User access

By: Sakit Atakishiyev user 28 Apr 2017 at 12:24 p.m. CDT

10 Responses
Sakit Atakishiyev gravatar
Hello. I have a few questions. I have an application and three users. When these users call my service first I check that users has access or not. I use `oxd-server`. This library has method which is check resources access. But when I call this method I send only oxd_id, path and method type. My question is how can I know that which user I should check? Should not I send also user's token to identify ?
U1404
closed

Answers

By Michael Schwartz Account Admin 28 Apr 2017 at 1:15 p.m. CDT

Copy
Michael Schwartz gravatar
You define the policies by associating the scope with an "Authorization Script" in the Gluu Server. If the user does not have an OpenID Connect session, you will need to send an identity assertion somehow. I think in the script you can get a handle on the Request, and perhaps pull the identity assertion from there.

By Sakit Atakishiyev user 28 Apr 2017 at 1:28 p.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi Michael, I don't ask this. My problem is, to send `uma_rs_check_access` I should have `RPT`. To get `RPT` I send `uma_rp_get_rpt` command. With `oxd-server` I have only one input which is `oxd-id`. And after this command I got `RPT`, authorize this `RPT` and again send `uma_rs_check_access` command. Now my second user login and call another resource, to check access again I need `RPT`(because this another user). What happen in this case? `oxd-server` return to me the previous `RPT` or give me a new one? If return a new one what about is old one?Because my application has one `oxd-id`.

By Sakit Atakishiyev user 28 Apr 2017 at 3:53 p.m. CDT

Copy
Sakit Atakishiyev gravatar
I checked this. I created two different user A and B on the gluu. Then I run my web application and login with those users A and B. First user A call serviceA. Before execute service my app check user a permission for this I got rpt and checked user A accesss. Then user B call the same service. I got rpt for user B but oxd-server returened the same rpt. But is it correct?

By Michael Schwartz Account Admin 28 Apr 2017 at 7:52 p.m. CDT

Copy
Michael Schwartz gravatar
It depends what your policy is for the resources. What scopes are registered for the respective resource set? And what policies are associated for that scope in the Gluu Server (check the admin UI).

By Sakit Atakishiyev user 29 Apr 2017 at 1:01 a.m. CDT

Copy
Sakit Atakishiyev gravatar
I thought that I could not explain my question very well. I my problem is not about policy. My problem is how I got different `rpt` for different users with `oxd-server`

By Sakit Atakishiyev user 29 Apr 2017 at 8:10 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Getting different `rpt` for different user I should change `use_client_authentication_for_pat` and `use_client_authentication_for_aat` values to false. In this case oxd-server try to obtain `uma-token` with `user credentials`. But current oxd-server can not complete the obtaining token process correctly. Reason are below - On the code used hard coded `state` which is not correct. `state` is different for different users. - `user_id` and `user_secret` always is null. Because of these reasons oxd-server can not complete obtaining `uma-token` Interesting thing is on the `registered site` configuration file has one user id and secret. Does it use only last logged user's info?

By Michael Schwartz Account Admin 29 Apr 2017 at 9 a.m. CDT

Copy
Michael Schwartz gravatar
Can you clarify your question?

By Sakit Atakishiyev user 29 Apr 2017 at 9:04 a.m. CDT

Copy
Sakit Atakishiyev gravatar
I mean when we registered site `oxd-server` create a `json` file with `oxd-id`. This `json` file has `user_id` and `user_secret` properties. Can you explain these properties? Which user's id and secret store to these fields?

By Mohib Zico staff 03 May 2017 at 2:21 a.m. CDT

Copy
Mohib Zico gravatar
Sakit, >> Which user's id and secret store to these fields? Can you please help me to find this file? Where is it located? Here is the searching result from my oxd-server. ``` root@wp:/opt/oxd-server/conf# find /opt/oxd-server -name oxd-id.json root@wp:/opt/oxd-server/conf# ```

By Sakit Atakishiyev user 03 May 2017 at 7:26 a.m. CDT

Copy
Sakit Atakishiyev gravatar
mohib zico, when you register site, `oxd-server` create a json file about your site configuration. This file name is your `oxd-id` which is `oxd-server` generate after registration. Just like `0c127564-d133-4864-bc3c-b11c57292337`

Post an answer