Joe, UMA Discovery URL (or well known endpoint) is clear I guess: https://kantara.gluu.org/.well-known/uma-configuration If you hit it you can see UMA discovery information (including token endpoint and authorization endpoint). umaAatClientId, umaAatClientSecret - client credentials for AAT pat_client_id, pat_client_secret - PAT client credentials (need to unify those names some day :)) You can register your client on your own using Connect Dynamic Client Registration (see http://openid.net/specs/openid-connect-registration-1_0.html) or do it manually via https://kantara.gluu.org (you would need admin credentials in this case, it is not public of course). rsPhoneWsUrl - is Resource Server endpoint, it's hard coded here. You may find better way how to let RP know about RS location. About script type, answer is yes, only python is supported right now. We can support also JavaScript (or any other language) but it's not set as priority right now.

Yuriy, Yea, I have seen the endpoint. So, I have installed Gluu on a VMware, it is all running (I can login from my mac fine). So to understand what is going on I have downloaded the demos, I understand these will not work out the box, but I want to just try and get the RS server started at least. To do this I will need to populate the rs-protect-config.json, and this will need (I would guess the pat information from my server). All my 'well-known' has for the pat stuff is "pat_profiles_supported" : [ "bearer" ], And if I attempt to hit any token endpoints for example: "token_endpoint" : "https://gluuserver.mylifedigital/oxauth/seam/resource/restv1/oxauth/token", which I would assume returns me tokens to populate the json, it just asks for a login, which never works. Thanks. Joe

Joe, Got it. Then here are steps: 1. configurations for both RP and RS are loaded from <TOMCAT_HOME>/conf directory. 2. Make sure you've deployed RP to tomcat/webapps/rp 3. Make sure you've deployed RS to tomcat/webapps/rs ** If these three steps are done correctly then it's as easy to configure as described below :)** : ### Resource Server Correct, you need to populate rs-protect.json (and optionally rs-protect-config.json if you modified WS endpoints, if not modified then leave it unchanged). For rs-protect.json you need PAT client credentials: For this login to your server (in our demo it is https://kantara.gluu.org, in your case it is your VM https://gluuserver.mylifedigital) and add new client with parameters (for this select OpendId Configuration -> Clients -> Add client): 1. Name : oxUma Demo RS (or any other name you like) 2. Application type : web 3. Authentication method for the Token Endpoint: client_secret_basic 4. Redirect Login URIs: <your rs redirect uri> (in our demo it is https://kantara.gluu.org/rs/rs.html in your VM you will have another address, like https://gluuserver.mylifedigital/rs/rs.html) 5. scopes: openid and uma_protection (uma_protection indicates that it is PAT) 6. Response types: token code id_token Now populate rs-protect.json with client id and secret you've just added. Next register client for RP (AAT) with difference : 1. scopes openid and uma_authorization (uma_authorization indicates that it is AAT) 2. Redirect Login URIs: <your rp redirect uri> (in our demo it is https://kantara.gluu.org/rp/rp.html in your VM you will have another address, like https://gluuserver.mylifedigital/rp/rp.html) Now populate oxuma-rp-conf.json with client id and secret you've just added. (Don't forget restart tomcat after changes in configurations to force reload them.)

That makes more sense now.. I will go and have a play. Thanks for your time.

Just another quick question. If we wanted to use a custom Python driver (for example a database) one in a custom script. How do we make that driver (after a pip install) available to the jython script engine? Joe

Joe, It will require some effort. You would need to make it available in jython, which means include your custom driver into classpath. The easiest way is to branch oxAuth and build own oxAuth with custom driver on board.

I would suggest creating an api for the DB and using standard python libraries to call it. Stateful JDBC calls from the Gluu Server are discouraged.