UMA Access denied

By: Sakit Atakishiyev user 08 Aug 2018 at 3:59 a.m. CDT

4 Responses
Sakit Atakishiyev gravatar
Hello. We are trying to test UMA services. For testing we try to get access already registered resource `SCIM Access`. First we logined and authorization code. Then using the code and get `access_token`. After getting `access_token` we try to access this resource with this token **Request** ``` POST /oxauth/restv1/host/rsrc_pr HTTP/1.1 Host: localhost Content-Type: application/json Authorization: Bearer 7504f925-34c0-4ca1-a7e5-310cbd3d23c3 Cache-Control: no-cache { "resource_id":"0f13ae5a-135e-4b01-a290-7bbe62e7d40f", "resource_scopes":[ "https://localhost/oxauth/restv1/uma/scopes/scim_access" ], "params": { "key1":"value1", "key2":"value2" } } ``` **Response** ``` { "ticket": "b0d528c8-8c7a-4290-b96f-ccadc6f12747" } ``` Then we try to get the `access_token` with this this `ticket` **Request** ``` POST /oxauth/restv1/token HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Authorization: Basic QCEwMDk2LjY5QjEuNEI5NC5DRDIzITAwMDEhQzMxMi4yNjQ2ITAwMDghQjNBOS45QkYzLkQxNTUuRjEzOTpsZGFwMTIz Cache-Control: no-cache ticket=b0d528c8-8c7a-4290-b96f-ccadc6f12747&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket ``` **Response** ``` { "pct": "f8e42aca-9916-4d78-8197-16b9d5fdd10f_F298.99C5.9ADB.C38E.E4C9.7ECA.CA01.FF19", "upgraded": false, "access_token": "c3e94682-834e-40f9-ba87-1fb8c8ab0da5_0312.641C.ADE5.D2A8.6361.E407.FC5E.3B3D", "token_type": "Bearer" } ``` Now we try to access the `SCIM Access` **Reqeuest** ``` POST /oxauth/restv1/host/rsrc_pr HTTP/1.1 Host: localhost Content-Type: application/json Authorization: Bearer c3e94682-834e-40f9-ba87-1fb8c8ab0da5_0312.641C.ADE5.D2A8.6361.E407.FC5E.3B3D Cache-Control: no-cache { "resource_id":"0f13ae5a-135e-4b01-a290-7bbe62e7d40f", "resource_scopes":[ "https://localhost/oxauth/restv1/uma/scopes/scim_access" ], "params": { "key1":"value1", "key2":"value2" } } ``` **Response** ``` { "error": "access_denied", "error_description": "The resource owner or AM server denied the request." } ``` We also checked the token permissions **Request** ``` POST /oxauth/restv1/rpt/status HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Authorization: Bearer 7504f925-34c0-4ca1-a7e5-310cbd3d23c3 Cache-Control: no-cache token=c3e94682-834e-40f9-ba87-1fb8c8ab0da5_0312.641C.ADE5.D2A8.6361.E407.FC5E.3B3D ``` **Response** ``` { "active": true, "exp": 1533721048, "iat": 1533717448, "nbf": null, "permissions": [ { "resource_id": "0f13ae5a-135e-4b01-a290-7bbe62e7d40f", "resource_scopes": [ "https://localhost/oxauth/restv1/uma/scopes/scim_access" ], "exp": 1533720874, "params": null } ], "client_id": "@!0096.69B1.4B94.CD23!0001!C312.2646!0008!B3A9.9BF3.D155.F139", "sub": null, "aud": "@!0096.69B1.4B94.CD23!0001!C312.2646!0008!B3A9.9BF3.D155.F139", "iss": null, "jti": null, "pct_claims": {} } ``` We enabled `SCIM Support` from configuration and disabled all policy. Is there any thing we did wrong? [server.log](https://drive.google.com/file/d/1E-_4idxiTOgG2BchgJ1KQADSDBHdPmbe/view?usp=sharing)
Ubuntu 16.04
closed

Answers

By Michael Schwartz Account Admin 08 Aug 2018 at 11:18 a.m. CDT

Copy
Michael Schwartz gravatar
Get a support contract. We're giving you the software for free. But this is not a charity.

By Sakit Atakishiyev user 09 Aug 2018 at 12:26 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Michael this is the community support and I did not ask any special question. The same request works with old versions. But not version 3.1.3. By the way my time also is valuable for me.

By Sakit Atakishiyev user 09 Aug 2018 at 12:29 a.m. CDT

Copy
Sakit Atakishiyev gravatar
And UMA module does not work properly why I get a support contract?

By Michael Schwartz Account Admin 10 Aug 2018 at 10:30 a.m. CDT

Copy
Michael Schwartz gravatar
Gluu does a great job supporting the community. What we don't do is support large organizations for free who can afford to contribute, but choose not to. Your organization has a long history of asking questions. It's time to go back to your client and get them to stop freeloading.

Post an answer