/uma/claims_gathering
AM-specific endpoint for handling interactive claims-gathering requests during UMA flows.
|
This endpoint is protected by the CSRF parameter, similar to the |
Supported HTTP methods
| Action | HTTP method |
|---|---|
Request |
GET |
Request |
POST |
For GET requests, the endpoint does the following:
-
validates that the request has all the required parameters
-
checks that the provided
claims_redirect_uriis valid -
checks whether a session was provided with the request
-
if there is a session, validates the session and checks whether it was obtained by authenticating with the claims gathering tree
-
if the session is invalid, rotates the permission ticket, and redirects the user to the claims gathering tree for authentication
-
if the session is valid, displays a consent page, where the end user can request that a PCT be issued.
For POST requests, the endpoint does the following:
-
validates the CSRF token
-
saves the authorization decision and the gathered claims in the permission ticket, and rotates the ticket
-
returns the new ticket to the
claims_redirect_uriso that the client can continue with the authorization flow
To authenticate to the endpoint, send the SSO token of the resource owner as the value of the iplanetDirectoryPro header.