UMA2: no way to obtain the "ticket" parameter, which is needed to call uma-rp-get-rpt

By: Emilio Pena user 24 Apr 2019 at 1:09 p.m. CDT

7 Responses
Emilio Pena gravatar
Couldn't find on oxd API's documentation how to obtain the "ticket" parameter required for calling function uma-rp-get-rpt. No clue on this one. If there's an example or reference to this please provide. It would be a great help if you could point me in the right direction. Thank you.
Ubuntu 16.04 Oxd 4.0 Ubuntu 16.04
closed

Answers

By Yuriy Zabrovarnyy staff 24 Apr 2019 at 2:39 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Emilio, When RP calls RS and doesn't pass RPT or pass RPT with not enough permissions RS returns back `ticket` (please check `uma-rs-check-access` command). https://gluu.org/docs/oxd/3.1.4/api/#uma-rs-check-access Thanks, Yuriy Z

By Emilio Pena user 26 Apr 2019 at 4:34 p.m. CDT

Copy
Emilio Pena gravatar
Hi Yuriy, I am calling uma-rs-check-access and it returns a "resource not protected" type message. The thing is the resource was previously registered by another app. I am attaching the request data and response. Hope it helps. Request data (uma-rs-check-access): https://pastebin.com/mCc6GwW0 Response: https://pastebin.com/RjSXh57h Thank you and have a nice day.

By Yuriy Zabrovarnyy staff 27 Apr 2019 at 11:17 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Please make sure you use same `oxd_id` during registration of resources and then check access. I guess you use different `oxd_id` and therefore it can't be found. Thanks, Yuriy Z

By Emilio Pena user 29 Apr 2019 at 4:18 p.m. CDT

Copy
Emilio Pena gravatar
Hi Yuriy, I followed your instructions and was able to get a ticket for the uma_rp_get_rpt request. The issue now is that uma_rp_get_rpt returns the following error `{ "code": 403, "message": "{\"error\":\"forbidden_by_policy\",\"error_description\":\"Forbidden by policy (policy returned false).\"}" } ` There are no UMA policies associated to the UMA scopes in use ("item:read & "item:create"). Registered resources are described in:[https://pastebin.com/hi70wUnt] . Any ideas about what might be the cause of this? Thank you.

By Emilio Pena user 29 Apr 2019 at 4:23 p.m. CDT

Copy
Emilio Pena gravatar
As an adding to the previous one, here's the process I followed: * register the RP app using oxd * register resource to RP app (using RP's oxd_id as per your instructions) * check access to resource for RP, returns ticket since no rpt exists yet * with previously obtained ticket call uma_rp_get_rpt. It returns the aforementioned 403 error. Hope it helps. Thanks.

By Yuriy Zabrovarnyy staff 29 Apr 2019 at 4:32 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Please provide oxauth.log. If scope is not protected by any policy then AS automatically rejects it. If you really want to allow unprotected scopes then you can set umaGrantAccessIfNoPolicies oxauth configuration property to true. Thanks, Yuriy Z

By Emilio Pena user 01 May 2019 at 9:26 a.m. CDT

Copy
Emilio Pena gravatar
Hi Yuryi, I followed your advice and was able to fetch an rpt. Thank you very much for your help. Best regards.

Post an answer