Creation of policy set using rest api fails

This topic has 2 replies, 2 voices, and was last updated 6 years, 4 months ago by akradhak.

  • Author
    Posts
  • #8296
     akradhak
    Participant

    I am trying to create resource type, policy set and policy using rest api..Creation of resource type is successful, but the policy set creation fails.

    creation of resource type :
    curl –header “iPlanetDirectoryPro: AQIC..*” –request POST –header “Content-Type: application/json” –data @resource.json http://<openam-domain&gt;:8080/openam/json/sample/resourcetypes/?_action=create

    Output :

    {“uuid“:”05ab0cb4-4f2b-4649-8a53-91ca84532f3e”,”name”:”OAuth2″,”description”:null,”patterns”:[“http://device/location/*&#8221;,”*://*:*/*/access_token?*”,”*://*:*/*/authorize?*”,”*://*:*/*/tokeninfo?*”],”actions”:{“DELETE”:true,”POST”:true,”GET”:true},”createdBy”:”id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org”,”creationDate”:1456959503572,”lastModifiedBy”:”id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org”,”lastModifiedDate”:1456959503572}

    The uuid output from above, is passed on to “resourceTypeUuids” during policy set creation rest call and I am getting the below error

    curl –request POST –header “iPlanetDirectoryPro: AQIC5wM2LY4SfcyEJTrjCPYbNUg3HpcO9lQNI39jGgZVG3c.*AAJTSQACMDEAAlNLABMzMjAwMTYzMjQ1OTIwODg2MTcyAAJTMQAA*” –header “Content-Type: application/json” –data @policyset.json http://webapp1.kubesh.org:8080/openam/json/applications?_action=create

    {“code”:400,”reason”:”Bad Request”,”message”:”Invalid resource type 05ab0cb4-4f2b-4649-8a53-91ca84532f3e.”}

    I am not sure why there is “.” appended at the end of the uuid in the above error and my policy.json looks like below :

    cat policyset.json
    {
    “name”: “OAuth2”,
    “resourceTypeUuids”: [
    “05ab0cb4-4f2b-4649-8a53-91ca84532f3e”
    ],
    “realm”: “sample”,
    “conditions”: [
    “AND”,
    “OR”,
    “NOT”,
    “AMIdentityMembership”,
    “AuthLevel”,
    “AuthScheme”,
    “AuthenticateToRealm”,
    “AuthenticateToService”,
    “IPv4”,
    “IPv6”,
    “LDAPFilter”,
    “LEAuthLevel”,
    “OAuth2Scope”,
    “ResourceEnvIP”,
    “Session”,
    “SessionProperty”,
    “SimpleTime”
    ],
    “applicationType”: “iPlanetAMWebAgentService”,
    “description”: “OAuth2”,
    “resourceComparator”: “com.sun.identity.entitlement.URLResourceName”,
    “subjects”: [
    “AND”,
    “OR”,
    “NOT”,
    “AuthenticatedUsers”,
    “Identity”,
    “JwtClaim”
    ],
    “entitlementCombiner”: “DenyOverride”,
    “saveIndex”: null,
    “searchIndex”: null,
    “attributeNames”: []
    }

    When I query for the resource type with uuid – 05ab0cb4-4f2b-4649-8a53-91ca84532f3e using rest api call, it results in a valid resource type.. SO not sure why policy set creation fails..Appreciate your help in advance.

    I am also trying to figure out an ssoadm command to create resource type.

    • This topic was modified 6 years, 5 months ago by Peter Major.
    #8342
     Peter Major
    Moderator

    These work for me just fine:

    curl -X POST -H "Content-Type: application/json" -H "iplanetDirectoryPro: {{adminToken}}" -d '{
       "name":"OAuth2",
       "patterns": [
           "http://device/location/*",
           "*://*:*/*/access_token?*",
           "*://*:*/*/authorize?*",
           "*://*:*/*/tokeninfo?*"
           ],
       "actions":{
          "GET":true,
          "POST":true,
          "DELETE":true
       }
    }' "http://openam.example.com:8080/openam/json/resourcetypes?_action=create"

    and then extract resourceTypeUuid from the response and run:

    curl -X POST -H "Content-Type: application/json" -H "iplanetDirectoryPro: {{adminToken}}" -d '{
       "name":"Foobar",
       "applicationType":"iPlanetAMWebAgentService",
       "description":"My personal application",
       "resourceTypeUuids" : ["{{resourceTypeUuid}}"],
       "conditions":[
        "IP",
        "SimpleTime",
        "OAuth2Scope",
        "OR",
        "AuthLevel",
        "Session",
        "NOT",
        "AND",
        "ResourceEnvIP"
       ],
       "subjects":[
        "JwtClaim",
        "AuthenticatedUsers",
        "Identity",
        "NOT",
        "AND",
        "OR"
       ],
       "entitlementCombiner":"DenyOverride"
    }' "http://openam.example.com:8080/openam/json/applications?_action=create"
    #8958
     akradhak
    Participant

    Thanks Peter. I was trying to create policy sets and policies under a realm. Hence the above command didn’t work.. After I gave the realm under the uri, it created the policy set and policies under the realm

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?