UMA Setup Procedures

1. Log in to the AM console as an administrator.

2. Go to Realms > Top Level Realm > Services, and add an UMA Provider service.

   The UMA Provider page appears. The defaults that AM provides are suitable for most situations, and strike a good balance between security and ease-of-use.

   For information about the available attributes, see "UMA Provider".

Create a profile for the UMA client agent in AM for OAuth 2.0 and UMA 2.0:

1. Log in to the AM console as an administrator.

2. Go to Realms > Top Level Realm > Applications > OAuth 2.0 > Clients.

3. Click Add Client, and enter the following values:

   • Client ID: UmaClient

   • Client secret: password

   • Redirection URIs: redirection URI. For this example, leave it blank.

   • Scope(s): read openid

     You will need to enter read, press Enter, and then enter openid.

   • Default Scope(s): For this example, leave it blank.

4. Click Create. The page for the client appears.

5. In the Advanced tab, enter the following values:

   • Grant Types: UMA Resource Owner Password Credentials

     You will need to enter UMA, press Enter, and then enter Resource Owner Password Credentials.

6. Save your changes.

Create a profile for the resource server agent in AM for OAuth 2.0 and UMA 2.0:

1. Log in to the AM console as an administrator.

2. Go to Realms > Top Level Realm > Applications > OAuth 2.0 > Clients.

3. Click Add Client, and enter the following values:

   • Client ID: Uma-Resource-Server

   • Client secret: password

   • Redirection URIs: redirection URI. For this example, leave it blank.

   • Scope(s): uma_protection

   • Default Scope(s): For this example, leave it blank.

4. Click Create. The page for the client appears.

5. In the Advanced tab, enter the following values:

   • Grant Types: Resource Owner Password Credentials

6. Save your changes.

1. Log in to the AM console as an administrator.

2. Go to Realms > Top Level Realm > Services.

3. Create an OAuth 2.0 provider, or configure it if one is already created.

   • If an OAuth 2.0 provider is already created, click on it.

   • If there is no OAuth 2.0 provider, add one:

     1. Click Add a Service.

     2. On the drop-down menu, select the OAuth2 Provider service. Then, click the Create button without filling any other field.

   The OAuth 2.0 provider page appears.

4. Go to the Advanced tab.

5. Ensure that the following fields are configured:

   • Grant Types: At least, UMA and Resource Owner Password Credentials must be configured.

   • Response Type Plugins: At least, id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler and token|org.forgerock.oauth2.core.TokenResponseTypeHandler must be configured.

   For more information about configuring the OAuth 2.0 provider, see Authorization Server Configuration and OpenID Provider Configuration.

1. Log in to the AM console as an administrator.

2. Go to Realms > Top Level Realm > Identities.

3. Click New, and create a new requesting party. This example uses the following values:

   • ID: alice

   • First Name: Alice

   • Last Name: Resource-Owner

   • Full Name: Alice Resource-Owner

   • Password: password

   • Password (confirm): password

   • User Status: Active

4. Click OK to save the settings.

1. Log in to the AM console as an administrator.

2. Go to Realms > Top Level Realm > Identities.

3. Click New, and create a new requesting party. This example uses the following values:

   • ID: bob

   • First Name: Bob

   • Last Name: Requesting-Party

   • Full Name: Bob Requesting-Party

   • Password: password

   • Password (confirm): password

   • User Status: Active

4. Click OK to save the settings.