suhaibmustafa

Home Members suhaibmustafa

Learn more about our upcoming Identity Summits

show less show more
Profile picture of suhaibmustafa

@suhaibmustafa

active 6 years, 1 month ago
Points balance: 81 ♪
Rank: suhaibmustafa
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 1 month ago

    Hi,

    Base URL provider also didn’t work as I had mentioned in the problem statement. I fixed it by having a proxy in http connector of the apache tomcat server.

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic Revoke OAuth2.0 access token/refresh token in the forum Access Management 6 years, 4 months ago

    Hi Yogesh, for revoking use DELETE method and amadmin token instead of POST and clientid/secret.

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 4 months ago

    Hi Rajesh, Thanks for the quick reply. The issue I described is slightly different from it. The issue I am facing is that the OAuth2.0 authorization consent page is trying to load a unsecure content(JS, img) over a secure connection. Hence the browser shows a blank page with a notification to user on the top right corner which says:

    This page is…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa started the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 4 months ago

    Hi,

    I have configured OpenAm/OpenIDConnect as Identity Provider and facing issue with the consent page. From user endpoint to load-balancer/proxy connection is over HTTPS but from load-balancer/proxy to openAM deployment connection is over HTTP. Everything works fine till auhtorization consent form page where it tries to load some javascripts and…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa started the topic Authorization consent form trying to load JS and logo in unsecure manner in the forum Access Management 6 years, 4 months ago

    Hi,

    I have configured OpenAm/OpenIDConnect as Identity Provider and facing issue with the consent page. From user endpoint to load-balancer/proxy connection is over HTTPS but from load-balancer/proxy to openAM deployment connection is over HTTP. Everything works fine till auhtorization consent form page where it tries to load some javascripts and…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic OpenAM OAuth 2 revoke token – possible bug in the forum Access Management 6 years, 9 months ago

    Hi Peter/Mike

    Another issue(not sure if it is actually an issue):
    Step 1. Acquiring the Access token:
    Host: server.example.com
    Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW (Generated using client username and client password)
    grant_type=password&username=client_username&password=client_password

    OpenAm returned a successful…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic OpenAM OAuth 2 revoke token – possible bug in the forum Access Management 6 years, 10 months ago

    Hi Mike,

    RFC7009 is a supplement of RFC6749. Below is an extract from the same for your refrence:
    The OAuth 2.0 core specification defines several ways for a
    client to obtain refresh and access tokens. This specification
    supplements the core specification with a mechanism to revoke both
    types of tokens.

    So, this RFC talks about…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic OpenAM OAuth 2 revoke token – possible bug in the forum Access Management 6 years, 10 months ago

    Hi Mike,

    I am developing API based on RFC7009(http://tools.ietf.org/html/rfc7009#section-2.1).
    As per this RFC:
    If the particular token is a refresh token and the authorization server supports the
    revocation of access tokens, then the authorization server SHOULD
    also invalidate all access tokens based on the same authorization…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa started the topic OpenAM OAuth 2 revoke token – possible bug in the forum Meta forum.forgerock.com 6 years, 10 months ago

    Hi,

    This is regarding the issue I am facing with OAuth2.0 revoke token and I feel its a bug with ForgeRock OpenAM side.

    As per RFC7009 revoke token API should:
    1. validate the client credentials before revoking. But OpenAm requires admin credentials to call the revoke API.
    2. if refresh token is provided, it should revoke the refresh token as…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa started the topic OpenAM OAuth 2 revoke token – possible bug in the forum Meta forum.forgerock.com 6 years, 10 months ago

    Hi,

    This is regarding the issue I am facing with OAuth2.0 revoke token and I feel its a bug with ForgeRock OpenAM side.

    As per RFC7009 revoke token API should:
    1. validate the client credentials before revoking. But OpenAm requires admin credentials to call the revoke API.
    2. if refresh token is provided, it should revoke the refresh token as…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic Bugs and feedback in the forum Meta forum.forgerock.com 6 years, 10 months ago

    Hi,

    This is regarding the issue I am facing with OAuth2.0 revoke token and I feel its a bug with ForgeRock OpenAM side.

    As per RFC7009 revoke token API should:
    1. validate the client credentials before revoking. But OpenAm requires admin credentials to call the revoke API.
    2. if refresh token is provided, it should revoke the refresh token as…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa replied to the topic Revoke OAuth2.0 access token/refresh token in the forum Access Management 6 years, 10 months ago

    Hi Sripathy, I am looking at a use case where user has granted access to an app in multiple devices that he is using(like mobile, tablet etc) and now he wants to revoke access from one of the device and is trying to uninstall the app. So in this case only the access/refresh token from that device should be revoked and other tokens which are being…[Read more]

  • Profile picture of suhaibmustafa

    suhaibmustafa started the topic Revoke OAuth2.0 access token/refresh token in the forum Access Management 6 years, 10 months ago

    Hi All,

    I was trying to implement OAuth2.0 APIs using OpenAM and found some issues while working on revoke token.
    As per my understanding revoke token API should
    1. Should revoke the given access token, if access token is passed
    2. Should revoke the refresh token as well as all the access token associated with that refresh token, if refresh…[Read more]

Profile Photo codersglobal Profile Photo dandt

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details