[midPoint] REST API -- gettng started

Tue Feb 27 16:52:52 CET 2018

Ivan,

Removing /midpoint/  from the URL worked for me.
Thank you very much!!!

------------------
Sean Penndorf
SaaS Operational Services (SOS) - ID Management
IBM Cloud
srpenn at us.ibm.com
Office: 248-552-4791   TL  623-9966

From:   Ivan Noris <Ivan.Noris at evolveum.com>
To:     midPoint General Discussion <midpoint at lists.evolveum.com>
Date:   02/27/2018 06:52 AM
Subject:        Re: [midPoint] REST API -- gettng started
Sent by:        "midPoint" <midpoint-bounces at lists.evolveum.com>

Hi David,

are you using midpoint as standalone server or deployed in Tomcat?

If you use midPoint as standalone server (possible since 3.7), the 
/midpoint should be removed from URL, as midPoint uses empty context. I.e. 
http://localhost:8080/ or http://localhost:8080/ws/rest/......

Best regards,
Ivan

From: "David Westbrook" <david.westbrook at catapultlearning.com>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Sent: Monday, February 26, 2018 9:33:45 PM
Subject: Re: [midPoint] REST API -- gettng started

Having the same problem with both the post-3.7-fixes branch and the demo 
site.

Demo site:
   curl -q --user administrator:5ecr3t -H "Content-Type: application/xml" 
https://demo.evolveum.com/midpoint/ws/rest/orgs --data @org1.xml

And against a fresh build/install of post-3.7-fixes:
curl -q --user administrator:5ecr3t -H "Content-Type: application/xml" 
http://localhost:8080/midpoint/ws/rest/orgs --data @org0.xml

Both get HTML page of “forbidden” / “You don’t have rights…” message.

                <div class="error-page">
                        <h2 class="headline text-red">403</h2>
                        <div class="error-content">
                                <h3>
                                        <i class="fa fa-warning 
text-red"></i>
                                        <span>Forbidden</span>
                                </h3>
                                <p>
                                        <div>You don't have rights to 
see the required page, if necessary please contact system 
administrator.</div>
                                </p>

Here’s the “org0.xml” I am using:

<org oid="c74a7d86-7798-11e2-964e-100000000100">
    <name>F0000</name>
    <description>Famous workshop of Leonardo da Vinci</description>
    <displayName>Leonardo's Workshop</displayName>
    <identifier>0000</identifier>
    <orgType>functional</orgType>
    <costCenter>CC000</costCenter>
    <locality>Florence</locality>
</org>

Thanks!
--david

David Westbrook
Sr Application Developer
Catapult Learning, LLC
(803)-262-4010
david.westbrook at catapultlearning.com

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of 
Pavol Mederly
Sent: Monday, February 26, 2018 2:30 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] REST API -- gettng started

I am quite surprised. I frequently do things using REST, on a clean 
midPoint repository, without any specific settings. Just e.g. uploading 
files from Eclipse plugin (which uses REST do to that).
I use branch post-3.7-fixes (i.e. not the plain 3.7), though.
You could try this branch, if you have a minute to spare.
Pavol Mederly
Software developer
evolveum.com
On 26.02.2018 19:36, Sean R Penndorf wrote:
I also get the same behavior with midpoint 3.7.

I've created a role and assigned it to the administrator user and an user 
I use for testing.  It has not helped.

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
      xmlns:icfs="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
"
      xmlns:ri="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
      oid="82691976-2c42-42c4-9e8e-99f133a36e53"
      version="6">
   <name>REST Access</name>
   <lifecycleState>active</lifecycleState>
   <activation>
      <effectiveStatus>enabled</effectiveStatus>
      <enableTimestamp>2018-02-23T15:54:18.310Z</enableTimestamp>
   </activation>
   <iteration>0</iteration>
   <iterationToken/>
   <authorization id="1">
      <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all
</action>
      <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#all
</action>
      <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
</action>
      <phase>execution</phase>
   </authorization>
   <requestable>false</requestable>
   <delegable>false</delegable>
   <idempotence>none</idempotence>
   <roleType>Entitlement</roleType>
</role>

What does it take to get REST to work?

------------------
Sean Penndorf
SaaS Operational Services (SOS) - ID Management
IBM Cloud
srpenn at us.ibm.com
Office: 248-552-4791   TL  623-9966

From:        David Westbrook <david.westbrook at catapultlearning.com>
To:        "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Date:        02/25/2018 11:39 AM
Subject:        [midPoint] REST API -- gettng started
Sent by:        "midPoint" <midpoint-bounces at lists.evolveum.com>

I’m having trouble getting started with the REST API (midpoint v3.7) … 
Following the examples in the docs:
https://wiki.evolveum.com/display/midPoint/REST+API
I’m either getting nothing (e.g. “Find owner of shadow” example) or 403 
Forbidden (e.g. “Create or Update Object”).

I’m using the default administrator account/password, which is a superuser 
role.

What configuration/access settings should I check?   Nothing appears in 
var/log/midpoint.log  for either of these attempts.

curl --user administrator:5ecr3t -X GET 
http://localhost:8080/midpoint/ws/rest/shadows/8e605d0e-a8a4-48ef-a3ce-1941df449bc4/owner 
# (that’s one of our account UID’s)

curl -q \
  --user administrator:5ecr3t \
  -H "Content-Type: application/xml" \
  http://localhost:8080/midpoint/ws/rest/orgs\
  --data @org1.xml

<org oid="c74a7d86-7798-11e2-964e-100000000101">
        <name>F0100</name>
        <description>Fine arts and stuff</description>
        <parentOrgRef oid="c74a7d86-7798-11e2-964e-100000000100" 
type="c:OrgType"/>
        <displayName>Department of Arts</displayName>
        <identifier>0100</identifier>
        <orgType>functional</orgType>
        <costCenter>CC100</costCenter>
        <locality>Florence</locality>
    </org>

Thanks!
--david

David Westbrook
Sr Application Developer
Catapult Learning, LLC
(803)-262-4010
david.westbrook at catapultlearning.com

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=X15-bP25d26Umj4XUCSmMwg7mqRzjn2XgIHVbn3OS3A&e=

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=ekPFeGOCrrpcWZfF4MdJSpYP-Sbvl6dozN1K4t25Gak&s=xddBnUtg17P7se8xj-ldLLMFhJDljb8iPRiAqx_1zEc&e=

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180227/9144e0b1/attachment.htm>