Restrict the query result for restful in OpenAM

Tagged: 

This topic contains 1 reply, has 2 voices, and was last updated by  Peter Major 2 weeks, 1 day ago.

  • Author
    Posts
  • #25906
     hkworker2002 
    Participant

    In OpenAM 13.5 we can use the Restful to query user information:
    /openam/json/users?_queryId=*

    It seems that by default all user authenticated users can query all users information. Can we setup any restriction such that each user can only query its own information but not others?

    Thanks.

    • This topic was modified 2 weeks, 1 day ago by  hkworker2002.
    #25908
     Peter Major 
    Moderator

    That shouldn’t be the case, #201605-02 security advisory item should be addressed already in 13.5.0.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?