Failed to find RPT by code

By: Adam Martin user 01 Mar 2018 at 5:13 p.m. CST

4 Responses
Adam Martin gravatar
Per the instructions [HERE](https://gluu.org/docs/ce/user-management/scim2/) I have enabled SCIM and created a client. When I attempt to retrieve a token I am successful: ``` $ curl -v -u '[INSERT_CLIENT_ID]:[INSERT_CLIENT_SECRET' -d grant_type=client_credentials \ https://gluuspike.centralus.cloudapp.azure.com/oxauth/restv1/token ``` I will see: ``` * upload completely sent off: 29 out of 29 bytes < HTTP/1.1 200 OK < Date: Thu, 01 Mar 2018 23:03:51 GMT < Server: Jetty(9.3.15.v20161220) < X-Xss-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000; includeSubDomains < Cache-Control: no-store < Content-Type: application/json < Pragma: no-cache < Transfer-Encoding: chunked < * Connection #0 to host gluuspike.centralus.cloudapp.azure.com left intact {"access_token":"ca2812c1-ee38-4779-b057-a83a104b082a","token_type":"bearer","expires_in":299}% ``` However when I attempt to use the token: ``` curl -v -G -H 'Authorization: Bearer ca2812c1-ee38-4779-b057-a83a104b082a' -d count=10 'https://gluuspike.centralus.cloudapp.azure.com/identity/restv1/scim/v2/Users' ``` I get the following error: ``` < HTTP/1.1 401 Unauthorized < Date: Thu, 01 Mar 2018 23:04:16 GMT < Server: Jetty(9.3.15.v20161220) < X-Xss-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000; includeSubDomains < WWW-Authenticate: UMA realm="Authorization required", host_id=gluuspike.centralus.cloudapp.azure.com, as_uri=https://gluuspike.centralus.cloudapp.azure.com/.well-known/uma2-configuration, ticket=5c218c44-59a8-4041-8e7c-4633c6b45dd9 < Content-Length: 0 < * Connection #0 to host gluuspike.centralus.cloudapp.azure.com left intact ``` In the log files I see the following: ``` 2018-03-01 23:04:16,830 ERROR [qtp2008017533-15] [org.xdi.oxauth.uma.service.UmaRptService] (UmaRptService.java:104) - Failed to find RPT by code: ca2812c1-ee38-4779-b057-a83a104b082a ``` I'm assuming I have misconfigured something but given this is our first attempt at anything I am unsure how or what I may have wrong. I can not find anything I've done that has diverged from the documentation. Thanks!
Ubuntu 16.04
closed

Answers

By Jose Gonzalez staff 02 Mar 2018 at 10:48 a.m. CST

Copy
Jose Gonzalez gravatar
Hi Adam, It seems your Gluu Server is using "UMA protection mode" for SCIM API, not test mode as the instructions you are trying to follow. Please double check "scimTestMode" is set to `true` as stated [here](https://www.gluu.org/docs/ce/user-management/scim2/#protection-using-test-mode). Kind regards, Jose.

By Adam Martin user 02 Mar 2018 at 10:56 a.m. CST

Copy
Adam Martin gravatar
Jose, That worked (sorry I thought that you could act in standard UMA Protection Mode). What is the difference between Test Mode vs UMA protection mode and how do properly execute the call as if this was for real? Is there some documentation that expresses that difference? Thanks so much for your help!

By Jose Gonzalez staff 02 Mar 2018 at 1:21 p.m. CST

Copy
Jose Gonzalez gravatar
Hi, > I thought that you could act in standard UMA Protection Mode Those protection modes are mututally exclusive > What is the difference... Here we briefly introduce the difference https://gluu.org/docs/ce/user-management/scim2/#api-protection If someone wants to start coding against SCIM API from scratch, test mode protection is a good way to start because the authorization steps are simpler than in UMA scenario. UMA protection is the mode we recommend for a production setting. UMA is a standard mechanism to protect web resources (such as APIs). [Here](https://gluu.org/docs/ce/user-management/scim2/#scim-protected-by-uma) you have some pointers. There is also a page dedicated to UMA in [Gluu docs](https://gluu.org/docs/ce/admin-guide/uma/). This way is more involved as it implements the workflow you can see [here](https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html). So coding it requires more effort and some reading. All aspects of the API are the same for both modes when it comes to CRUD (create, retrieve update, and delete) as this is dictated by the SCIM spec. Gluu offers a ready-to-use Java client that abstracts away all the complexity of authorization processes for both modes. If Java is your realm, you can just simply go straight with UMA. Coding the protection routines yourself is a one-time task. Once you make the first requests work, you will just deal with the actual work. I think you may find this [section](https://gluu.org/docs/ce/user-management/scim2/#supporting-a-user-registration-process-with-scim) useful as it has some nice tips for developers.

By Adam Martin user 02 Mar 2018 at 1:31 p.m. CST

Copy
Adam Martin gravatar
Thanks Jose that is EXACTLY the info I needed. Test mode is neat but it's the UMA Protected mode I need to prove out for our investigation of Gluu. Thank you so much for your help it was extremely valuable.

Post an answer