate bag

Certificate bag

Certificate bag

 

The output shows the wallet is proper.  Now first retrieve Private key from the wallet using openssl command. We will be asked for password provided to download the wallet.

 

$ openssl pkcs12 -in ewallet.p12 -nocerts -nodes -out private_key.pem

Enter Import Password:

 

Bag Type: 0.22.72.134.247.13.1.10

Bag Value:

 

$ ls -lrt private_key.pem

-rw-r--r-- 1 kunka 197609 3954 Sep 25 20:35 private_key.pem

The command has created private_key.pem. Edit the private_key.pem and remove the bag info and make sure it has only  the ---begin private key-- then the 64bit info and --end private key--.

 

Next lets execute openssl command to retrieve public certificate.

 

$ openssl pkcs12 -in ewallet.p12 -nokeys -out all_certs.pem -nodes

Enter Import Password:

 

Bag Type: 0.22.72.134.247.13.1.10

Bag Value:

 

$ ls -lrt

total 57

-rw-r--r-- 1 kunka 197609 5710 Sep 20 15:55 ewallet.pem

-rw-r--r-- 1 kunka 197609 3025 Sep 20 15:55 README

-rw-r--r-- 1 kunka 197609 1280 Sep 20 15:55 tnsnames.ora

-rw-r--r-- 1 kunka 197609 5349 Sep 20 15:55 cwallet.sso

-rw-r--r-- 1 kunka 197609 2056 Sep 20 15:55 truststore.jks

-rw-r--r-- 1 kunka 197609  691 Sep 20 15:55 ojdbc.properties

-rw-r--r-- 1 kunka 197609  114 Sep 20 15:55 sqlnet.ora

-rw-r--r-- 1 kunka 197609 5304 Sep 20 15:55 ewallet.p12

-rw-r--r-- 1 kunka 197609 3190 Sep 20 15:55 keystore.jks

-rw-r--r-- 1 kunka 197609 3954 Sep 25 20:35 private_key.pem

-rw-r--r-- 1 kunka 197609 7021 Sep 25 20:35 all_certs.pem

 

The command has created all_certs.pem and it has CA and Public certificate and Digital certificate.

CA Certificate will start with below subject and issuer.

subject = /CN=Autonomous Database CA/...

issuer  = /CN=Autonomous Database CA/...

 

Public Certificate will start with below subject and issuer.

subject = /dnQualifier=V1/CN=XXXXXXXXXXXX

issuer  = /CN=Autonomous Database CA/..

 

Create public_cert.pem by copying the Public certificate from the all_certs.pem

where subject = /dnQualifier=V1/CN=XXXXXXXXXXXX and issuer  = /CN=Autonomous Database CA/..

copy only the ---begin certificate-- then the 64bit info and --end certificate--

 

 

create CA.pem by copying the CA certificate from the all_certs.pem

where subject = /CN=Autonomous Database CA/... and issuer  =  /CN=Autonomous Database CA/...

copy only the ---begin certificate-- then the 64bit info and --end certificate--

 

Also we can validate the public key and private key integrity through openssl command.

 

openssl x509 -in public_cert.pem -modulus -noout | openssl md5

openssl rsa -in private_key.pem -modulus -noout | openssl md5

 

$ openssl x509 -in public_cert.pem -modulus -noout | openssl md5

MD5(stdin)= 7d54a865a5df6f40665db54859c806b0

$ openssl rsa -in private_key.pem -modulus -noout | openssl md5

MD5(stdin)= 7d54a865a5df6f40665db54859c806b0

 

The command output will be md5 value and it should match for public key and private key

We can check the validity of the public certificate by opening it. Copy the public_cert.pem to public_cert.crt and then open the public_cert.crt file.

 

The Public, Private and CA certificate can be used to create a Load balancer managed certificate and then it can be added for Listener https configuration.

 

 OCI IAM - OCI Command line - Uploading API Keys to User in Default and Custom Domain

In our previous post, we explored how to create users in both the Default domain and a custom domain using the OCI Command Line Interface (CLI). In this article, we will cover another common requirement: uploading an API key to a user (Default and Custom Domain).

While API keys can typically be created and managed through the OCI Console, there are scenarios where CLI becomes essential, such as during API key rotation. In such cases, a new key must be generated and uploaded to the user. Now, imagine performing this task for 100 users. it quickly becomes a time-consuming and error-prone process.

Moreover, API key rotation is often a recurring task in enterprise environments. Fortunately, OCI CLI makes this process simple, efficient, and easily automatable.

In this post we will create a ssh key and upload to a user located in Default and Custom domain.

Creation of SSH Key

For key creation we execute openssl command.

[kmkittu200@19aecd02d604 .oci]$ openssl genrsa   -out "$HOME/.oci/private_key.pem" 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

********************************+++++

**************************************************************************************************************+++++

e is 65537 (0x010001)

[kmkittu200@19aecd02d604 .oci]$ ls -lrt

total 4

-rw-------. 1 kmkittu200 oci 1675  01:42 private_key.pem

 

[kmkittu200@19aecd02d604 .oci]$ openssl rsa -pubout -in "$HOME/.oci/private_key.pem"  -out "$HOME/.oci/public_key.pem"

writing RSA key

[kmkittu200@19aecd02d604 .oci]$ ls -lrt

total 8

-rw-------. 1 kmkittu200 oci 1675 01:42 private_key.pem

-rw-r--r--. 1 kmkittu200 oci  451  01:44 public_key.pem

Upload SSH Key to OCI user (Default domain) as API Key

$ oci iam user api-key upload -i

> oci iam user api-key upload --user-id ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgckiwscwz2kmcdgrzkf2lnmgr46qa --key-file oci_api_key_public.pem

User-id -> User OCID
key -> Provide public key name, if required provide along with location.

 Output                                                                                                                                                    

{

  "data": {

    "fingerprint": "86:76:fc:18:1f:a6:60:a9:a0:0f:68:d1:7a:77:fa:8c",

    "inactive-status": null,

    "key-id": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwkwwnvplozuv6gvwvbsy352iluostn2wtpf5kfu7cyva/ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgckiwscwz2kmcdgrzkf2lnmgr46qa/86:76:fc:18:1f:a6:60:a9:a0:0f:68:d1:7a:77:fa:8c",

    "key-value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvMNfT24DJmkSH9Q/WgI\n3/bmGDUFg825nAkI0YAhkDjuFHPaZqvhDfmq89Z/ok3DknEnZTHcicydOGiP1YLy\nRU5xEKzOIlgQloaOMe9oSRu9piN8yJI9JMKynp9tXJTK89m8b0x86FL3+Gfvdt5/\nn6SbnSiEem+Pv5z3HfXcXcPD4KOyI4C+vizSi25kSc4E3KOunKXoB+VdgtyNryi1\nd1mQVtNlT+59PPOiA0eC0HlR+NWphTlZmk3D0dU6xw2Xaul+imvAH+8s3EfesOMY\n3ieDCcd8IVLNWVKovgzvKhy5++gVVDAIG9fwmUMNBszcRsuTsPkSWaAahxwI5tuy\noQIDAQAB\n-----END PUBLIC KEY-----",

    "lifecycle-state": "ACTIVE",

    "time-created": "2025-05-25T00:02:53.523000+00:00",

    "user-id": "ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgckiwscwz2kmcdgrzkf2lnmgr46qa"

  },

  "etag": "e8e38da1396b46a5bd53141183b7135b"

}

 

Upload SSH Key to OCI user - Custom domain as API Key

For Custom domain the command is different to upload API key.

oci identity-domains api-key create \

  --endpoint "$DOMAIN_ENDPOINT" \

  --domain-ocid "$DOMAIN_OCID" \

  --key "$(cat $PUBLIC_KEY_PATH)" \

  --fingerprint "$FINGERPRINT" \

  --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]' \

  --user "$(echo "{\"value\":\"$GID\"}")"

 

Endpoint – Domain Regional URL

Domain-ocid – OCID of custom domain.

We can collect both the endpoint and Domain-ocid from the domain details page.

Key – we need to provide content of public key file (not the file name)

Fingerprint – fingerprint of the ssh key that has been created. It can be collected by executing command

openssl rsa -pubin -in <public key file path>" -outform DER 2>/dev/null | openssl dgst -sha1 -binary | xxd -p | tr -d '\n' | sed 's/\(..\)/\1:/g; s/:$//')

Example

openssl rsa -pubin -in "$PUBLIC_KEY_PATH" -outform DER 2>/dev/null | openssl dgst -sha1 -binary | xxd -p | tr -d '\n' | sed 's/\(..\)/\1:/g; s/:$//')

56:e0:85:57:83:ef:ff:bf:5c:6c:78:f7:c2:1e:19:e6

 

GID can be collected using below command.

oci identity-domains user get \

>   --endpoint "<Domain end point>" \

>   --user-id "<user OCID>" \

>   --query 'data.id' \

>   --raw-output

Example

$ oci identity-domains user get \

>   --endpoint "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443" \

>   --user-id "ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q" \

>   --query 'data.id' \

>   --raw-output

1497be19efd44c42b08a6a6807987a6c

 

Example – Upload API key to user in custom domain

oci identity-domains api-key create \

  --endpoint https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443 \

  --domain-ocid ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq \

  --key "$(cat public_key.pem)" \

  --fingerprint "89:96:e2:b2:c2:08:f7:a4:6a:08:77:4a:e7:fb:0e:58:cf:5e:f4:ad" \

  --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]' \

  --user "$(echo "{\"value\":\"1497be19efd44c42b08a6a6807987a6c\"}")"

 

 

$ oci identity-domains api-key create   --endpoint https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443   --domain-ocid ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq   --key "$(cat public_key.pem)"   --fingerprint "89:96:e2:b2:c2:08:f7:a4:6a:08:77:4a:e7:fb:0e:58:cf:5e:f4:ad"   --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]'   --user "$(echo "{\"value\":\"ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q\"}")"

ServiceError:

{

[kmkittu200@4c64238e14dc .oci]$ oci identity-domains user get \

>   --endpoint "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443" \

>   --user-id "ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q" \

>   --query 'data.id' \

>   --raw-output

1497be19efd44c42b08a6a6807987a6c

[kmkittu200@4c64238e14dc .oci]$ oci identity-domains api-key create \

>   --endpoint https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443 \

>   --domain-ocid ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq \

>   --key "$(cat public_key.pem)" \

>   --fingerprint "89:96:e2:b2:c2:08:f7:a4:6a:08:77:4a:e7:fb:0e:58:cf:5e:f4:ad" \

>   --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]' \

>   --user "$(echo "{\"value\":\"1497be19efd44c42b08a6a6807987a6c\"}")"

{

  "data": {

    "compartment-ocid": "ocid1.tenancy.oc1..aaaaaaaacq5gprsqz26em4koaokcntrpey4adi7mzzgve53cm44ozbxa4z4a",

    "delete-in-progress": null,

    "description": null,

    "domain-ocid": "ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq",

    "fingerprint": "ad:77:ed:e0:8f:a9:85:cb:f2:26:be:4f:49:a5:ea:7b",

    "id": "785dfb86065940b38949b29bb7c40ee3",

    "idcs-created-by": {

      "display": "Krishnakumar kunka mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaalgnnlyvdwgzj75nydtw7fng3ol7ihb2gbb3shrcqmz44eykfjrwa",

      "ref": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/Users/b355b255db43422d8646f94c35691d14",

      "type": "User",

      "value": "b355b255db43422d8646f94c35691d14"

    },

    "idcs-last-modified-by": {

      "display": "Krishnakumar kunka mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaalgnnlyvdwgzj75nydtw7fng3ol7ihb2gbb3shrcqmz44eykfjrwa",

      "ref": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/Users/b355b255db43422d8646f94c35691d14",

      "type": "User",

      "value": "b355b255db43422d8646f94c35691d14"

    },

    "idcs-last-upgraded-in-release": null,

    "idcs-prevented-operations": null,

    "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubtIqQfXFqCsi93SEFUi\nFK1aMzw5W6vk6zR3Douka+L8VKEtK968J+Wa/0FJxVtz/Q0uTBI7h1JaYsEahnF4\nzY4ideWFmTdzge0jALDJJ0DVRk/jx3t2H55OAWbIq/oTgN6FmwUK8GgT8XLouPns\nZ+WrwYd1i6PE23WQeF6Qny736XG5gsjDxZxB7k5lj4BHDe8fqchClsN/e2Y3wV6c\nc52vo0/EOy9wyl5mLEuhCDKS+93NL1lw0BnApYJ05kXk8rdFECwRYSZpYiapOj4X\nlUhVv8lISVtxe9Zqiu9zUlK6VSlyfbkJlbT8mqUQCNOEOfAsdU0X1s6VgagvO5oB\nHQIDAQAB\n-----END PUBLIC KEY-----",

    "meta": {

      "created": "2025-07-20T02:53:46.957Z",

      "last-modified": "2025-07-20T02:53:46.957Z",

      "location": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/ApiKeys/785dfb86065940b38949b29bb7c40ee3",

      "resource-type": "ApiKey",

      "version": "4c76dc3ed3eb4110be1a60de719b8d5c"

    },

    "ocid": "ocid1.credential.oc1..aaaaaaaa6e742z5axbbcjpast7xwp2ervjknxydz6fexdvb5izubve2nqqpq",

    "schemas": [

      "urn:ietf:params:scim:schemas:oracle:idcs:apikey"

    ],

    "tags": null,

    "tenancy-ocid": "ocid1.tenancy.oc1..aaaaaaaacq5gprsqz26em4koaokcntrpey4adi7mzzgve53cm44ozbxa4z4a",

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-self-change-user": null,

    "user": {

      "display": "customuser",

      "name": "customeruser@example.com",

      "ocid": "ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q",

      "ref": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/Users/1497be19efd44c42b08a6a6807987a6c",

      "value": "1497be19efd44c42b08a6a6807987a6c"

    }

  },

  "etag": "4c76dc3ed3eb4110be1a60de719b8d5c",

  "opc-total-items": "1"

}

[kmkittu200@4c64238e14dc .oci]$

  

OCI IAM – OCI Command Line - User Creation (Default and Custom Domain)

One of the major pillars of Oracle Cloud Infrastructure is Identity Management (IAM). It defines the user access, roles and privileges on OCI resources. It must be robust and adhere the security standards. OCI IAM includes Domains, Network sources, Policies and compartments. One of the important resources in IAM is Users.

In this article we are going to discuss how to create OCI users through command line and how to upload API keys through command line.

We may get doubt that why do we need command line when we have GUI option? Its commonly asked valid question. When we perform via GUI, we need to go to portal, complete the authentication and click the icons and links to create user and upload keys. But when it is done through OCI CLI, it has been automated and can be executed quickly and also can be used for creating multiple users. In GUI we need to repeat same steps for every user which might be a time consuming one.

This article talks about user creation through command line. In OCI IAM comes with domains. Every tenancy will have default domain and option to add more domains. User creation through oci command line differs between default and customer created domains. We discuss in detail with example.

User creation in default domain

$ oci iam user create -i à Try with -i option, it will give all the available options with create command.

> oci iam user create --name ociuser --description "user for oci workloads" --email ociuser@gmail.com                                                

{

  "data": {

    "capabilities": {

      "can-use-api-keys": true,

      "can-use-auth-tokens": true,

      "can-use-console-password": true,

      "can-use-customer-secret-keys": true,

      "can-use-db-credentials": true,

      "can-use-o-auth2-client-credentials": true,

      "can-use-smtp-credentials": true

    },

    "compartment-id": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwkwwnvploza",

    "db-user-name": null,

    "defined-tags": {

      "Oracle-Tags": {

        "CreatedBy": "default/kmkittu2005@gmail.com",

        "CreatedOn": "2025-05-24T23:59:54.038Z"

      }

    },

    "description": "user for oci workloads",

    "email": "ociuser@gmail.com",

    "email-verified": false,

    "external-identifier": "6f54261a6a0843eea50f54a7e2367a66",

    "freeform-tags": {},

    "id": "ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgcki",

    "identity-provider-id": null,

    "inactive-status": null,

    "is-mfa-activated": false,

    "last-successful-login-time": null,

    "lifecycle-state": "ACTIVE",

    "name": "ociuser",

    "previous-successful-login-time": null,

    "time-created": "2025-05-24T23:59:54.110000+00:00"

  },

  "etag": "94b7ae93e56640ce848be8cb3c66ed55"

}

kmkittu200@codeeditor:~ (us-phoenix-1)$

User creation in Custom domain

Now lets try to create a user in custom domain. Here the command is different, we can’t use oci iam command. We should use oci identity-domains  command.

We already have a domain called ‘test’. Lets create user in test domain.

Syntax:
oci identity-domains user create

--domain-ocid  <domain ocid>

--user-name <username>

--display-name <user display name>

--schemas '["urn:ietf:params:scim:schemas:core:2.0:User"]' à default value

--name '{"givenName":"<first-name>","familyName":"<last-name>"}'

--emails '[{"value":"ociuser@gmail.com",”type:<type of workload>,"primary":true}]'

--endpoint <Regional endpoint>

 

Domain-ocid can be collected from domain details page.

Username – the actual username

Display name – the user name displayed in the banner. Its for our understanding.

Schemas – This parameter is part of the SCIM (System for Cross-domain Identity Management) standard. It tells the Identity Domain API what kind of resource you're creating and which schema it follows. The default value denotes that we are creating SCIM User object using the core user schema defined by SCIM 2.0. SCIM compliance is mandatory, since OCI Identity Domains are based on IDCS (Oracle Identity Cloud Service) which is SCIM-compliant.

Name – Having first and last name values.
emails – it needs not only email and also requires type of email (“work”,”home” or “other”). We can define multiple emails for the user. We need to specify which email id is primary.
endpoint – its regional endpoint of domain. It can be collected from domain details page.

 

Example:

$ oci identity-domains user create \

> --domain-ocid ocid1.domain.oc1..aaaaaaaabn6436zhyo34dfj4ttgyscssk2joc3w37ghdtbpa625pclq4behq \

> --user-name "ociuser.test " \

> --display-name "ociuser test" \

> --schemas '["urn:ietf:params:scim:schemas:core:2.0:User"]' \

> --name '{"givenName":"ociuser","familyName":"test"}' \

> --emails '[{"value":"ociuser@gmail.com","type":"work","primary":true}]' \

> --endpoint https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443

{

  "data": {

    "active": true,

    "addresses": null,

    "compartment-ocid": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwkwwnvplozuv6gvwvbsy352iluostn2wtpf5kfu7cyva",

    "delete-in-progress": null,

    "description": null,

    "display-name": "ociuser test",

    "domain-ocid": "ocid1.domain.oc1..aaaaaaaabn6436zhyo34dfj4ttgyscssk2joc3w37ghdtbpa625pclq4behq",

    "emails": [

      {

        "pending-verification-data": null,

        "primary": false,

        "secondary": false,

        "type": "recovery",

        "value": "ociuser@gmail.com",

        "verified": false

      },

      {

        "pending-verification-data": null,

        "primary": true,

        "secondary": false,

        "type": "work",

        "value": "ociuser@gmail.com",

        "verified": false

      }

    ],

    "entitlements": null,

    "external-id": null,

    "groups": null,

    "id": "d36b61edced74a92af6783cde547d5e7",

    "idcs-created-by": {

      "display": "Krishnakumar Mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaanswicp4lg4zx3qnql3yoiyhu6r",

      "ref": "https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443/admin/v1/Users/6a6d4c9e3d914a71a6d4095076554a99",

      "type": "User",

      "value": "6a6d4c9e3d914a71a6d4095076554a99"

    },

    "idcs-last-modified-by": {

      "display": "Krishnakumar Mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaanswicp4lg4zx3qnql3yoiyhu6raa",

      "ref": "https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443/admin/v1/Users/6a6d4c9e3d914a71a6d4095076554a99",

      "type": "User",

      "value": "6a6d4c9e3d914a71a6d4095076554a99"

    },

    "idcs-last-upgraded-in-release": null,

    "idcs-prevented-operations": null,

    "ims": null,

    "locale": null,

    "meta": {

      "created": "2025-05-25T00:13:59.366Z",

      "last-modified": "2025-05-25T00:13:59.366Z",

      "location": "https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443/admin/v1/Users/d36b61edced74a92af6783cde547d5e7",

      "resource-type": "User",

      "version": "6eda118f39504260bd5ad4f307e93c59"

    },

    "name": {

      "family-name": "test",

      "formatted": "ociuser test",

      "given-name": "ociuser",

      "honorific-prefix": null,

      "honorific-suffix": null,

      "middle-name": null

    },

    "nick-name": null,

    "ocid": "ocid1.user.oc1..aaaaaaaas3gmm2a444r7l6rnavvp5rrq",

    "password": null,

    "phone-numbers": null,

    "photos": null,

    "preferred-language": null,

    "profile-url": null,

    "roles": null,

    "schemas": [

      "urn:ietf:params:scim:schemas:core:2.0:User",

      "urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User",

      "urn:ietf:params:scim:schemas:oracle:idcs:extension:OCITags",

      "urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User"

    ],

    "tags": null,

    "tenancy-ocid": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwabcs",

    "timezone": null,

    "title": null,

    "urn-ietf-params-scim-schemas-extension-enterprise2-0-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-adaptive-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-capabilities-user": {

      "can-use-api-keys": true,

      "can-use-auth-tokens": true,

      "can-use-console": null,

      "can-use-console-password": true,

      "can-use-customer-secret-keys": true,

      "can-use-db-credentials": true,

      "can-use-o-auth2-client-credentials": true,

      "can-use-smtp-credentials": true

    },

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-db-credentials-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-db-user-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-kerberos-user-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-mfa-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-oci-tags": {

      "defined-tags": [

        {

          "key": "CreatedBy",

          "namespace": "Oracle-Tags",

          "value": "default/kmkittu2005@gmail.com"

        },

        {

          "key": "CreatedOn",

          "namespace": "Oracle-Tags",

          "value": "2025-05-25T00:13:59.282Z"

        }

      ],

      "freeform-tags": null,

      "tag-slug": null

    },

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-password-state-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-passwordless-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-posix-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-security-questions-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-self-change-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-self-registration-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-sff-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-social-account-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-terms-of-use-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-user-credentials-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-user-state-user": {

      "last-failed-login-date": null,

      "last-successful-login-date": null,

      "locked": {

        "expired": null,

        "lock-date": null,

        "on": false,

        "reason": null

      },

      "login-attempts": null,

      "max-concurrent-sessions": null,

      "previous-successful-login-date": null,

      "recovery-attempts": null,

      "recovery-enroll-attempts": null,

      "recovery-locked": null

    },

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-user-user": {

      "account-recovery-required": null,

      "accounts": null,

      "app-roles": null,

      "applicable-authentication-target-app": null,

      "bypass-notification": null,

      "creation-mechanism": null,

      "delegated-authentication-target-app": null,

      "do-not-show-getting-started": null,

      "grants": null,

      "group-membership-last-modified": null,

      "idcs-app-roles-limited-to-groups": null,

      "is-account-recovery-enrolled": null,

      "is-authentication-delegated": null,

      "is-federated-user": false,

      "is-group-membership-normalized": null,

      "is-group-membership-synced-to-users-groups": null,

      "notification-email-template-id": null,

      "preferred-ui-landing-page": "MyApps",

      "provider": null,

      "service-user": null,

      "status": null,

      "support-accounts": null,

      "synced-from-app": null,

      "user-flow-controlled-by-external-client": null,

      "user-token": null

    },

    "user-name": "ociuser.test",

    "user-type": null,

    "x509-certificates": null

  },

  "etag": "6eda118f39504260bd5ad4f307e93c59",

  "opc-next-page": "MQ==",

  "opc-total-items": "1"

}

kmkittu200@codeeditor:~ (us-phoenix-1)$