<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">It’s in the UMA-specific well-known. You’re looking at the OpenID Connect one. The URL for that (given your issuer root) is&nbsp;<span style="font-family: Calibri, sans-serif; font-size: 14px;" class=""><a href="http://localhost:8080/uma-server-webapp-1.2.2/.well-known/uma-configuration" class="">http://localhost:8080/uma-server-webapp-1.2.2/.well-known/uma-configuration</a></span><div class=""><font face="Calibri, sans-serif" class=""><span style="font-size: 14px;" class=""><br class=""></span></font></div><div class=""><font face="Calibri, sans-serif" class=""><span style="font-size: 14px;" class="">Yes, there’s a lot of overlap between these. Yes, there are some inconsistencies in using different keys for the same values. Yes, everything is to spec (and the UMA spec has bugs filed against it for this very reason).</span></font></div><div class=""><font face="Calibri, sans-serif" class=""><span style="font-size: 14px;" class=""><br class=""></span></font></div><div class=""><font face="Calibri, sans-serif" class=""><span style="font-size: 14px;" class="">&nbsp;— Justin</span><br class=""></font><div class=""><font face="Calibri, sans-serif" class=""><span style="font-size: 14px;" class=""><br class=""></span></font><div><blockquote type="cite" class=""><div class="">On Nov 23, 2015, at 9:04 PM, Luiz Omori &lt;<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class="">

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">

<div class="">

<div class="">

<div class="">

<div class="">Humm, where is “resource_set_registration_endpoint”? See below what I’m getting from the well-known endpoint. What is the usual value for “resource_set_registration_endpoint” e.g. considering the root as <a href="http://localhost:8080/uma-server-webapp-1.2.2?" class="">http://localhost:8080/uma-server-webapp-1.2.2?</a></div>

<div class=""><br class="">

</div>

<div class="">{</div>

<div class="">&nbsp; "request_parameter_supported":true,</div>

<div class="">&nbsp; "claims_parameter_supported":false,</div>

<div class="">&nbsp; "introspection_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/introspect" class="">http://localhost:8080/uma-server-webapp-1.2.2/introspect</a>",</div>

<div class="">&nbsp; "scopes_supported":[</div>

<div class="">&nbsp; &nbsp; "openid",</div>

<div class="">&nbsp; &nbsp; "profile",</div>

<div class="">&nbsp; &nbsp; "email",</div>

<div class="">&nbsp; &nbsp; "address",</div>

<div class="">&nbsp; &nbsp; "phone",</div>

<div class="">&nbsp; &nbsp; "offline_access"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "issuer":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/" class="">http://localhost:8080/uma-server-webapp-1.2.2/</a>",</div>

<div class="">&nbsp; "userinfo_encryption_enc_values_supported":[</div>

<div class="">&nbsp; &nbsp; "A256CBC+HS512",</div>

<div class="">&nbsp; &nbsp; "A256GCM",</div>

<div class="">&nbsp; &nbsp; "A192GCM",</div>

<div class="">&nbsp; &nbsp; "A128GCM",</div>

<div class="">&nbsp; &nbsp; "A128CBC-HS256",</div>

<div class="">&nbsp; &nbsp; "A192CBC-HS384",</div>

<div class="">&nbsp; &nbsp; "A256CBC-HS512",</div>

<div class="">&nbsp; &nbsp; "A128CBC+HS256"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "id_token_encryption_enc_values_supported":[</div>

<div class="">&nbsp; &nbsp; "A256CBC+HS512",</div>

<div class="">&nbsp; &nbsp; "A256GCM",</div>

<div class="">&nbsp; &nbsp; "A192GCM",</div>

<div class="">&nbsp; &nbsp; "A128GCM",</div>

<div class="">&nbsp; &nbsp; "A128CBC-HS256",</div>

<div class="">&nbsp; &nbsp; "A192CBC-HS384",</div>

<div class="">&nbsp; &nbsp; "A256CBC-HS512",</div>

<div class="">&nbsp; &nbsp; "A128CBC+HS256"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "authorization_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/authorize" class="">http://localhost:8080/uma-server-webapp-1.2.2/authorize</a>",</div>

<div class="">&nbsp; "service_documentation":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/about" class="">http://localhost:8080/uma-server-webapp-1.2.2/about</a>",</div>

<div class="">&nbsp; "request_object_encryption_enc_values_supported":[</div>

<div class="">&nbsp; &nbsp; "A256CBC+HS512",</div>

<div class="">&nbsp; &nbsp; "A256GCM",</div>

<div class="">&nbsp; &nbsp; "A192GCM",</div>

<div class="">&nbsp; &nbsp; "A128GCM",</div>

<div class="">&nbsp; &nbsp; "A128CBC-HS256",</div>

<div class="">&nbsp; &nbsp; "A192CBC-HS384",</div>

<div class="">&nbsp; &nbsp; "A256CBC-HS512",</div>

<div class="">&nbsp; &nbsp; "A128CBC+HS256"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "userinfo_signing_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "HS256",</div>

<div class="">&nbsp; &nbsp; "HS384",</div>

<div class="">&nbsp; &nbsp; "HS512",</div>

<div class="">&nbsp; &nbsp; "RS256",</div>

<div class="">&nbsp; &nbsp; "RS384",</div>

<div class="">&nbsp; &nbsp; "RS512",</div>

<div class="">&nbsp; &nbsp; "ES256",</div>

<div class="">&nbsp; &nbsp; "ES384",</div>

<div class="">&nbsp; &nbsp; "ES512",</div>

<div class="">&nbsp; &nbsp; "PS256",</div>

<div class="">&nbsp; &nbsp; "PS384",</div>

<div class="">&nbsp; &nbsp; "PS512"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "claims_supported":[</div>

<div class="">&nbsp; &nbsp; "sub",</div>

<div class="">&nbsp; &nbsp; "name",</div>

<div class="">&nbsp; &nbsp; "preferred_username",</div>

<div class="">&nbsp; &nbsp; "given_name",</div>

<div class="">&nbsp; &nbsp; "family_name",</div>

<div class="">&nbsp; &nbsp; "middle_name",</div>

<div class="">&nbsp; &nbsp; "nickname",</div>

<div class="">&nbsp; &nbsp; "profile",</div>

<div class="">&nbsp; &nbsp; "picture",</div>

<div class="">&nbsp; &nbsp; "website",</div>

<div class="">&nbsp; &nbsp; "gender",</div>

<div class="">&nbsp; &nbsp; "zone_info",</div>

<div class="">&nbsp; &nbsp; "locale",</div>

<div class="">&nbsp; &nbsp; "updated_at",</div>

<div class="">&nbsp; &nbsp; "birthdate",</div>

<div class="">&nbsp; &nbsp; "email",</div>

<div class="">&nbsp; &nbsp; "email_verified",</div>

<div class="">&nbsp; &nbsp; "phone_number",</div>

<div class="">&nbsp; &nbsp; "phone_number_verified",</div>

<div class="">&nbsp; &nbsp; "address"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "claim_types_supported":[</div>

<div class="">&nbsp; &nbsp; "normal"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "op_policy_uri":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/about" class="">http://localhost:8080/uma-server-webapp-1.2.2/about</a>",</div>

<div class="">&nbsp; "token_endpoint_auth_methods_supported":[</div>

<div class="">&nbsp; &nbsp; "client_secret_post",</div>

<div class="">&nbsp; &nbsp; "client_secret_basic",</div>

<div class="">&nbsp; &nbsp; "client_secret_jwt",</div>

<div class="">&nbsp; &nbsp; "private_key_jwt",</div>

<div class="">&nbsp; &nbsp; "none"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "token_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/token" class="">http://localhost:8080/uma-server-webapp-1.2.2/token</a>",</div>

<div class="">&nbsp; "response_types_supported":[</div>

<div class="">&nbsp; &nbsp; "code",</div>

<div class="">&nbsp; &nbsp; "token"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "request_uri_parameter_supported":false,</div>

<div class="">&nbsp; "userinfo_encryption_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "RSA-OAEP",</div>

<div class="">&nbsp; &nbsp; "RSA-OAEP-256",</div>

<div class="">&nbsp; &nbsp; "RSA1_5"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "grant_types_supported":[</div>

<div class="">&nbsp; &nbsp; "authorization_code",</div>

<div class="">&nbsp; &nbsp; "implicit",</div>

<div class="">&nbsp; &nbsp; "urn:ietf:params:oauth:grant-type:jwt-bearer",</div>

<div class="">&nbsp; &nbsp; "client_credentials",</div>

<div class="">&nbsp; &nbsp; "urn:ietf:params:oauth:grant_type:redelegate"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "revocation_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/revoke" class="">http://localhost:8080/uma-server-webapp-1.2.2/revoke</a>",</div>

<div class="">&nbsp; "userinfo_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/userinfo" class="">http://localhost:8080/uma-server-webapp-1.2.2/userinfo</a>",</div>

<div class="">&nbsp; "token_endpoint_auth_signing_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "HS256",</div>

<div class="">&nbsp; &nbsp; "HS384",</div>

<div class="">&nbsp; &nbsp; "HS512",</div>

<div class="">&nbsp; &nbsp; "RS256",</div>

<div class="">&nbsp; &nbsp; "RS384",</div>

<div class="">&nbsp; &nbsp; "RS512",</div>

<div class="">&nbsp; &nbsp; "ES256",</div>

<div class="">&nbsp; &nbsp; "ES384",</div>

<div class="">&nbsp; &nbsp; "ES512",</div>

<div class="">&nbsp; &nbsp; "PS256",</div>

<div class="">&nbsp; &nbsp; "PS384",</div>

<div class="">&nbsp; &nbsp; "PS512"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "op_tos_uri":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/about" class="">http://localhost:8080/uma-server-webapp-1.2.2/about</a>",</div>

<div class="">&nbsp; "require_request_uri_registration":false,</div>

<div class="">&nbsp; "id_token_encryption_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "RSA-OAEP",</div>

<div class="">&nbsp; &nbsp; "RSA-OAEP-256",</div>

<div class="">&nbsp; &nbsp; "RSA1_5"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "jwks_uri":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/jwk" class="">http://localhost:8080/uma-server-webapp-1.2.2/jwk</a>",</div>

<div class="">&nbsp; "subject_types_supported":[</div>

<div class="">&nbsp; &nbsp; "public",</div>

<div class="">&nbsp; &nbsp; "pairwise"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "id_token_signing_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "HS256",</div>

<div class="">&nbsp; &nbsp; "HS384",</div>

<div class="">&nbsp; &nbsp; "HS512",</div>

<div class="">&nbsp; &nbsp; "RS256",</div>

<div class="">&nbsp; &nbsp; "RS384",</div>

<div class="">&nbsp; &nbsp; "RS512",</div>

<div class="">&nbsp; &nbsp; "ES256",</div>

<div class="">&nbsp; &nbsp; "ES384",</div>

<div class="">&nbsp; &nbsp; "ES512",</div>

<div class="">&nbsp; &nbsp; "PS256",</div>

<div class="">&nbsp; &nbsp; "PS384",</div>

<div class="">&nbsp; &nbsp; "PS512",</div>

<div class="">&nbsp; &nbsp; "none"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "registration_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/register" class="">http://localhost:8080/uma-server-webapp-1.2.2/register</a>",</div>

<div class="">&nbsp; "request_object_signing_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "HS256",</div>

<div class="">&nbsp; &nbsp; "HS384",</div>

<div class="">&nbsp; &nbsp; "HS512",</div>

<div class="">&nbsp; &nbsp; "RS256",</div>

<div class="">&nbsp; &nbsp; "RS384",</div>

<div class="">&nbsp; &nbsp; "RS512",</div>

<div class="">&nbsp; &nbsp; "ES256",</div>

<div class="">&nbsp; &nbsp; "ES384",</div>

<div class="">&nbsp; &nbsp; "ES512",</div>

<div class="">&nbsp; &nbsp; "PS256",</div>

<div class="">&nbsp; &nbsp; "PS384",</div>

<div class="">&nbsp; &nbsp; "PS512"</div>

<div class="">&nbsp; ],</div>

<div class="">&nbsp; "request_object_encryption_alg_values_supported":[</div>

<div class="">&nbsp; &nbsp; "RSA-OAEP",</div>

<div class="">&nbsp; &nbsp; "RSA-OAEP-256",</div>

<div class="">&nbsp; &nbsp; "RSA1_5"</div>

<div class="">&nbsp; ]</div>

<div class="">}</div>

</div>

<div class="">

<div id="MAC_OUTLOOK_SIGNATURE" class=""></div>

</div>

</div>

</div>

<div class=""><br class="">

</div>

<div class="">Regards,</div>

<div class="">Luiz</div>

<div class=""><br class="">

</div>

<span id="OLK_SRC_BODY_SECTION" class="">

<div style="font-family: Calibri; font-size: 12pt; text-align: left; border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-top-color: rgb(181, 196, 223);" class="">

<span style="font-weight:bold" class="">From: </span>&lt;<a href="mailto:mitreid-connect-bounces@mit.edu" class="">mitreid-connect-bounces@mit.edu</a>&gt; on behalf of Justin Richer<br class="">

<span style="font-weight:bold" class="">Date: </span>Monday, November 23, 2015 at 6:23 PM<br class="">

<span style="font-weight:bold" class="">To: </span>"<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>"<br class="">

<span style="font-weight:bold" class="">Subject: </span>Re: [mitreid-connect] UMA Resource Set creation<br class="">

</div>

<div class=""><br class="">

</div>

<div class="">

<div bgcolor="#FFFFFF" text="#000000" class="">This is a broken part of the UMA spec. You need to add "/resource_set" to the end of the value in "resource_set_registration_endpoint" in the discovery document. "registration_endpoint" is for dynamic client registration.

<br class="">

<br class="">

There is not currently any UI to interact with the resource set registration because this is intended to be an action taken by *resource servers* and not by users directly. The self-service developer protected resource registration is not for UMA-style protected

 resources but rather for OAuth protected resources that are set up to use token introspection.<br class="">

<br class="">

Hope that helps,<br class="">

&nbsp;-- Justin<br class="">

<br class="">

<div class="moz-cite-prefix">On 11/23/2015 4:20 PM, Luiz Omori wrote:<br class="">

</div>

<blockquote cite="mid:0351AB20-37B4-43EA-93C6-C9EA6BAE0116@dm.duke.edu" type="cite" class="">

<div class="">Hi,</div>

<div class=""><br class="">

</div>

<div class="">We are looking into the UMA implementation and have some basic questions. Is there a way to register resource sets (as in&nbsp;<a moz-do-not-send="true" href="https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html" class="">https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html</a>)

 through the UI? If not, what is the endpoint for that? We tried the registration endpoint from the well-known response but it didn’t work (<a moz-do-not-send="true" href="http://localhost:8080/uma-server-webapp-1.2.2/.well-known/openid-configuration" class="">http://localhost:8080/uma-server-webapp-1.2.2/.well-known/openid-configuration</a>&nbsp;-&gt;

 "registration_endpoint":"<a class="moz-txt-link-freetext" href="http://localhost:8080/uma-server-webapp-1.2.2/register%E2%80%9D">http://localhost:8080/uma-server-webapp-1.2.2/register”</a>)</div>

<div class=""><br class="">

</div>

<div class="">Regards,</div>

<div class="">Luiz</div>

<div class=""></div>

<br class="">

<fieldset class="mimeAttachmentHeader"></fieldset> <br class="">

<pre wrap="" class="">_______________________________________________

mitreid-connect mailing list

<a class="moz-txt-link-abbreviated" href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a><a class="moz-txt-link-freetext" href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></pre>

</blockquote>

<br class="">

</div>

</div>

</span>

</div>

</div></blockquote></div><br class=""></div></div></body></html>