I am using a fiware-idm image in a docker container (https://hub.docker.com/r/fiware/idm/) and I'm trying access the SCIM API. There is user "idm" (default user), he's provider and has all permissions. But when I try get all users:
private String getAccessToken() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
String accessToken = (String) session.getAttribute("access_token");
return accessToken;
}
public void getUsers() throws IOException {
String accessToken = getAccessToken();
Client client = ClientBuilder.newClient();
Response response = client.target("http://192.168.99.100:5000/v3/projects")
.request(MediaType.TEXT_PLAIN_TYPE)
.header("X-Auth-token", accessToken)
.get();
setResultUsersList("-- status: " + response.getStatus() + " <br>"
+ "-- headers: " + response.getHeaders() + " <br>"
+ "-- body: " + response.readEntity(String.class) + " <br>"
+ "-- token: " + accessToken);
}
I receive an error msg: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
But the authentication works and get the user infos too:
public void authenticateUser() throws OAuthSystemException, IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
OAuthClientRequest codeRequest = OAuthClientRequest
.authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
.setParameter("response_type", "code")
.setClientId(CLIENT_ID)
.setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
.buildQueryMessage();
httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}
public void requestUserInfo() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
accessToken = (String) session.getAttribute("access_token");
String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
JSONObject jsonObject = new JSONObject(strJson);
resultUserInfo = jsonObject.toString();
}
The X-Auth-Token header needed when making requests to Keystone requires a Keystone token as value, instead of the OAuth2 access token that you are currently providing.
You can obtain a Keystone token by means of a POST request to the authentication endpoint. Since one of the supported authentication methods in Keystone is OAuth2, you can even use the access token you obtained from the OAuth2 authentication to obtain a Keystone token:
POST /v3/auth/tokens
body:
"auth": {
"identity": {
"methods": [
"oauth2"
],
"oauth2": {
'access_token_id': access_token
}
}
}
You may now use the Keystone token to perform requests to the SCIM API (or to any API endpoint to which the authenticated user has permissions).
Hope this helps for you!
Please note that the request to obtain the user information works since it is being performed to an endpoint in Horizon, rather than to a Keystone endpoint.