/json/users/{user}/uma/policies
AM-specific endpoint used to create, delete, read, update, and query UMA policies.
Action | HTTP Method |
---|---|
Create | PUT |
Read | GET |
Update | PUT |
Delete | DELETE |
Query | GET |
Tip
Use the AM API Explorer for detailed information about this endpoint, and to test it against your deployed AM instance.
In the AM console, click the Help icon, and then go to API Explorer > users > {user} > uma > policies.
You must compose the path to the token endpoint addressing the specific realm where the token will be issued. For example, https://openam.example.com:8443/openam/json/realms/root/realms/subrealm1/users/{user}/uma/policies
.
The policies endpoint does not support any parameters. To authenticate to the endpoint, send the SSO token of the resource owner as the value of the iplanetDirectoryPro
header.
To create or update a policy, make an HTTP PUT call to the endpoint, adding the description of the policy as a JSON document in the body. For example:
{ "policyId": "UMA_resource_ID_12345678", "permissions": [ { "subject": "requesting_party_identity", "scopes": [ "view", "comment", "download" ] } ] }
All the objects in the JSON are mandatory.
The value of the policyID
object is an UMA resource ID. To obtain it, query the "/uma/resource_set" endpoint.
The value of the subject
object is the username or identity associated with the requesting party. In other words, the person, device, or client that the policy grants permission to.
The value of the scopes
object is an array of permissions or scopes that are granted to the subject
. They must be in concordance with the scopes supported by the resource that the policy protects.
For examples of using this endpoint, see "How to Manage UMA Policies".