Menu
▾
▴
Re: [Unity-idm-discuss] SCIM repeats only first value in multi value attributes
|
From: Sander A. <sa....@fz...> - 2023-12-21 13:24:32
|
Hi Bernd, in this case I got missing HTTP Basic Auth Header errors. Best regards, Sander On Thu, 2023-12-21 at 14:19 +0100, Bernd Schuller wrote: > hi, > > I'm pretty sure that should be > > -H "Authorization: Bearer $TOKEN" > > best regards, > Bernd > > On 12/21/23 13:44, Sander Apweiler wrote: > > Hi Krzysztof, > > I created a new authenticator (OAuth 2 verifying local tokens) and > > added the scopes oidc profile email entitlements > > sys:scim:read_profile > > sys:scim:read_membership. I added this authenticator to the SCIM > > API as > > well. > > > > I generated an ODIC token using the oidc-agent and the same scopes. > > But > > using curl https://login-dev.helmholtz.de/scim/Me -H > > "Authorization: > > Basic $TOKEN", I got Bad Request and unity logs has a null pointer > > exception (stacktrace is attached). Did I forgot to add some > > configuration in addition? Using username/password on the SCIM API > > works. > > > > Best regards, > > Sander > > > > > > On Wed, 2023-12-20 at 12:56 +0100, Krzysztof Benedyczak wrote: > > > Hi Sander, > > > > > > W dniu 20.12.2023 o 08:41, Sander Apweiler pisze: > > > > Good morning, > > > > while reading the manual once again, I found the error in our > > > > schema > > > > file. It works fine. > > > > > > good to hear that > > > > > > > > > > Since only the administrators have username/password, we want > > > > to > > > > enable > > > > Oauth tokens for the SCIM API. Do we need to create an > > > > authenticator > > > > which is using unity itself for validating the tokens? > > > > > > Yes. It is not strictly required, but most likely this is what > > > you > > > want. > > > > > > Do not forget about granting proper authZ with OAuth scopes (as > > > described in manual). > > > > > > Best, > > > Krzysztof > > > > > > > > > > > _______________________________________________ > > Unity-idm-discuss mailing list > > Uni...@li... > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
