Group Membership Information From OAuth using /ms_oauth/resources/userprofile/me Endpoint result in HTTP 404 (Doc ID 2271408.1)

Last updated on JUNE 06, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.170117 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3.170117

ACTUAL BEHAVIOR
---------------
How to  get the user group membership (memberOf) using /me endpoint

It is documented in the product document(refer the link below) that memberOf endpoint can be accessed using "http://:/.../idX/memberOf" where idX is the entity ID. But it's not working as documented

http://docs.oracle.com/cd/E52734_01/oam/AIAAG/GUID-1E3E3014-A1BB-40FC-82AF-19944ADD8D26.htm#GUID-8D64928F-DC29-42F5-B6C2-212B261F293A

Requirement is to get the user's group membership (memberOf attribute) by passing the access token. We can get the user profile using /ms_oauth/resources/userprofile/me by passing the access token. But not able to get the group membership using /ms_oauth/resources/userprofile/me/memberOf/

The only way to get the group detail is using /ms_oauth/resources/userprofile/users/S5091128D/memberOf but  have to provide access to the scope UserProfile.users to the user. Allowing scope UserProfile.users will allow full directory access .

MOS Doc ID 2250864.1, suggest to use /oic_rest/rest/userprofile but this endpoint is unprotected, one can access this endpoint without an access token.

 

1. Get token
$ curl -i --request POST
http://vm.in.oracle.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -H 'Authorization:Basic d2VibG9naWM6d2VsY29tZTE=' -d
'grant_type=password&username=weblogic&password=welcome1&scope=UserProfile.me'

2. use the token and access /me/memberof

curl -i --request GET
"http://vm.in.oracle.com:14100/ms_oauth/resources/userprofile/me/memberof" -H
'Authorization:<token>'

HTTP/1.1 404 Not Found
Date: Wed, 17 May 2017 12:32:51 GMT
Transfer-Encoding: chunked
Content-Type: application/json
X-ORACLE-DMS-ECID:
cd35b8b3ac46c999:-31653301:15b7b08f071:-8000-00000000002f022c
X-Powered-By: Servlet/2.5 JSP/2.1
.
{"oicErrorCode":"IDAAS-20028","message":"null for uri:
http://vm.in.oracle.com:14100/ms_oauth/resources/userprofile/me/memberof"}




Changes

 None

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms