Currently there are some limitations in UMA support in IG, one of the most important is: PAT is stored in IG memory and is not persisted and if IG is restarted then the resource owner must perform the entire share process again.
Note: This post is based on UMA 1.0.1 (Support for UMA 1.0 and UMA 1.0.1 will be removed in a future version of ForgeRock Access Management)
Versions used for this implementation: IG 5, AM 5.1 and DS 5
We can overcome some of these limitations by extending IG-UMA filter:
Some of the features of this extension:
- Realm support
- Extend IG-UMA REST endpoint: Authentication using PAT
- User friendly UMA Resource name
- Persisting UMA ResourceSet id and PAT in DS/OpenDJ:
- Alice share UMA resource
- Bob access UMA resource
This blog post was first published @ theinfinitelooper.blogspot.com, included here with permission.