Query scope returned by SSO external identity using UAA endpoints
search cancel

Query scope returned by SSO external identity using UAA endpoints

book

Article ID: 381244

calendar_today

Updated On:

Products

VMware Tanzu Application Service

Issue/Introduction

You can integrate Tanzu SSO with an external identity. When you test accessing your application and you noticed that the scopes returned is not what is expected you can use UAA endpoints to check on query scopes on specific users or client.

Resolution

You can use the UAA endpoints to get scope details for troubleshooting SSO issues:

1. login using your uaac cli

uaac target uaa.UAA-DOMAIN --skip-ssl-validation
uaac token client get admin -s ADMIN-CLIENT-SECRET

2. Determine your subdomain

uaac curl -k "/identity-zones"

3. Use the following UAA endpoint to query User or Client Scopes

 

Scope details for users

  • Listing all User details which include user ids and scope on specific subdomain
uaac curl -k "/Users" -H "X-Identity-Zone-Subdomain:<sub-domain>"
  • Listing a User detail with specific user id within a subdomain
uaac curl -k "/Users/<user-id>" -H "X-Identity-Zone-Subdomain:<sub-domain>"
  • Listing a User detail with specific username within a subdomain
uaac curl -H "X-Identity-Zone-Subdomain:<sub-domain>" "/Users?filter=username+eq+%22<username>%22"

 

Getting scope details for clients

  • Listing all client details within a subdomain
uaac curl -k "/oauth/clients" -H "X-Identity-Zone-Subdomain:<sub-domain>"
  • Listing a client details within a subdomain
uaac curl -k "/oauth/clients" -H "X-Identity-Zone-Subdomain:<sub-domain>"