Unable to access SCIM APIs with UMA enabled

By: Master Kumar user 22 Oct 2018 at 1:01 a.m. CDT

8 Responses
Master Kumar gravatar
I have tried using SCIM Client and also using API's calls but both are not working after setting the testmode to false. Steps for SCIM Client As per the documentation given on gluu site did the Steps followed with API calls are 1. Created a client from the gluu server interface 2. Used the newly created client details got access_token and id_token Here is the curl request used for getting token: curl -X POST \ https://mygluserv.com/oxauth/restv1/token \ -H 'authorization: Basic QCFGMTU3LjBBNUIuOUE3Ni42QTdEITAwMDEhMjA2My44MjQ5ITAwMDghQkQ2MS40ODczLkJCRjcuMEUyQzpwYXNzd29yZA==' \ -H 'cache-control: no-cache' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'postman-token: d9dcc2e9-bd69-868a-83d9-5b672b16868c' \ -d 'grant_type=client_credentials&scope=openid%20profile%20email&nonce=a2acf3f2' 3. Now try to get the list of resources registered using the below curl request curl -X GET \ https://mygluserv.com/oxauth/restv1/host/rsrc/resource_set \ -H 'authorization: Bearer 3cbe064b-a82b-4694-a1ad-138b6a7b3da9' \ -H 'cache-control: no-cache' \ -H 'nonce: a2acf3f2' \ -H 'postman-token: a2658875-4ede-c533-7a3c-88d9a0ee69c7' Response for above curl is 406 Not Acceptable { "error": "invalid_client_scope", "error_description": "The requested scope is invalid, unknown, or malformed." } 4. I also tried to create user and it was also failing saying bad request.
CentOS 7.0
closed

Answers

By Aliaksandr Samuseu staff 23 Oct 2018 at 6:37 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi. Please provide dump of LDAP entry of the client you created: 1. Open the client's properties in web UI and copy its "Inum" value 2. Move into Gluu's container 3. Put your LDAP password in `/tmp/.dpw` (it's the same as default admin's password was right after installation) 4. Dump the client's properties: `# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -T -Z -X -D 'cn=directory manager' -j /tmp/.dpw -b 'o=gluu' -z 3 '&(objectclass=oxauthclient)(inum=YOUR_INUM)'` 5. Share it here. You may decide to remove client's secret from output Then please move to web UI and increase oxAuth's logs' verbosity level to "DEBUG" as decribed in [this doc](https://gluu.org/docs/ce/3.1.4/operation/logs/), reproduce your issue again and provide us your `oxauth.log` with detailed trace related to this interaction.

By Master Kumar user 24 Oct 2018 at 12:08 p.m. CDT

Copy
Master Kumar gravatar
Output of the ldapsearch is returning nothing and oxauth.log is giving below error 2018-10-24 14:34:56,455 ERROR [qtp1007309018-77] [xdi.oxauth.uma.ws.rs.UmaResourceRegistrationWS] (UmaResourceRegistrationWS.java:239) - Exception happened on getResourceList() javax.ws.rs.WebApplicationException: HTTP 406 Not Acceptable at org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException(ErrorResponseFactory.java:112) ~[classes/:?] at org.xdi.oxauth.model.error.ErrorResponseFactory$Proxy$_$$_WeldClientProxy.throwUmaWebApplicationException(Unknown Source) ~[classes/:?] at org.xdi.oxauth.uma.service.UmaValidationService.validateAuthorization(UmaValidationService.java:130) ~[classes/:?] at org.xdi.oxauth.uma.service.UmaValidationService.assertHasProtectionScope(UmaValidationService.java:104) ~[classes/:?] at org.xdi.oxauth.uma.ws.rs.UmaResourceRegistrationWS.getResourceList(UmaResourceRegistrationWS.java:216) [classes/:?] at org.xdi.oxauth.uma.ws.rs.UmaResourceRegistrationWS$Proxy$_$$_WeldClientProxy.getResourceList(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_162] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_162] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_162] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_162] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.gluu.oxserver.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:344) [oxcore-server-3.1.3.Final.jar:?] at org.gluu.oxserver.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:121) [oxcore-server-3.1.3.Final.jar:?] at org.xdi.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:132) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:73) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_162]

By Master Kumar user 26 Oct 2018 at 1:48 p.m. CDT

Copy
Master Kumar gravatar
Any update on how to over this problem

By Master Kumar user 29 Oct 2018 at 1:19 p.m. CDT

Copy
Master Kumar gravatar
Did anyone get a chance to see into this ticket, and can you please reply with the solution

By William Lowe user 31 Oct 2018 at 10:17 a.m. CDT

Copy
William Lowe gravatar
If you need guaranteed responses, you might consider purchasing a [support contract](https://support.gluu.org). Thanks, Will

By Master Kumar user 31 Oct 2018 at 10:56 a.m. CDT

Copy
Master Kumar gravatar
Thanks william for the response. Is it not possible to get the information that gluu server is capabale of as per documentation, without the support contract?. Please let me know what api's are to be called for getting the user details using SCIM api with UMA protected since i don't see the details related to this in the document. Hoping that you will help.

By William Lowe user 31 Oct 2018 at 11:23 a.m. CDT

Copy
William Lowe gravatar
please dont twist my statement. i said if you need guaranteed responses, you might consider paying for the time you so clearly expect for free.

By Yamil Díaz Aguirre user 11 Feb 2019 at 5:09 p.m. CST

Copy
Yamil Díaz Aguirre gravatar
We have exactly the same Issue, someone can help us please?

Post an answer