"401 - Not authorized" on SCIM APIs

By: Prabhu R user 29 Jun 2015 at 7:35 a.m. CDT

5 Responses
Prabhu R gravatar
We tried to access the scim API of Users as by the below steps, Step1 : We register a client to get access token to access APIs, URL - https://gluuserver.com/oxauth/seam/resource/restv1/oxauth/register Header - Accept application/json Request - { "redirect_uris": ["https://gluuserver.com/oxauth-rp/home.seam"], "response_types": [ "code", "token", "id_token" ], "application_type": "web", "contacts": ["ram@org.com"], "client_name": "Test apppay", "logo_uri": "http://www.gluu.org/wp-content/uploads/2013/08/logo.png", "token_endpoint_auth_method": "client_secret_basic", "policy_uri": "https://www.gluu.org/policy", "tos_uri": "https://www.gluu.org/tos", "jwks_uri": "https://gluuserver.com/oxauth-client/test/resources/jwks.json", "sector_identifier_uri": "https://gluuserver.com/oxauth-client/test/resources/sector_identifier.js", "default_max_age": "3600", "require_auth_time": "true", "post_logout_redirect_uris": ["https://gluuserver.com/oxauth-rp/postlogout"] } Response - { "client_id": "@!2F65.8EB2.463D.415B!0001!9BFC.84D2!0008!F816.A77E", "client_secret": "80998e6a-73ba-44fb-9625-29997d2325eb", "registration_access_token": "802da0e1-28b3-441d-9747-b4177448271b", "registration_client_uri": "https://gluuserver.com/oxauth/seam/resource/restv1/oxauth/register?client_id=@!2F65.8EB2.463D.415B!0001!9BFC.84D2!0008!F816.A77E", "client_id_issued_at": 1435580872, "client_secret_expires_at": 1435667272, "redirect_uris": ["https://gluuserver.com/oxauth-rp/home.seam"], "response_types": [ "id_token", "code", "token" ], "application_type": "web", "contacts": ["ram@org.com"], "client_name": "Test apppay", "logo_uri": "http://www.gluu.org/wp-content/uploads/2013/08/logo.png", "token_endpoint_auth_method": "client_secret_basic", "policy_uri": "https://www.gluu.org/policy", "tos_uri": "https://www.gluu.org/tos", "jwks_uri": "https://gluuserver.com/oxauth-client/test/resources/jwks.json", "sector_identifier_uri": "https://gluuserver.com/oxauth-client/test/resources/sector_identifier.js", "subject_type": "public", "id_token_signed_response_alg": "RS256", "default_max_age": 3600, "require_auth_time": true, "post_logout_redirect_uris": ["https://gluuserver.com/oxauth-rp/postlogout"], "scopes": [ "email", "address", "profile", "phone", "clientinfo", "openid" ] } Step2 : We tried to access Users SCIM API, Url - https://gluuserver.com/identity/seam/resource/restv1/Users/ Headers - Accept application/json Authorization Bearer 802da0e1-28b3-441d-9747-b4177448271b Content Type application/json Response - HTTP Status 401 - Not authorized What are we missing???
None
closed

Answers

By Aliaksandr Samuseu staff 29 Jun 2015 at 12:33 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Prabhu. Are you sure you have been using the correct url for your 2nd request? According to OpeinID Connect Registration [spec](http://openid.net/specs/openid-connect-registration-1_0.html), 4.1, you should use url returned in the "registration_client_uri" element of the response, "https://gluuserver.com/oxauth/seam/resource/restv1/oxauth/register?client_id=@!2F65.8EB2.463D.415B!0001!9BFC.84D2!0008!F816.A77E" in your case.

By Prabhu R user 30 Jun 2015 at 11:25 p.m. CDT

Copy
Prabhu R gravatar
Hi Aliaksandr, You mean to say after my Step1, I want to use "registration_client_uri" to register my client again using "registration_access_token"? I cant able to understand "OpeinID Connect Registration spec, 4.1" completely. Kindly help us.

By Aliaksandr Samuseu staff 01 Jul 2015 at 5:40 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Prabhu. Please disregard my previous answer, I misread your question and decided you are trying to request your newly registered client's configuration properties via OpeinID Connect Registration extension (which actually works as it should). Now I clearly see you are trying to access Gluu's SCIM api. Please accept my apologies for providing you misleading information. At the moment, after I've tried to follow SCIM api guide in the Gluu wiki, in an attempt to make sure it is indeed functional before trying to reproduce your issue, and failed, I'm trying to get more info about its current state from the dev team. As soon as I have some news I'll let you know for sure. Best regards, Alex.

By Prabhu R user 02 Jul 2015 at 8:28 a.m. CDT

Copy
Prabhu R gravatar
Thanks Alex. We are running out many similar issues on following Gluu Docs. We are in need of API for SAML Trust Relationships. Let us know asap.

By Mohib Zico staff 11 Jul 2015 at 3:37 a.m. CDT

Copy
Mohib Zico gravatar
Hello Guys, How is it going? Just checking out..... What we are waiting on here in this ticket? Kind regards, Zico

Post an answer