Creation of policy set using rest api fails

[akradhak]

I am trying to create resource type, policy set and policy using rest api..Creation of resource type is successful, but the policy set creation fails.

creation of resource type :
curl –header “iPlanetDirectoryPro: AQIC..*” –request POST –header “Content-Type: application/json” –data @resource.json http://<openam-domain&gt;:8080/openam/json/sample/resourcetypes/?_action=create

Output :

{“uuid“:”05ab0cb4-4f2b-4649-8a53-91ca84532f3e”,”name”:”OAuth2″,”description”:null,”patterns”:[“http://device/location/*&#8221;,”*://*:*/*/access_token?*”,”*://*:*/*/authorize?*”,”*://*:*/*/tokeninfo?*”],”actions”:{“DELETE”:true,”POST”:true,”GET”:true},”createdBy”:”id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org”,”creationDate”:1456959503572,”lastModifiedBy”:”id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org”,”lastModifiedDate”:1456959503572}

The uuid output from above, is passed on to “resourceTypeUuids” during policy set creation rest call and I am getting the below error

curl –request POST –header “iPlanetDirectoryPro: AQIC5wM2LY4SfcyEJTrjCPYbNUg3HpcO9lQNI39jGgZVG3c.*AAJTSQACMDEAAlNLABMzMjAwMTYzMjQ1OTIwODg2MTcyAAJTMQAA*” –header “Content-Type: application/json” –data @policyset.json http://webapp1.kubesh.org:8080/openam/json/applications?_action=create

{“code”:400,”reason”:”Bad Request”,”message”:”Invalid resource type 05ab0cb4-4f2b-4649-8a53-91ca84532f3e.”}

I am not sure why there is “.” appended at the end of the uuid in the above error and my policy.json looks like below :

cat policyset.json
{
“name”: “OAuth2”,
“resourceTypeUuids”: [
“05ab0cb4-4f2b-4649-8a53-91ca84532f3e”
],
“realm”: “sample”,
“conditions”: [
“AND”,
“OR”,
“NOT”,
“AMIdentityMembership”,
“AuthLevel”,
“AuthScheme”,
“AuthenticateToRealm”,
“AuthenticateToService”,
“IPv4”,
“IPv6”,
“LDAPFilter”,
“LEAuthLevel”,
“OAuth2Scope”,
“ResourceEnvIP”,
“Session”,
“SessionProperty”,
“SimpleTime”
],
“applicationType”: “iPlanetAMWebAgentService”,
“description”: “OAuth2”,
“resourceComparator”: “com.sun.identity.entitlement.URLResourceName”,
“subjects”: [
“AND”,
“OR”,
“NOT”,
“AuthenticatedUsers”,
“Identity”,
“JwtClaim”
],
“entitlementCombiner”: “DenyOverride”,
“saveIndex”: null,
“searchIndex”: null,
“attributeNames”: []
}

When I query for the resource type with uuid – 05ab0cb4-4f2b-4649-8a53-91ca84532f3e using rest api call, it results in a valid resource type.. SO not sure why policy set creation fails..Appreciate your help in advance.

I am also trying to figure out an ssoadm command to create resource type.

• This topic was modified 6 years, 5 months ago by Peter Major.

[Peter Major]

These work for me just fine:

curl -X POST -H "Content-Type: application/json" -H "iplanetDirectoryPro: {{adminToken}}" -d '{
   "name":"OAuth2",
   "patterns": [
       "http://device/location/*",
       "*://*:*/*/access_token?*",
       "*://*:*/*/authorize?*",
       "*://*:*/*/tokeninfo?*"
       ],
   "actions":{
      "GET":true,
      "POST":true,
      "DELETE":true
   }
}' "http://openam.example.com:8080/openam/json/resourcetypes?_action=create"

and then extract resourceTypeUuid from the response and run:

curl -X POST -H "Content-Type: application/json" -H "iplanetDirectoryPro: {{adminToken}}" -d '{
   "name":"Foobar",
   "applicationType":"iPlanetAMWebAgentService",
   "description":"My personal application",
   "resourceTypeUuids" : ["{{resourceTypeUuid}}"],
   "conditions":[
    "IP",
    "SimpleTime",
    "OAuth2Scope",
    "OR",
    "AuthLevel",
    "Session",
    "NOT",
    "AND",
    "ResourceEnvIP"
   ],
   "subjects":[
    "JwtClaim",
    "AuthenticatedUsers",
    "Identity",
    "NOT",
    "AND",
    "OR"
   ],
   "entitlementCombiner":"DenyOverride"
}' "http://openam.example.com:8080/openam/json/applications?_action=create"

[akradhak]

Thanks Peter. I was trying to create policy sets and policies under a realm. Hence the above command didn’t work.. After I gave the realm under the uri, it created the policy set and policies under the realm

[Author]

Posts