Policy script cannot be found when using uma-rp-get-rpt to get token.

By: Bruce Gordon Account Admin 20 Jun 2019 at 7:41 a.m. CDT

3 Responses
Bruce Gordon gravatar
I successfully ran the GLUU UMA tutorial with GLUU Gateway although I now wanted to test that a policy is applied to a scope. I added the uma_rpt_policy auth policy to none_claims_gathering scope. However it seems like the uma_rpt_policy cannot be found(see below)...do I need to configure anything else ? ] (Authenticator.java:205) - Authentication successfully for '@!69A6.3FD5.755B.EE1A!0001!7539.FC10!0008!2F6C.3503.1098.12FA' 2019-06-20 12:34:08,178 DEBUG [qtp804611486-9] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:107) - Attempting to request access token: grantType = urn:ietf:params:oauth:grant-type:uma-ticket, code = null, redirectUri = null, username = null, refreshToken = null, clientId = null, ExtraParams = {ticket=[c6de5faa-2abb-48f2-a914-bce50fdbbcfc], grant_type=[urn:ietf:params:oauth:grant-type:uma-ticket]}, isSecure = true, codeVerifier = null, ticket = c6de5faa-2abb-48f2-a914-bce50fdbbcfc 2019-06-20 12:34:08,192 TRACE [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaTokenService] (UmaTokenService.java:80) - requestRpt grant_type: urn:ietf:params:oauth:grant-type:uma-ticket, ticket: c6de5faa-2abb-48f2-a914-bce50fdbbcfc, claim_token: null, claim_token_format: null, pct: null, rpt: null, scope: null 2019-06-20 12:34:08,192 TRACE [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaValidationService] (UmaValidationService.java:210) - Validate grantType: urn:ietf:params:oauth:grant-type:uma-ticket 2019-06-20 12:34:08,202 TRACE [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaValidationService] (UmaValidationService.java:373) - CandidateGrantedScopes: none_claims_gathering 2019-06-20 12:34:08,321 TRACE [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaPctService] (UmaPctService.java:81) - PCT code: a8353216-dab8-4ae0-a2b1-5269e15c1723_1EDC.687F.05F0.0EB3.8126.88F7.D333.E811, claims: {} 2019-06-20 12:34:08,331 ERROR [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaNeedsInfoService] (UmaNeedsInfoService.java:92) - Unable to load UMA script dn: 'inum=@!69A6.3FD5.755B.EE1A!0001!7539.FC10!0011!2DAF.F995,ou=scripts,o=@!69A6.3FD5.755B.EE1A!0001!7539.FC10,o=gluu' 2019-06-20 12:34:08,332 WARN [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaTokenService] (UmaTokenService.java:103) - There are no any policies that protects scopes. Scopes: none_claims_gathering. Configuration property umaGrantAccessIfNoPolicies: false 2019-06-20 12:
Ubuntu 16.0
closed

Answers

By Meghna Joshi staff 20 Jun 2019 at 8:14 a.m. CDT

Copy
Meghna Joshi gravatar
Hi Bruce, After adding policy in the scope, you need to enable it. Follow this path `Configuration > Manage Custom Scripts > UMA RPT Policies` and enable it. This script is default connect with claim gathering script so please take care about it. I would like to suggest you to follow the `claim-gathering` flow for testing UMA Policy Scripts in [gg-tutorial](https://gluu.org/docs/gg/uma-tutorial) because tutorial demo code has some static configurations related to flow. Best Regards, Meghna Joshi

By Yuriy Zabrovarnyy staff 20 Jun 2019 at 8:18 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
It seems scope contains outdated reference to script DN (probably due to removing and adding policy?). Would you please go to `scope` view (for `none_claims_gathering`), remove all policies and add them again? `UMA`->`Scopes`-> Click on `none_claims_gathering` -> Remove all policies -> Add them back. Lets us know whether it helps. If it doesn't please find this cope in ldap under `ou=uma` and provide LDIF of `none_claims_gathering` scope as well as `inum=@!69A6.3FD5.755B.EE1A!0001!7539.FC10!0011!2DAF.F995,ou=scripts,o=@!69A6.3FD5.755B.EE1A!0001!7539.FC10,o=gluu'` script. Thanks, Yuriy Z

By Bruce Gordon Account Admin 20 Jun 2019 at 9:33 a.m. CDT

Copy
Bruce Gordon gravatar
Thanks I have removed policies and re-added and made sure policies enabled. It works now.

Post an answer