[midPoint] REST API -- gettng started

Ivan Noris Ivan.Noris at evolveum.com
Wed Feb 28 12:29:30 CET 2018 

Hi Sean, 

I'm glad that it worked, this is one of changes with midPoint 3.7 (but only if you use standalone deployment; deployment using Tomcat is still the same). 

Ivan 

----- Original Message -----

> From: "Sean R Penndorf" <srpenn at us.ibm.com>
> To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
> Sent: Tuesday, February 27, 2018 4:52:52 PM
> Subject: Re: [midPoint] REST API -- gettng started

> Ivan,

> Removing /midpoint/ from the URL worked for me.
> Thank you very much!!!

> ------------------
> Sean Penndorf
> SaaS Operational Services (SOS) - ID Management
> IBM Cloud
> srpenn at us.ibm.com
> Office: 248-552-4791 TL 623-9966

> From: Ivan Noris <Ivan.Noris at evolveum.com>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Date: 02/27/2018 06:52 AM
> Subject: Re: [midPoint] REST API -- gettng started
> Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>

> Hi David,

> are you using midpoint as standalone server or deployed in Tomcat?

> If you use midPoint as standalone server (possible since 3.7), the /midpoint
> should be removed from URL, as midPoint uses empty context. I.e.
> http://localhost:8080/ or http://localhost:8080/ws/rest/......

> Best regards,
> Ivan

> From: "David Westbrook" <david.westbrook at catapultlearning.com>
> To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
> Sent: Monday, February 26, 2018 9:33:45 PM
> Subject: Re: [midPoint] REST API -- gettng started

> Having the same problem with both the post-3.7-fixes branch and the demo
> site.

> Demo site:

> curl -q --user administrator:5ecr3t -H "Content-Type: application/xml"
> https://demo.evolveum.com/midpoint/ws/rest/orgs --data @org1.xml

> And against a fresh build/install of post-3.7-fixes:

> curl -q --user administrator:5ecr3t -H "Content-Type: application/xml"
> http://localhost:8080/midpoint/ws/rest/orgs --data @org0.xml

> Both get HTML page of “forbidden” / “You don’t have rights…” message.

> <div class="error-page">

> <h2 class="headline text-red">403</h2>

> <div class="error-content">

> <h3>

> <i class="fa fa-warning text-red"></i>

> <span>Forbidden</span>

> </h3>

> <p>

> <div>You don't have rights to see the required page, if necessary please
> contact system administrator.</div>

> </p>

> Here’s the “org0.xml” I am using:

> <org oid="c74a7d86-7798-11e2-964e-100000000100">

> <name>F0000</name>

> <description>Famous workshop of Leonardo da Vinci</description>

> <displayName>Leonardo's Workshop</displayName>

> <identifier>0000</identifier>

> <orgType>functional</orgType>

> <costCenter>CC000</costCenter>

> <locality>Florence</locality>

> </org>

> Thanks!

> --david

> David Westbrook

> Sr Application Developer

> Catapult Learning, LLC

> (803)-262-4010

> david.westbrook at catapultlearning.com

> From: midPoint [ mailto:midpoint-bounces at lists.evolveum.com ] On Behalf Of
> Pavol Mederly
> Sent: Monday, February 26, 2018 2:30 PM
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] REST API -- gettng started

> I am quite surprised. I frequently do things using REST, on a clean midPoint
> repository, without any specific settings. Just e.g. uploading files from
> Eclipse plugin (which uses REST do to that).
> I use branch post-3.7-fixes (i.e. not the plain 3.7), though.
> You could try this branch, if you have a minute to spare.

> Pavol Mederly

> Software developer

> evolveum.com

> On 26.02.2018 19:36, Sean R Penndorf wrote:

> I also get the same behavior with midpoint 3.7.

> I've created a role and assigned it to the administrator user and an user I
> use for testing. It has not helped.

> <role xmlns=" http://midpoint.evolveum.com/xml/ns/public/common/common-3 "
> xmlns:q=" http://prism.evolveum.com/xml/ns/public/query-3 "
> xmlns:c=" http://midpoint.evolveum.com/xml/ns/public/common/common-3 "
> xmlns:t=" http://prism.evolveum.com/xml/ns/public/types-3 "
> xmlns:org=" http://midpoint.evolveum.com/xml/ns/public/common/org-3 "
> xmlns:icfs="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
> "
> xmlns:ri=" http://midpoint.evolveum.com/xml/ns/public/resource/instance-3 "
> oid="82691976-2c42-42c4-9e8e-99f133a36e53"
> version="6">
> <name>REST Access</name>
> <lifecycleState>active</lifecycleState>
> <activation>
> <effectiveStatus>enabled</effectiveStatus>
> <enableTimestamp>2018-02-23T15:54:18.310Z</enableTimestamp>
> </activation>
> <iteration>0</iteration>
> <iterationToken/>
> <authorization id="1">
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#all
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
> </action>
> <phase>execution</phase>
> </authorization>
> <requestable>false</requestable>
> <delegable>false</delegable>
> <idempotence>none</idempotence>
> <roleType>Entitlement</roleType>
> </role>

> What does it take to get REST to work?

> ------------------
> Sean Penndorf
> SaaS Operational Services (SOS) - ID Management
> IBM Cloud
> srpenn at us.ibm.com
> Office: 248-552-4791 TL 623-9966

> From: David Westbrook <david.westbrook at catapultlearning.com>
> To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> Date: 02/25/2018 11:39 AM
> Subject: [midPoint] REST API -- gettng started
> Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>

> I’m having trouble getting started with the REST API (midpoint v3.7) …
> Following the examples in the docs:

> https://wiki.evolveum.com/display/midPoint/REST+API

> I’m either getting nothing (e.g. “Find owner of shadow” example) or 403
> Forbidden (e.g. “Create or Update Object”).

> I’m using the default administrator account/password, which is a superuser
> role.

> What configuration/access settings should I check? Nothing appears in
> var/log/midpoint.log for either of these attempts.

> curl --user administrator:5ecr3t -X GET
> http://localhost:8080/midpoint/ws/rest/shadows/8e605d0e-a8a4-48ef-a3ce-1941df449bc4/owner
> # (that’s one of our account UID’s)

> curl -q \

> --user administrator:5ecr3t \

> -H "Content-Type: application/xml" \

> http://localhost:8080/midpoint/ws/rest/orgs \

> --data @org1.xml

> <org oid="c74a7d86-7798-11e2-964e-100000000101">

> <name>F0100</name>

> <description>Fine arts and stuff</description>

> <parentOrgRef oid="c74a7d86-7798-11e2-964e-100000000100" type="c:OrgType"/>

> <displayName>Department of Arts</displayName>

> <identifier>0100</identifier>

> <orgType>functional</orgType>

> <costCenter>CC100</costCenter>

> <locality>Florence</locality>

> </org>

> Thanks!

> --david

> David Westbrook

> Sr Application Developer

> Catapult Learning, LLC

> (803)-262-4010

> david.westbrook at catapultlearning.com

> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=X15-bP25d26Umj4XUCSmMwg7mqRzjn2XgIHVbn3OS3A&e=

> _______________________________________________

> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=ekPFeGOCrrpcWZfF4MdJSpYP-Sbvl6dozN1K4t25Gak&s=xddBnUtg17P7se8xj-ldLLMFhJDljb8iPRiAqx_1zEc&e=

> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris 
Senior Identity Engineer 
evolveum.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180228/96688e1a/attachment.htm>

More information about the midPoint mailing list