-
suhaibmustafa replied to the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 1 month ago
Hi,
Base URL provider also didn’t work as I had mentioned in the problem statement. I fixed it by having a proxy in http connector of the apache tomcat server.
-
suhaibmustafa replied to the topic Revoke OAuth2.0 access token/refresh token in the forum Access Management 6 years, 4 months ago
Hi Yogesh, for revoking use DELETE method and amadmin token instead of POST and clientid/secret.
-
suhaibmustafa replied to the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 4 months ago
Hi Rajesh, Thanks for the quick reply. The issue I described is slightly different from it. The issue I am facing is that the OAuth2.0 authorization consent page is trying to load a unsecure content(JS, img) over a secure connection. Hence the browser shows a blank page with a notification to user on the top right corner which says:
This page is…[Read more]
-
suhaibmustafa started the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 4 months ago
Hi,
I have configured OpenAm/OpenIDConnect as Identity Provider and facing issue with the consent page. From user endpoint to load-balancer/proxy connection is over HTTPS but from load-balancer/proxy to openAM deployment connection is over HTTP. Everything works fine till auhtorization consent form page where it tries to load some javascripts and…[Read more]
-
suhaibmustafa started the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 4 months ago
Hi,
I have configured OpenAm/OpenIDConnect as Identity Provider and facing issue with the consent page. From user endpoint to load-balancer/proxy connection is over HTTPS but from load-balancer/proxy to openAM deployment connection is over HTTP. Everything works fine till auhtorization consent form page where it tries to load some javascripts and…[Read more]
-
suhaibmustafa replied to the topic OpenAM OAuth 2 revoke token – possible bug in the forum Access Management 6 years, 9 months ago
Hi Peter/Mike
Another issue(not sure if it is actually an issue):
Step 1. Acquiring the Access token:
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW (Generated using client username and client password)
grant_type=password&username=client_username&password=client_passwordOpenAm returned a successful…[Read more]
-
suhaibmustafa replied to the topic OpenAM OAuth 2 revoke token – possible bug in the forum Access Management 6 years, 10 months ago
Hi Mike,
RFC7009 is a supplement of RFC6749. Below is an extract from the same for your refrence:
The OAuth 2.0 core specification defines several ways for a
client to obtain refresh and access tokens. This specification
supplements the core specification with a mechanism to revoke both
types of tokens.So, this RFC talks about…[Read more]
-
suhaibmustafa replied to the topic OpenAM OAuth 2 revoke token – possible bug in the forum Access Management 6 years, 10 months ago
Hi Mike,
I am developing API based on RFC7009(http://tools.ietf.org/html/rfc7009#section-2.1).
As per this RFC:
If the particular token is a refresh token and the authorization server supports the
revocation of access tokens, then the authorization server SHOULD
also invalidate all access tokens based on the same authorization…[Read more] -
suhaibmustafa started the topic OpenAM OAuth 2 revoke token – possible bug in the forum Meta forum.forgerock.com 6 years, 10 months ago
Hi,
This is regarding the issue I am facing with OAuth2.0 revoke token and I feel its a bug with ForgeRock OpenAM side.
As per RFC7009 revoke token API should:
1. validate the client credentials before revoking. But OpenAm requires admin credentials to call the revoke API.
2. if refresh token is provided, it should revoke the refresh token as…[Read more] -
suhaibmustafa started the topic OpenAM OAuth 2 revoke token – possible bug in the forum Meta forum.forgerock.com 6 years, 10 months ago
Hi,
This is regarding the issue I am facing with OAuth2.0 revoke token and I feel its a bug with ForgeRock OpenAM side.
As per RFC7009 revoke token API should:
1. validate the client credentials before revoking. But OpenAm requires admin credentials to call the revoke API.
2. if refresh token is provided, it should revoke the refresh token as…[Read more] -
suhaibmustafa replied to the topic Bugs and feedback in the forum Meta forum.forgerock.com 6 years, 10 months ago
Hi,
This is regarding the issue I am facing with OAuth2.0 revoke token and I feel its a bug with ForgeRock OpenAM side.
As per RFC7009 revoke token API should:
1. validate the client credentials before revoking. But OpenAm requires admin credentials to call the revoke API.
2. if refresh token is provided, it should revoke the refresh token as…[Read more] -
suhaibmustafa replied to the topic Revoke OAuth2.0 access token/refresh token in the forum Access Management 6 years, 10 months ago
Hi Sripathy, I am looking at a use case where user has granted access to an app in multiple devices that he is using(like mobile, tablet etc) and now he wants to revoke access from one of the device and is trying to uninstall the app. So in this case only the access/refresh token from that device should be revoked and other tokens which are being…[Read more]
-
suhaibmustafa started the topic Revoke OAuth2.0 access token/refresh token in the forum Access Management 6 years, 10 months ago
Hi All,
I was trying to implement OAuth2.0 APIs using OpenAM and found some issues while working on revoke token.
As per my understanding revoke token API should
1. Should revoke the given access token, if access token is passed
2. Should revoke the refresh token as well as all the access token associated with that refresh token, if refresh…[Read more]