August 19, 2020 at 2:14 pm #28193praveenpasiParticipant
We are using ForgeRock version6 & have integrated AM,IDM & DS.
We are doing a poc of securing microservices using OpenID ForgeRock conenct/OAuth captabilities.
As part of poc,we need to get the roles associated to the user.The users and the associated roles are primarly present in DS & reconciled into IDM.
Does ForgeRock have REST API’s that interact with IDM/DS & return the roles associated to a user when userid is sent as paramter?
If possible please provide links to the REST API’s provided by ForgeRock with API documentation/syntax.
PraveenAugust 25, 2020 at 4:55 pm #28209Jatinder Singh (AcceptingNewProjects)Participant
If I understand your question correctly, you need to relay user role claim to your Microservices so that it can decide what is user authorized to do? If that is the case and since you are already using OAuth2 federation protocol, you could provide a scope of
/authorizerequest and have AM map scopes to group membership of a particular user. And if this is what you are looking for, you don’t need to call IDM or AM’s REST API outside of the OAuth2/OpenID calls you are already making.
Please see below for a KB article on this topic:
Hope this helps!
You must be logged in to reply to this topic.