[midPoint] REST API -- gettng started

David Westbrook david.westbrook at catapultlearning.com
Mon Feb 26 21:33:45 CET 2018 

Having the same problem with both the post-3.7-fixes branch and the demo site.

Demo site:
   curl -q --user administrator:5ecr3t -H "Content-Type: application/xml" https://demo.evolveum.com/midpoint/ws/rest/orgs --data @org1.xml

And against a fresh build/install of post-3.7-fixes:
curl -q --user administrator:5ecr3t -H "Content-Type: application/xml" http://localhost:8080/midpoint/ws/rest/orgs --data @org0.xml


Both get HTML page of “forbidden” / “You don’t have rights…” message.

                <div class="error-page">
                        <h2 class="headline text-red">403</h2>
                        <div class="error-content">
                                <h3>
                                        <i class="fa fa-warning text-red"></i>
                                        <span>Forbidden</span>
                                </h3>
                                <p>
                                        <div>You don't have rights to see the required page, if necessary please contact system administrator.</div>
                                </p>

Here’s the “org0.xml” I am using:

<org oid="c74a7d86-7798-11e2-964e-100000000100">
    <name>F0000</name>
    <description>Famous workshop of Leonardo da Vinci</description>
    <displayName>Leonardo's Workshop</displayName>
    <identifier>0000</identifier>
    <orgType>functional</orgType>
    <costCenter>CC000</costCenter>
    <locality>Florence</locality>
</org>

Thanks!
--david

David Westbrook
Sr Application Developer
Catapult Learning, LLC
(803)-262-4010
david.westbrook at catapultlearning.com



From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Monday, February 26, 2018 2:30 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] REST API -- gettng started


I am quite surprised. I frequently do things using REST, on a clean midPoint repository, without any specific settings. Just e.g. uploading files from Eclipse plugin (which uses REST do to that).

I use branch post-3.7-fixes (i.e. not the plain 3.7), though.

You could try this branch, if you have a minute to spare.

Pavol Mederly

Software developer

evolveum.com
On 26.02.2018 19:36, Sean R Penndorf wrote:
I also get the same behavior with midpoint 3.7.

I've created a role and assigned it to the administrator user and an user I use for testing.  It has not helped.

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
      oid="82691976-2c42-42c4-9e8e-99f133a36e53"
      version="6">
   <name>REST Access</name>
   <lifecycleState>active</lifecycleState>
   <activation>
      <effectiveStatus>enabled</effectiveStatus>
      <enableTimestamp>2018-02-23T15:54:18.310Z</enableTimestamp>
   </activation>
   <iteration>0</iteration>
   <iterationToken/>
   <authorization id="1">
      <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all</action>
      <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#all</action>
      <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
      <phase>execution</phase>
   </authorization>
   <requestable>false</requestable>
   <delegable>false</delegable>
   <idempotence>none</idempotence>
   <roleType>Entitlement</roleType>
</role>


What does it take to get REST to work?

------------------
Sean Penndorf
SaaS Operational Services (SOS) - ID Management
IBM Cloud
srpenn at us.ibm.com<mailto:srpenn at us.ibm.com>
Office: 248-552-4791   TL  623-9966





From:        David Westbrook <david.westbrook at catapultlearning.com><mailto:david.westbrook at catapultlearning.com>
To:        "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date:        02/25/2018 11:39 AM
Subject:        [midPoint] REST API -- gettng started
Sent by:        "midPoint" <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com>
________________________________


I’m having trouble getting started with the REST API (midpoint v3.7) … Following the examples in the docs:

https://wiki.evolveum.com/display/midPoint/REST+API<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_REST-2BAPI&d=DwMFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=zELK9TvC1uVP1zuUYhUlHGxYmhAODqS64WTB7nCkepA&e=>

I’m either getting nothing (e.g. “Find owner of shadow” example) or 403 Forbidden (e.g. “Create or Update Object”).



I’m using the default administrator account/password, which is a superuser role.



What configuration/access settings should I check?   Nothing appears in var/log/midpoint.log  for either of these attempts.



curl --user administrator:5ecr3t -X GET http://localhost:8080/midpoint/ws/rest/shadows/8e605d0e-a8a4-48ef-a3ce-1941df449bc4/owner<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_midpoint_ws_rest_shadows_8e605d0e-2Da8a4-2D48ef-2Da3ce-2D1941df449bc4_owner&d=DwMFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=Ypy7M0Vfvx1YLyPMAhHN214OguXp7gprhjpATmJS76w&e=> # (that’s one of our account UID’s)



curl -q \

  --user administrator:5ecr3t \

  -H "Content-Type: application/xml" \

  http://localhost:8080/midpoint/ws/rest/orgs\

  --data @org1.xml





<org oid="c74a7d86-7798-11e2-964e-100000000101">

        <name>F0100</name>

        <description>Fine arts and stuff</description>

        <parentOrgRef oid="c74a7d86-7798-11e2-964e-100000000100" type="c:OrgType"/>

        <displayName>Department of Arts</displayName>

        <identifier>0100</identifier>

        <orgType>functional</orgType>

        <costCenter>CC100</costCenter>

        <locality>Florence</locality>

    </org>



Thanks!

--david



David Westbrook

Sr Application Developer

Catapult Learning, LLC

(803)-262-4010

david.westbrook at catapultlearning.com<mailto:david.westbrook at catapultlearning.com>





_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=X15-bP25d26Umj4XUCSmMwg7mqRzjn2XgIHVbn3OS3A&e=







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180226/cdd0591e/attachment.htm>

More information about the midPoint mailing list