<span style=" font-size:10pt;font-family:sans-serif">I also get the same

behavior with midpoint 3.7.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">I've created a

role and assigned it to the administrator user and an user I use for testing.

 It has not helped.</span><br><br><span style=" font-size:10pt;font-family:sans-serif"><role xmlns="</span><a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/common/common-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  xmlns:q="</span><a href="http://prism.evolveum.com/xml/ns/public/query-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://prism.evolveum.com/xml/ns/public/query-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  xmlns:c="</span><a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/common/common-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  xmlns:t="</span><a href="http://prism.evolveum.com/xml/ns/public/types-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://prism.evolveum.com/xml/ns/public/types-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  xmlns:org="</span><a href="http://midpoint.evolveum.com/xml/ns/public/common/org-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/common/org-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  xmlns:icfs="</span><a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  xmlns:ri="</span><a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</span></a><span style=" font-size:10pt;font-family:sans-serif">"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  oid="82691976-2c42-42c4-9e8e-99f133a36e53"</span><br><span style=" font-size:10pt;font-family:sans-serif">   

  version="6"></span><br><span style=" font-size:10pt;font-family:sans-serif">   <name>REST

Access</name></span><br><span style=" font-size:10pt;font-family:sans-serif">   <lifecycleState>active</lifecycleState></span><br><span style=" font-size:10pt;font-family:sans-serif">   <activation></span><br><span style=" font-size:10pt;font-family:sans-serif">   

  <effectiveStatus>enabled</effectiveStatus></span><br><span style=" font-size:10pt;font-family:sans-serif">   

  <enableTimestamp>2018-02-23T15:54:18.310Z</enableTimestamp></span><br><span style=" font-size:10pt;font-family:sans-serif">   </activation></span><br><span style=" font-size:10pt;font-family:sans-serif">   <iteration>0</iteration></span><br><span style=" font-size:10pt;font-family:sans-serif">   <iterationToken/></span><br><span style=" font-size:10pt;font-family:sans-serif">   <authorization

id="1"></span><br><span style=" font-size:10pt;font-family:sans-serif">   

  <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all</span></a><span style=" font-size:10pt;font-family:sans-serif"></action></span><br><span style=" font-size:10pt;font-family:sans-serif">   

  <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#all"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#all</span></a><span style=" font-size:10pt;font-family:sans-serif"></action></span><br><span style=" font-size:10pt;font-family:sans-serif">   

  <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read"><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</span></a><span style=" font-size:10pt;font-family:sans-serif"></action></span><br><span style=" font-size:10pt;font-family:sans-serif">   

  <phase>execution</phase></span><br><span style=" font-size:10pt;font-family:sans-serif">   </authorization></span><br><span style=" font-size:10pt;font-family:sans-serif">   <requestable>false</requestable></span><br><span style=" font-size:10pt;font-family:sans-serif">   <delegable>false</delegable></span><br><span style=" font-size:10pt;font-family:sans-serif">   <idempotence>none</idempotence></span><br><span style=" font-size:10pt;font-family:sans-serif">   <roleType>Entitlement</roleType></span><br><span style=" font-size:10pt;font-family:sans-serif"></role></span><br><br><br><span style=" font-size:10pt;font-family:sans-serif">What does it take

to get REST to work?</span><br><br><span style=" font-size:10pt;color:#808080;font-family:Arial">------------------</span><br><span style=" font-size:12pt;font-family:Arial"><b>Sean Penndorf</b></span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">SaaS

Operational Services (SOS) - ID Management <span style=" font-size:10pt;color:#808080;font-family:Arial">IBM Cloud <span style=" font-size:10pt;color:#000080;font-family:Arial">srpenn@us.ibm.com <span style=" font-size:10pt;color:#808080;font-family:Arial">Office:

248-552-4791   TL  623-9966</span><br><br><br><br><br><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:

       </span><span style=" font-size:9pt;font-family:sans-serif">David

Westbrook <david.westbrook@catapultlearning.com> <span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:

       </span><span style=" font-size:9pt;font-family:sans-serif">"midpoint@lists.evolveum.com"

<midpoint@lists.evolveum.com></span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:

       </span><span style=" font-size:9pt;font-family:sans-serif">02/25/2018

11:39 AM</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:

       </span><span style=" font-size:9pt;font-family:sans-serif">[midPoint]

REST API -- gettng started</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent

by:        </span><span style=" font-size:9pt;font-family:sans-serif">"midPoint"

<midpoint-bounces@lists.evolveum.com></span><br><hr noshade><br><br><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">I’m

having trouble getting started with the REST API (midpoint v3.7) … Following

the examples in the docs:</span></p><p style="margin-top:0px;margin-Bottom:0px"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_REST-2BAPI&d=DwMFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=zELK9TvC1uVP1zuUYhUlHGxYmhAODqS64WTB7nCkepA&e="><span style=" font-size:11pt;color:#0082bf;font-family:Calibri"><u>https://wiki.evolveum.com/display/midPoint/REST+API</u></span></a></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">I’m

either getting nothing (e.g. “Find owner of shadow” example) or 403 Forbidden

(e.g. “Create or Update Object”).</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">I’m

using the default administrator account/password, which is a superuser

role.</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">What

configuration/access settings should I check?   Nothing appears in

var/log/midpoint.log  for either of these attempts.</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">curl

--user administrator:5ecr3t -X GET </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_midpoint_ws_rest_shadows_8e605d0e-2Da8a4-2D48ef-2Da3ce-2D1941df449bc4_owner&d=DwMFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=Ypy7M0Vfvx1YLyPMAhHN214OguXp7gprhjpATmJS76w&e="><span style=" font-size:11pt;color:#0082bf;font-family:Calibri"><u>http://localhost:8080/midpoint/ws/rest/shadows/8e605d0e-a8a4-48ef-a3ce-1941df449bc4/owner</u></span></a><span style=" font-size:11pt;font-family:Calibri"> # (that’s one of our account UID’s)</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">curl

-q \</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

--user administrator:5ecr3t \</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

-H "Content-Type: application/xml" \</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

</span><a href=http://localhost:8080/midpoint/ws/rest/orgs><span style=" font-size:11pt;font-family:Calibri">http://localhost:8080/midpoint/ws/rest/orgs</span></a><span style=" font-size:11pt;font-family:Calibri">\</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

--data @org1.xml</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"><org

oid="c74a7d86-7798-11e2-964e-100000000101"></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <name>F0100</name></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <description>Fine arts and stuff</description></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <parentOrgRef oid="c74a7d86-7798-11e2-964e-100000000100"

type="c:OrgType"/></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <displayName>Department of Arts</displayName></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <identifier>0100</identifier></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <orgType>functional</orgType></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <costCenter>CC100</costCenter></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

      <locality>Florence</locality></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> 

  </org></span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">Thanks!</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri">--david</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:10pt;font-family:Calibri">David

Westbrook</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:10pt;font-family:Calibri">Sr

Application Developer</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:10pt;font-family:Calibri">Catapult

Learning, LLC</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:10pt;font-family:Calibri">(803)-262-4010</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:10pt;font-family:Calibri">david.westbrook@catapultlearning.com</span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:11pt;font-family:Calibri"> </span></p><br><tt><span style=" font-size:10pt">_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br></span></tt><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=X15-bP25d26Umj4XUCSmMwg7mqRzjn2XgIHVbn3OS3A&e="><tt><span style=" font-size:10pt">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=1Sm7c9Zj9niaR9DzD9MKb20cH2sdY_ARkufN0cdauzE&s=X15-bP25d26Umj4XUCSmMwg7mqRzjn2XgIHVbn3OS3A&e=</span></tt></a><tt><span style=" font-size:10pt"><br></span></tt><br><br><BR>