Menu
▾
▴
Re: [Unity-idm-discuss] OAuth authgenticator for SCIM API
|
From: Krzysztof B. <kb...@un...> - 2024-07-03 08:29:16
|
Hi Sander, W dniu 25.06.2024 o 12:48, Sander Apweiler pisze: > Hi Krzysztof, > I spend some further time to set up the SCIM API using tokens. I > created an authenticator for verifying local tokens (config in > screenshot). But when I try to qquery the API using this command > > curlhttps://login-dev.helmholtz.de/scim/Me -H "Authorization: Bearer > $TOKEN" -H "Authorization: Basic $CLIENT" > > I got: > {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":403 > ,"detail":"Forbidden"} as response and the log shows > > DEBUG unity.server.scim.EngineExceptionMapper: Access denied for SCIM > API client > pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user > name, credential or external authentication failed. > > The client which requested the token is the same like the one who calls > the SCIM API. It also requested the scope sys:scim:read_profile to be > able to query the SCIM API. > > Did I miss something? Can you try: curl https://login-dev.helmholtz.de/scim/Me <https://login-dev.helmholtz.de/scim/Me>-H "Authorization: Basic $CLIENT,Bearer $TOKEN" ? If it still doesn't work, please provide server logs from authentication, at least on debug and perfectly on TRACE level. HTH, Krzysztof |
