Extending IG as a complete UMA-RS
Both AM and IG support UMA 1.0.1 where AM acts as UMA Authorization Server (AS) and IG as UMA Resource Server (RS).
Currently there are some limitations in AM and IG support UMA support in IG, one of the most important is: PAT is stored in IG memory and is not persisted and if IG is restarted then the resource owner must perform the entire share process again. UMA 1.0.1 where AM acts as UMA Authorization Server (AS) and IG as UMA Resource Server (RS).
Note: This post is based on UMA 1.0.1 (Support for UMA 1.0 and UMA 1.0.1 will be removed in a future version of ForgeRock Access Management)
Solution
Versions used for this implementation: IG 5, AM 5.1 and DS 5
We can overcome some of these limitations by extending IG-UMA filter:
Some of the features of this extension:
- Realm support
- Extend IG-UMA REST endpoint: Authentication using PAT
- User friendly UMA Resource name
- Persisting UMA ResourceSet id and PAT in DS/OpenDJ:
UMA Flows
- Alice share UMA resource
- Bob access UMA resource
Deploy
Testing
See Also
Originally published at http://theinfinitelooper.blogspot.com.
