<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">The UMA protocol doesn’t define identity systems at all and doesn’t need that endpoint. There’s no generic OAuth discovery document (yet) so both of these protocols copy over everything that needs to be known about the OAuth portion of the server, hence the commonalities.<div class=""><br class=""></div><div class="">&nbsp;— Justin</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Nov 24, 2015, at 9:21 AM, Luiz Omori &lt;<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">
<div class="">OK, thanks.&nbsp;</div>
<div class=""><br class="">
</div>
<div class="">Just curious for the reason behind it: why userinfo_endpoint is not returned within the UMA config? I mean others like authorization_endpoint, token_endpoint, introspection_endpoint are there so it seems it was left out on purpose.&nbsp;</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class="">Luiz</div>
<div class="">
<div id="MAC_OUTLOOK_SIGNATURE" class=""></div>
</div>
</div>
<div class=""><br class="">
</div>
<span id="OLK_SRC_BODY_SECTION" class="">
<div style="font-family: Calibri; font-size: 12pt; text-align: left; border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-top-color: rgb(181, 196, 223);" class="">
<span style="font-weight:bold" class="">From: </span>Justin Richer<br class="">
<span style="font-weight:bold" class="">Date: </span>Monday, November 23, 2015 at 9:38 PM<br class="">
<span style="font-weight:bold" class="">To: </span>Luiz Omori<br class="">
<span style="font-weight:bold" class="">Cc: </span>"<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>"<br class="">
<span style="font-weight:bold" class="">Subject: </span>Re: [mitreid-connect] UMA Resource Set creation<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
It’s in the UMA-specific well-known. You’re looking at the OpenID Connect one. The URL for that (given your issuer root) is&nbsp;<span style="font-family: Calibri, sans-serif; font-size: 14px;" class=""><a href="http://localhost:8080/uma-server-webapp-1.2.2/.well-known/uma-configuration" class="">http://localhost:8080/uma-server-webapp-1.2.2/.well-known/uma-configuration</a></span>
<div class=""><font face="Calibri,sans-serif" class=""><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font face="Calibri,sans-serif" class=""><span style="font-size: 14px;" class="">Yes, there’s a lot of overlap between these. Yes, there are some inconsistencies in using different keys for the same values. Yes, everything is to spec (and the
 UMA spec has bugs filed against it for this very reason).</span></font></div>
<div class=""><font face="Calibri,sans-serif" class=""><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font face="Calibri,sans-serif" class=""><span style="font-size: 14px;" class="">&nbsp;— Justin</span><br class="">
</font>
<div class=""><font face="Calibri,sans-serif" class=""><span style="font-size: 14px;" class=""><br class="">
</span></font>
<div class="">
<blockquote type="cite" class="">
<div class="">On Nov 23, 2015, at 9:04 PM, Luiz Omori &lt;<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>&gt; wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">
<div class="">
<div class="">
<div class="">Humm, where is “resource_set_registration_endpoint”? See below what I’m getting from the well-known endpoint. What is the usual value for “resource_set_registration_endpoint” e.g. considering the root as
<a href="http://localhost:8080/uma-server-webapp-1.2.2?" class="">http://localhost:8080/uma-server-webapp-1.2.2?</a></div>
<div class=""><br class="">
</div>
<div class="">{</div>
<div class="">&nbsp; "request_parameter_supported":true,</div>
<div class="">&nbsp; "claims_parameter_supported":false,</div>
<div class="">&nbsp; "introspection_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/introspect" class="">http://localhost:8080/uma-server-webapp-1.2.2/introspect</a>",</div>
<div class="">&nbsp; "scopes_supported":[</div>
<div class="">&nbsp; &nbsp; "openid",</div>
<div class="">&nbsp; &nbsp; "profile",</div>
<div class="">&nbsp; &nbsp; "email",</div>
<div class="">&nbsp; &nbsp; "address",</div>
<div class="">&nbsp; &nbsp; "phone",</div>
<div class="">&nbsp; &nbsp; "offline_access"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "issuer":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/" class="">http://localhost:8080/uma-server-webapp-1.2.2/</a>",</div>
<div class="">&nbsp; "userinfo_encryption_enc_values_supported":[</div>
<div class="">&nbsp; &nbsp; "A256CBC+HS512",</div>
<div class="">&nbsp; &nbsp; "A256GCM",</div>
<div class="">&nbsp; &nbsp; "A192GCM",</div>
<div class="">&nbsp; &nbsp; "A128GCM",</div>
<div class="">&nbsp; &nbsp; "A128CBC-HS256",</div>
<div class="">&nbsp; &nbsp; "A192CBC-HS384",</div>
<div class="">&nbsp; &nbsp; "A256CBC-HS512",</div>
<div class="">&nbsp; &nbsp; "A128CBC+HS256"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "id_token_encryption_enc_values_supported":[</div>
<div class="">&nbsp; &nbsp; "A256CBC+HS512",</div>
<div class="">&nbsp; &nbsp; "A256GCM",</div>
<div class="">&nbsp; &nbsp; "A192GCM",</div>
<div class="">&nbsp; &nbsp; "A128GCM",</div>
<div class="">&nbsp; &nbsp; "A128CBC-HS256",</div>
<div class="">&nbsp; &nbsp; "A192CBC-HS384",</div>
<div class="">&nbsp; &nbsp; "A256CBC-HS512",</div>
<div class="">&nbsp; &nbsp; "A128CBC+HS256"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "authorization_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/authorize" class="">http://localhost:8080/uma-server-webapp-1.2.2/authorize</a>",</div>
<div class="">&nbsp; "service_documentation":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/about" class="">http://localhost:8080/uma-server-webapp-1.2.2/about</a>",</div>
<div class="">&nbsp; "request_object_encryption_enc_values_supported":[</div>
<div class="">&nbsp; &nbsp; "A256CBC+HS512",</div>
<div class="">&nbsp; &nbsp; "A256GCM",</div>
<div class="">&nbsp; &nbsp; "A192GCM",</div>
<div class="">&nbsp; &nbsp; "A128GCM",</div>
<div class="">&nbsp; &nbsp; "A128CBC-HS256",</div>
<div class="">&nbsp; &nbsp; "A192CBC-HS384",</div>
<div class="">&nbsp; &nbsp; "A256CBC-HS512",</div>
<div class="">&nbsp; &nbsp; "A128CBC+HS256"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "userinfo_signing_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "HS256",</div>
<div class="">&nbsp; &nbsp; "HS384",</div>
<div class="">&nbsp; &nbsp; "HS512",</div>
<div class="">&nbsp; &nbsp; "RS256",</div>
<div class="">&nbsp; &nbsp; "RS384",</div>
<div class="">&nbsp; &nbsp; "RS512",</div>
<div class="">&nbsp; &nbsp; "ES256",</div>
<div class="">&nbsp; &nbsp; "ES384",</div>
<div class="">&nbsp; &nbsp; "ES512",</div>
<div class="">&nbsp; &nbsp; "PS256",</div>
<div class="">&nbsp; &nbsp; "PS384",</div>
<div class="">&nbsp; &nbsp; "PS512"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "claims_supported":[</div>
<div class="">&nbsp; &nbsp; "sub",</div>
<div class="">&nbsp; &nbsp; "name",</div>
<div class="">&nbsp; &nbsp; "preferred_username",</div>
<div class="">&nbsp; &nbsp; "given_name",</div>
<div class="">&nbsp; &nbsp; "family_name",</div>
<div class="">&nbsp; &nbsp; "middle_name",</div>
<div class="">&nbsp; &nbsp; "nickname",</div>
<div class="">&nbsp; &nbsp; "profile",</div>
<div class="">&nbsp; &nbsp; "picture",</div>
<div class="">&nbsp; &nbsp; "website",</div>
<div class="">&nbsp; &nbsp; "gender",</div>
<div class="">&nbsp; &nbsp; "zone_info",</div>
<div class="">&nbsp; &nbsp; "locale",</div>
<div class="">&nbsp; &nbsp; "updated_at",</div>
<div class="">&nbsp; &nbsp; "birthdate",</div>
<div class="">&nbsp; &nbsp; "email",</div>
<div class="">&nbsp; &nbsp; "email_verified",</div>
<div class="">&nbsp; &nbsp; "phone_number",</div>
<div class="">&nbsp; &nbsp; "phone_number_verified",</div>
<div class="">&nbsp; &nbsp; "address"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "claim_types_supported":[</div>
<div class="">&nbsp; &nbsp; "normal"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "op_policy_uri":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/about" class="">http://localhost:8080/uma-server-webapp-1.2.2/about</a>",</div>
<div class="">&nbsp; "token_endpoint_auth_methods_supported":[</div>
<div class="">&nbsp; &nbsp; "client_secret_post",</div>
<div class="">&nbsp; &nbsp; "client_secret_basic",</div>
<div class="">&nbsp; &nbsp; "client_secret_jwt",</div>
<div class="">&nbsp; &nbsp; "private_key_jwt",</div>
<div class="">&nbsp; &nbsp; "none"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "token_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/token" class="">http://localhost:8080/uma-server-webapp-1.2.2/token</a>",</div>
<div class="">&nbsp; "response_types_supported":[</div>
<div class="">&nbsp; &nbsp; "code",</div>
<div class="">&nbsp; &nbsp; "token"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "request_uri_parameter_supported":false,</div>
<div class="">&nbsp; "userinfo_encryption_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "RSA-OAEP",</div>
<div class="">&nbsp; &nbsp; "RSA-OAEP-256",</div>
<div class="">&nbsp; &nbsp; "RSA1_5"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "grant_types_supported":[</div>
<div class="">&nbsp; &nbsp; "authorization_code",</div>
<div class="">&nbsp; &nbsp; "implicit",</div>
<div class="">&nbsp; &nbsp; "urn:ietf:params:oauth:grant-type:jwt-bearer",</div>
<div class="">&nbsp; &nbsp; "client_credentials",</div>
<div class="">&nbsp; &nbsp; "urn:ietf:params:oauth:grant_type:redelegate"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "revocation_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/revoke" class="">http://localhost:8080/uma-server-webapp-1.2.2/revoke</a>",</div>
<div class="">&nbsp; "userinfo_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/userinfo" class="">http://localhost:8080/uma-server-webapp-1.2.2/userinfo</a>",</div>
<div class="">&nbsp; "token_endpoint_auth_signing_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "HS256",</div>
<div class="">&nbsp; &nbsp; "HS384",</div>
<div class="">&nbsp; &nbsp; "HS512",</div>
<div class="">&nbsp; &nbsp; "RS256",</div>
<div class="">&nbsp; &nbsp; "RS384",</div>
<div class="">&nbsp; &nbsp; "RS512",</div>
<div class="">&nbsp; &nbsp; "ES256",</div>
<div class="">&nbsp; &nbsp; "ES384",</div>
<div class="">&nbsp; &nbsp; "ES512",</div>
<div class="">&nbsp; &nbsp; "PS256",</div>
<div class="">&nbsp; &nbsp; "PS384",</div>
<div class="">&nbsp; &nbsp; "PS512"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "op_tos_uri":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/about" class="">http://localhost:8080/uma-server-webapp-1.2.2/about</a>",</div>
<div class="">&nbsp; "require_request_uri_registration":false,</div>
<div class="">&nbsp; "id_token_encryption_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "RSA-OAEP",</div>
<div class="">&nbsp; &nbsp; "RSA-OAEP-256",</div>
<div class="">&nbsp; &nbsp; "RSA1_5"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "jwks_uri":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/jwk" class="">http://localhost:8080/uma-server-webapp-1.2.2/jwk</a>",</div>
<div class="">&nbsp; "subject_types_supported":[</div>
<div class="">&nbsp; &nbsp; "public",</div>
<div class="">&nbsp; &nbsp; "pairwise"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "id_token_signing_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "HS256",</div>
<div class="">&nbsp; &nbsp; "HS384",</div>
<div class="">&nbsp; &nbsp; "HS512",</div>
<div class="">&nbsp; &nbsp; "RS256",</div>
<div class="">&nbsp; &nbsp; "RS384",</div>
<div class="">&nbsp; &nbsp; "RS512",</div>
<div class="">&nbsp; &nbsp; "ES256",</div>
<div class="">&nbsp; &nbsp; "ES384",</div>
<div class="">&nbsp; &nbsp; "ES512",</div>
<div class="">&nbsp; &nbsp; "PS256",</div>
<div class="">&nbsp; &nbsp; "PS384",</div>
<div class="">&nbsp; &nbsp; "PS512",</div>
<div class="">&nbsp; &nbsp; "none"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "registration_endpoint":"<a href="http://localhost:8080/uma-server-webapp-1.2.2/register" class="">http://localhost:8080/uma-server-webapp-1.2.2/register</a>",</div>
<div class="">&nbsp; "request_object_signing_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "HS256",</div>
<div class="">&nbsp; &nbsp; "HS384",</div>
<div class="">&nbsp; &nbsp; "HS512",</div>
<div class="">&nbsp; &nbsp; "RS256",</div>
<div class="">&nbsp; &nbsp; "RS384",</div>
<div class="">&nbsp; &nbsp; "RS512",</div>
<div class="">&nbsp; &nbsp; "ES256",</div>
<div class="">&nbsp; &nbsp; "ES384",</div>
<div class="">&nbsp; &nbsp; "ES512",</div>
<div class="">&nbsp; &nbsp; "PS256",</div>
<div class="">&nbsp; &nbsp; "PS384",</div>
<div class="">&nbsp; &nbsp; "PS512"</div>
<div class="">&nbsp; ],</div>
<div class="">&nbsp; "request_object_encryption_alg_values_supported":[</div>
<div class="">&nbsp; &nbsp; "RSA-OAEP",</div>
<div class="">&nbsp; &nbsp; "RSA-OAEP-256",</div>
<div class="">&nbsp; &nbsp; "RSA1_5"</div>
<div class="">&nbsp; ]</div>
<div class="">}</div>
</div>
<div class="">
<div id="" class=""></div>
</div>
</div>
</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class="">Luiz</div>
<div class=""><br class="">
</div>
<span id="OLK_SRC_BODY_SECTION" class="">
<div style="font-family: Calibri; font-size: 12pt; text-align: left; border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-top-color: rgb(181, 196, 223);" class="">
<span style="font-weight:bold" class="">From: </span>&lt;<a href="mailto:mitreid-connect-bounces@mit.edu" class="">mitreid-connect-bounces@mit.edu</a>&gt; on behalf of Justin Richer<br class="">
<span style="font-weight:bold" class="">Date: </span>Monday, November 23, 2015 at 6:23 PM<br class="">
<span style="font-weight:bold" class="">To: </span>"<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>"<br class="">
<span style="font-weight:bold" class="">Subject: </span>Re: [mitreid-connect] UMA Resource Set creation<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div bgcolor="#FFFFFF" text="#000000" class="">This is a broken part of the UMA spec. You need to add "/resource_set" to the end of the value in "resource_set_registration_endpoint" in the discovery document. "registration_endpoint" is for dynamic client registration.
<br class="">
<br class="">
There is not currently any UI to interact with the resource set registration because this is intended to be an action taken by *resource servers* and not by users directly. The self-service developer protected resource registration is not for UMA-style protected
 resources but rather for OAuth protected resources that are set up to use token introspection.<br class="">
<br class="">
Hope that helps,<br class="">
&nbsp;-- Justin<br class="">
<br class="">
<div class="moz-cite-prefix">On 11/23/2015 4:20 PM, Luiz Omori wrote:<br class="">
</div>
<blockquote cite="mid:0351AB20-37B4-43EA-93C6-C9EA6BAE0116@dm.duke.edu" type="cite" class="">
<div class="">Hi,</div>
<div class=""><br class="">
</div>
<div class="">We are looking into the UMA implementation and have some basic questions. Is there a way to register resource sets (as in&nbsp;<a moz-do-not-send="true" href="https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html" class="">https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html</a>)
 through the UI? If not, what is the endpoint for that? We tried the registration endpoint from the well-known response but it didn’t work (<a moz-do-not-send="true" href="http://localhost:8080/uma-server-webapp-1.2.2/.well-known/openid-configuration" class="">http://localhost:8080/uma-server-webapp-1.2.2/.well-known/openid-configuration</a>&nbsp;-&gt;
 "registration_endpoint":"<a class="moz-txt-link-freetext" href="http://localhost:8080/uma-server-webapp-1.2.2/register%E2%80%9D">http://localhost:8080/uma-server-webapp-1.2.2/register”</a>)</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class="">Luiz</div>
<div class=""></div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset> <br class="">
<pre wrap="" class="">_______________________________________________
mitreid-connect mailing list
<a class="moz-txt-link-abbreviated" href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a><a class="moz-txt-link-freetext" href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></pre>
</blockquote>
<br class="">
</div>
</div>
</span></div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</div>
</span>
</div>

</div></blockquote></div><br class=""></div></body></html>