By: Master Kumar user 10 Oct 2018 at 6:52 a.m. CDT

6 Responses
Master Kumar gravatar
Related to SCIM and UMA have two things 1. Are the SCIM api's by default protected by gluu after installation or should register SCIM resources. If need to register what should be passed as authorization header in resource register api. Can share any sample request. 2. I have enabled SCIM, UMA and created a client as per the documentation.Accessed the api https://mygluserv.com/oxauth/restv1/token by passing the client_id,secret in authorization header and got the below response { "access_token": "ed453153-0d41-4eb2-9ab7-6c04aee9383b", "token_type": "bearer", "expires_in": 299 } Now when i tried to access user API https://mygluserv.com/identity/restv1/scim/v2/Users to create user by passing the access token with POST method and body as below { "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "userName":"ajsmith", "name":{ "familyName":"Smith", "givenName":"Joe" }, "displayName":"Average Joe" } But got the response as RESTEASY003150: Error status 400 Bad Request returned. I checked the oxtrust.log and it shows below error 2018-09-05 17:02:12,160 ERROR [qtp1007309018-3814] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:127) - RESTEASY003150: Error status 400 Bad Request returned org.jboss.resteasy.client.ClientResponseFailure: RESTEASY003150: Error status 400 Bad Request returned at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:584) Any help in this regard is appreciated.

By Michael Schwartz staff 14 Oct 2018 at 7:44 p.m. CDT

Michael Schwartz gravatar
As per standard OAuth, you should send the access token with header `Authorization: Bearer xxxxxxx`

By Thomas Gasmyr Mougang staff 15 Oct 2018 at 12:32 a.m. CDT

Thomas Gasmyr Mougang gravatar
Hey Kumar, You can follow [this section](https://gluu.org/docs/ce/user-management/scim2/#raw-http-requests) of the documentation to achieve your goal. Below is an example of call: ``` $ curl -H 'Authorization: Bearer ...access token...' -H 'Content-Type: application/scim+json' -d @input.json -o output.json https://<host-name>/identity/restv1/scim/v2/Users` ```

By Master Kumar user 15 Oct 2018 at 3:04 a.m. CDT

Master Kumar gravatar
Hi Thomas,Michael thank you for the reply. If you see in my question i have passed the access token as said by Thomas, is it correct? From the document it doesn't give the complete information, can you please provide me in detail on how to do it. Regarding my 1st question, didn't get any response. It would be nice if you can please provide me complete details on the API's.

By Thomas Gasmyr Mougang staff 15 Oct 2018 at 3:17 a.m. CDT

Thomas Gasmyr Mougang gravatar
> Are the SCIM api's by default protected by gluu after installation or should register SCIM resources. The answer for that question is in the [documentation](https://gluu.org/docs/ce/user-management/scim2/). The documentation contain all information you need to configure SCIM on Gluu server. There is also a SCIM-client library you can use if you don't want to deal with manual token generation.

By Master Kumar user 15 Oct 2018 at 11:56 a.m. CDT

Master Kumar gravatar
Thank you Thomas, as per the documentation the SCIM API's are protected by default. I tried to use the SCIM-client library and its giving below error. 2018-10-15 22:22:54,683 main WARN Unable to instantiate org.fusesource.jansi.WindowsAnsiOutputStream Exception--null java.lang.NullPointerException at gluu.scim2.client.TestModeScimClient.triggerRegistrationIfNeeded(TestModeScimClient.java:103) at gluu.scim2.client.TestModeScimClient.<init>(TestModeScimClient.java:74) at gluu.scim2.client.factory.ScimClientFactory.getTestClient(ScimClientFactory.java:87) at gluu.scim2.client.factory.ScimClientFactory.getTestClient(ScimClientFactory.java:105) at TestScimClient.simpleSearch(TestScimClient.java:22) **Here is the java code using SCIM-Client Library** which is giving the above error public class TestScimClient { private String domainURL="https://mygluser.com/identity/restv1"; private String OIDCMetadataUrl="https:/mygluserv.com/.well-known/openid-configuration"; private Logger logger = LogManager.getLogger(getClass()); private void simpleSearch() throws Exception { ClientSideService client=ScimClientFactory.getTestClient(domainURL, OIDCMetadataUrl); //ClientSideService client=ScimClientFactory.getClient(domainURL, OIDCMetadataUrl); String filter = "userName eq \"admin\""; System.out.println("ClientSideService Object: "+client); Response response = client.searchUsers(filter, 1, 1, null, null, null, null); logger.debug(response.readEntity(String.class)); System.out.println("Response: "+response); List<BaseScimResource> resources=response.readEntity(ListResponse.class).getResources(); logger.info("Length of results list is: {}", resources.size()); UserResource admin=(UserResource) resources.get(0); logger.info("First user in the list is: {}" + admin.getDisplayName()); client.close(); } public static void main(String[] args){ TestScimClient testScimClient = new TestScimClient(); try{ testScimClient.simpleSearch(); }catch(Exception e){ System.out.println("Exception--"+e.getMessage()); e.printStackTrace(); } } } I would request you to please guide me in how to proceed for both 1. Generating the token manually 2. Using SCIM-Client library

By Master Kumar user 15 Oct 2018 at 12:08 p.m. CDT

Master Kumar gravatar
As per my observation the SCIM client is trying to register the client and its failing at that point.