[mitreid-connect] UMA Resource Set creation

Luiz Omori luiz.omori at duke.edu
Mon Nov 23 21:04:33 EST 2015


Humm, where is “resource_set_registration_endpoint”? See below what I’m getting from the well-known endpoint. What is the usual value for “resource_set_registration_endpoint” e.g. considering the root as http://localhost:8080/uma-server-webapp-1.2.2?

{
  "request_parameter_supported":true,
  "claims_parameter_supported":false,
  "introspection_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/introspect",
  "scopes_supported":[
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "offline_access"
  ],
  "issuer":"http://localhost:8080/uma-server-webapp-1.2.2/",
  "userinfo_encryption_enc_values_supported":[
    "A256CBC+HS512",
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128CBC+HS256"
  ],
  "id_token_encryption_enc_values_supported":[
    "A256CBC+HS512",
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128CBC+HS256"
  ],
  "authorization_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/authorize",
  "service_documentation":"http://localhost:8080/uma-server-webapp-1.2.2/about",
  "request_object_encryption_enc_values_supported":[
    "A256CBC+HS512",
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128CBC+HS256"
  ],
  "userinfo_signing_alg_values_supported":[
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "claims_supported":[
    "sub",
    "name",
    "preferred_username",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "profile",
    "picture",
    "website",
    "gender",
    "zone_info",
    "locale",
    "updated_at",
    "birthdate",
    "email",
    "email_verified",
    "phone_number",
    "phone_number_verified",
    "address"
  ],
  "claim_types_supported":[
    "normal"
  ],
  "op_policy_uri":"http://localhost:8080/uma-server-webapp-1.2.2/about",
  "token_endpoint_auth_methods_supported":[
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt",
    "none"
  ],
  "token_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/token",
  "response_types_supported":[
    "code",
    "token"
  ],
  "request_uri_parameter_supported":false,
  "userinfo_encryption_alg_values_supported":[
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ],
  "grant_types_supported":[
    "authorization_code",
    "implicit",
    "urn:ietf:params:oauth:grant-type:jwt-bearer",
    "client_credentials",
    "urn:ietf:params:oauth:grant_type:redelegate"
  ],
  "revocation_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/revoke",
  "userinfo_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/userinfo",
  "token_endpoint_auth_signing_alg_values_supported":[
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "op_tos_uri":"http://localhost:8080/uma-server-webapp-1.2.2/about",
  "require_request_uri_registration":false,
  "id_token_encryption_alg_values_supported":[
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ],
  "jwks_uri":"http://localhost:8080/uma-server-webapp-1.2.2/jwk",
  "subject_types_supported":[
    "public",
    "pairwise"
  ],
  "id_token_signing_alg_values_supported":[
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512",
    "none"
  ],
  "registration_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/register",
  "request_object_signing_alg_values_supported":[
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "request_object_encryption_alg_values_supported":[
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ]
}

Regards,
Luiz

From: <mitreid-connect-bounces at mit.edu<mailto:mitreid-connect-bounces at mit.edu>> on behalf of Justin Richer
Date: Monday, November 23, 2015 at 6:23 PM
To: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>"
Subject: Re: [mitreid-connect] UMA Resource Set creation

This is a broken part of the UMA spec. You need to add "/resource_set" to the end of the value in "resource_set_registration_endpoint" in the discovery document. "registration_endpoint" is for dynamic client registration.

There is not currently any UI to interact with the resource set registration because this is intended to be an action taken by *resource servers* and not by users directly. The self-service developer protected resource registration is not for UMA-style protected resources but rather for OAuth protected resources that are set up to use token introspection.

Hope that helps,
 -- Justin

On 11/23/2015 4:20 PM, Luiz Omori wrote:
Hi,

We are looking into the UMA implementation and have some basic questions. Is there a way to register resource sets (as in https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html) through the UI? If not, what is the endpoint for that? We tried the registration endpoint from the well-known response but it didn’t work (http://localhost:8080/uma-server-webapp-1.2.2/.well-known/openid-configuration -> "registration_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/register”)

Regards,
Luiz



_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20151123/1907d0eb/attachment-0001.html


More information about the mitreid-connect mailing list