Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error getting scim configuration from jans-config-api when test-client is used #1615

Closed
devrimyatar opened this issue Jun 27, 2022 · 5 comments
Closed

Error getting scim configuration from jans-config-api when test-client is used #1615

devrimyatar opened this issue Jun 27, 2022 · 5 comments
Assignees
@devrimyatar
Labels
comp-jans-config-api Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Milestone
1.0.3

Comments

@devrimyatar
Copy link
Contributor

Describe the bug
jans-config-api raises insufficient scope when test-client is used. In swagger file, scope for getting scim configuration is https://jans.io/scim/config.readonly, but config-api raises

'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]

To Reproduce
Steps to reproduce the behavior:

  1. Install linux-jans with setup option --cli-test-client
  2. Execute CLI as /opt/jans/jans-cli/config-cli.py -use-test-client
  3. Go option 12 (SCIM), then 1 (Config Management), finally 1 (Retrieves SCIM App configuration)
  4. See this error:
2022-06-27 15:57:12,576 DEBUG https://snap.gluu.org:443 "GET /jans-config-api/scim/config HTTP/1.1" 401 172
2022-06-27 15:57:12,576 DEBUG https://snap.gluu.org:443 "GET /jans-config-api/scim/config HTTP/1.1" 401 172
2022-06-27 15:57:12,576 DEBUG response body: b'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]'
2022-06-27 15:57:12,576 DEBUG response body: b'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]'
Error retreiving data

Unauthorized
b'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]'

Expected behavior
jans-config-api should return scim configuration

Additional context
Whole debug output:

Retrieves SCIM App configuration
Retrieves SCIM configuration.
-----------------------------
Please wait while retreiving data ...

Getting access token for scope https://jans.io/scim/config.readonly
2022-06-27 15:57:12,418 DEBUG Starting new HTTPS connection (1): snap.gluu.org:443
2022-06-27 15:57:12,418 DEBUG Starting new HTTPS connection (1): snap.gluu.org:443
send: b'POST /jans-auth/restv1/token HTTP/1.1\r\nHost: snap.gluu.org\r\nAccept-Encoding: identity\r\nContent-Length: 82\r\nContent-Type: application/x-www-form-urlencoded\r\nauthorization: Basic MTgwMC5kZjdmYWEyZi03ZWU4LTQxZWUtOWZmOC1kMTI1ZDg3ODA4MGU6ZXdkYkFRdW9SRUdV\r\n\r\n'
send: b'grant_type=client_credentials&scope=https%3A%2F%2Fjans.io%2Fscim%2Fconfig.readonly'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Mon, 27 Jun 2022 09:27:12 GMT
header: Server: Apache/2.4.41 (Ubuntu)
header: X-Xss-Protection: 1; mode=block
header: X-Content-Type-Options: nosniff
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: Expires: Thu, 01 Jan 1970 00:00:00 GMT
header: Cache-Control: no-store
header: Content-Type: application/json
header: Pragma: no-cache
header: Content-Length: 141
header: Set-Cookie: X-Correlation-Id=50b76976-6f82-41a9-8c2c-93b526abbf9b; Secure; HttpOnly;HttpOnly
2022-06-27 15:57:12,499 DEBUG https://snap.gluu.org:443 "POST /jans-auth/restv1/token HTTP/1.1" 200 141
2022-06-27 15:57:12,499 DEBUG https://snap.gluu.org:443 "POST /jans-auth/restv1/token HTTP/1.1" 200 141
2022-06-27 15:57:12,513 DEBUG Starting new HTTPS connection (1): snap.gluu.org:443
2022-06-27 15:57:12,513 DEBUG Starting new HTTPS connection (1): snap.gluu.org:443
send: b'GET /jans-config-api/scim/config HTTP/1.1\r\nHost: snap.gluu.org\r\nAccept-Encoding: identity\r\nAccept: application/json\r\nUser-Agent: Swagger-Codegen/1.0.0/python\r\nAuthorization: Bearer deef136d-56db-4f69-aecd-510016e1c9d6\r\nContent-Type: application/json\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Mon, 27 Jun 2022 09:27:12 GMT
header: Server: Apache/2.4.41 (Ubuntu)
header: X-Xss-Protection: 1; mode=block
header: X-Content-Type-Options: nosniff
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: Content-Type: application/json
header: WWW-Authenticate: Bearer
header: Content-Length: 172
2022-06-27 15:57:12,576 DEBUG https://snap.gluu.org:443 "GET /jans-config-api/scim/config HTTP/1.1" 401 172
2022-06-27 15:57:12,576 DEBUG https://snap.gluu.org:443 "GET /jans-config-api/scim/config HTTP/1.1" 401 172
2022-06-27 15:57:12,576 DEBUG response body: b'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]'
2022-06-27 15:57:12,576 DEBUG response body: b'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]'
Error retreiving data

Unauthorized
b'oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]'
@devrimyatar devrimyatar added the comp-jans-config-api Component affected by issue or PR label Jun 27, 2022
@devrimyatar devrimyatar assigned pujavs and unassigned moabu Jun 27, 2022
@devrimyatar devrimyatar added the kind-bug Issue or PR is a bug in existing functionality label Jun 27, 2022
@moabu moabu added this to the 1.0.1 milestone Jun 27, 2022
@pujavs
Copy link
Contributor

pujavs commented Jul 6, 2022
edited
Loading

@devrimyatar, Issue is with the test client code.
When tested with client with required scope the functionality is working
image

image

@devrimyatar
Copy link
Contributor Author

devrimyatar commented Jul 6, 2022
edited
Loading

@pujavs Error is clear
oAuth authorization error Insufficient scopes! , Required scope: [https://jans.io/oauth/config/fido2.readonly], however token scopes: [https://jans.io/scim/config.readonly]

When I change this line https://github.com/JanssenProject/jans/blob/main/jans-config-api/docs/jans-config-api-swagger.yaml#L2659

From
- oauth2: [https://jans.io/scim/config.readonly]
To
- oauth2: [https://jans.io/oauth/config/fido2.readonly]

It works. We need this adjustment. It is not clear to me why retreiving scim configuration requires a fido2 scope.

@moabu moabu modified the milestones: 1.0.1, 1.0.2 Jul 8, 2022
@pujavs pujavs mentioned this issue Jul 15, 2022
Merged
@pujavs
Copy link
Contributor

pujavs commented Jul 15, 2022

@devrimyatar i have fixed the conflict of path between SCIM and Fido via #1805
However you will have to check the test-client scopes

With test client it is giving error Insufficient scopes for few endpoints that i tested,

SCIM

image

Attributes

image

UMA Resource

image

@pujavs pujavs assigned devrimyatar and unassigned pujavs Jul 18, 2022
@pujavs
Copy link
Contributor

pujavs commented Jul 18, 2022

Assigning it to @devrimyatar for verifying issue with test-client

@moabu moabu modified the milestones: 1.0.2, 1.0.3 Aug 30, 2022
@devrimyatar
Copy link
Contributor Author

This issue was fixed before
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@devrimyatar devrimyatar

Labels
comp-jans-config-api Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
1.0.3
Development

No branches or pull requests
3 participants
@devrimyatar @pujavs @moabu