By: Miguel Foo user 12 Aug 2017 at 7:24 p.m. CDT

2 Responses

Hey All, I'm trying to figure out how to UMA for a resource I'm trying to protect I'm not sure if its a bug or I'm doing something wrong. I've read the documentation about 7 times through and through and here's where I got. I've obtained my protection API token(PAT) from gluu with the scope of "uma_protection" and its working as verified via the introspective endpoint. Next, my Resource Server(RS) created a resource set on gluu (via the [create resource set gluu API](https://gluu.org/docs/ce/api-guide/uma-api/#createresourceset)) ![enter image description here](https://i.imgur.com/m04Sf4O.png "enter image title here") Now I want to create a permission ticket but every time I use the I used the [UMA Permissions Registration API of Gluu](https://gluu.org/docs/ce/api-guide/uma-api/#uma-permission-registration-api) referencing the resourceSetId, it says ``` {"error":"invalid_resource_set_id","error_description":"The provided resource set identifier was not found at the AM."} ``` The request is formatted like: ``` POST /oxauth/seam/resource/restv1/host/rsrc_pr Headers: Authorization: Bearer 5b9b7ea0-4300-4fb0-b8ee-92a0bab566db Content-Type: application/json Body: {"resourceSetId":"1502582035197", "scopes":["dashboard_api"]} ``` Here are the logs from oxauth ``` 2017-08-12 23:47:27,932 ERROR [qtp242131142-14] [org.xdi.oxauth.service.uma.UmaValidationService] (UmaValidationService.java:193) - Resource set id is empty 2017-08-12 23:51:32,686 INFO [qtp242131142-18] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:189) - Authentication success for Client: '@!037F.7407.DCC3.D36D!0001!38C4.7E97!0008!5761.05FD.87AC.C5EB' 2017-08-12 23:51:32,933 ERROR [qtp242131142-18] [xdi.oxauth.uma.ws.rs.ResourceSetRegistrationWS] (ResourceSetRegistrationWS.java:98) - Exception during resource creation java.lang.IllegalArgumentException: Scope must be specified for resource set. at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122) ~[guava-19.0.jar:?] at org.xdi.oxauth.service.uma.ResourceSetService.validate(ResourceSetService.java:69) ~[classes/:?] at org.xdi.oxauth.service.uma.ResourceSetService.addResourceSet(ResourceSetService.java:63) ~[classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) ~[jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.service.uma.ResourceSetService_$$_javassist_seam_69.addResourceSet(ResourceSetService_$$_javassist_seam_69.java) ~[classes/:?] at org.xdi.oxauth.uma.ws.rs.ResourceSetRegistrationWS.addResourceSet(ResourceSetRegistrationWS.java:335) ~[classes/:?] at org.xdi.oxauth.uma.ws.rs.ResourceSetRegistrationWS.putResourceSetImpl(ResourceSetRegistrationWS.java:294) ~[classes/:?] at org.xdi.oxauth.uma.ws.rs.ResourceSetRegistrationWS.createResourceSet(ResourceSetRegistrationWS.java:96) [classes/:?] at sun.reflect.GeneratedMethodAccessor689.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.resteasy.ResteasyContextInjectionInterceptor.aroundInvoke(ResteasyContextInjectionInterceptor.java:59) [jboss-seam-resteasy-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.uma.ws.rs.ResourceSetRegistrationWS_$$_javassist_seam_67.createResourceSet(ResourceSetRegistrationWS_$$_javassist_seam_67.java) [classes/:?] at sun.reflect.GeneratedMethodAccessor688.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.seam.resteasy.ResteasyResourceAdapter$1.process(ResteasyResourceAdapter.java:145) [jboss-seam-resteasy-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.resteasy.ResteasyResourceAdapter.getResource(ResteasyResourceAdapter.java:120) [jboss-seam-resteasy-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:63) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] ``` Here's the screen shots of the resourceID screen and the scope I created for testing ![enter image description here](https://i.imgur.com/VB8y60V.png "enter image title here") Here's a Screenshot of the LDAP record it created ![enter image description here](https://i.imgur.com/t8vkyc8.png "enter image title here") I can also verify that it exists when I call the [List Resource sets route](https://gluu.org/docs/ce/api-guide/uma-api/#resourcesetlist) returns: ``` ["1502582035197"] ``` Can you guys point me in the right direction? or verify if its a bug?

OS Version : N/A

closed

By Michael Schwartz Account Admin 13 Aug 2017 at 1:55 p.m. CDT

Copy

Resource set registration should be initiated by the resource server. I think in the next version we removed the ability to add a resource set via the GUI. Before you make a big investment in UMA 1.01, you should really just wait for UMA 2. If you want to get a head start, you should read the two specs: - [Federated Authorization for User-Managed Access (UMA) 2.0](https://docs.kantarainitiative.org/uma/ed/oauth-uma-federated-authz-2.0-06.html) - [User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization](https://docs.kantarainitiative.org/uma/ed/oauth-uma-grant-2.0-06.html) UMA grant is from the client perspective. UMA Federated Authz covers the RS and AS. But unfortunately, it doesn't pay to do a deep dive into UMA 1.0.1, which we're removing in 3.2 (not even deprecating).

By Miguel Foo user 13 Aug 2017 at 4:10 p.m. CDT

Copy

Nice, looking forward to it, UMA is fantastic for the user centered distributed authentication world we live in

You need to Login in order to post an answer

UMA - invalid_resource_set_id even though it's there

By: Miguel Foo user 12 Aug 2017 at 7:24 p.m. CDT

Answers

By Michael Schwartz Account Admin 13 Aug 2017 at 1:55 p.m. CDT

By Miguel Foo user 13 Aug 2017 at 4:10 p.m. CDT

Post an answer