[mitreid-connect] UMA Permission ticket claims
Luiz Omori
luiz.omori at duke.edu
Mon Nov 30 12:10:37 EST 2015
Hi,
I have been trying to retrieve an UMA RPT token but it’s failing where AuthorizationRequestEndpoint tries to verify that the resource set required claims are provided in the permission ticket. I did create a sharing policy for the resource. Apparently my Permission Ticket is missing “email_verified”, “sub”, “email”. Questions:
1. Why is this verification done at all? Isn’t the Resource Server the one that requests Permission Tickets and provide them to the client? Shouldn’t the Resource Set required claims be verified against the claims within the AAT?
2. What is the correct way to pass claims during the Permission Ticket request? Currently my RS is requesting it by providing a PAT token and filling the body with resource_set_id plus some scopes.
ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs, ticket);
I’m quite new to UMA.
Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20151130/97823094/attachment.html
More information about the mitreid-connect
mailing list