Access Management 7.2.2

/uma/claims_gathering

AM-specific endpoint for handling interactive claims-gathering requests during UMA flows.

This endpoint is protected by the CSRF parameter, similar to the /oauth2/authorize endpoint. However, the CSRF parameter only takes the value of the SHA-256 hash of the requesting party’s session ID.

Supported HTTP methods
Action HTTP method

Request

GET

Request

POST

For GET requests, the endpoint does the following:

  • validates that the request has all the required parameters

  • checks that the provided claims_redirect_uri is valid

  • checks whether a session was provided with the request

  • if there is a session, validates the session and checks whether it was obtained by authenticating with the claims gathering tree

  • if the session is invalid, rotates the permission ticket, and redirects the user to the claims gathering tree for authentication

  • if the session is valid, displays a consent page, where the end user can request that a PCT be issued.

For POST requests, the endpoint does the following:

  • validates the CSRF token

  • saves the authorization decision and the gathered claims in the permission ticket, and rotates the ticket

  • returns the new ticket to the claims_redirect_uri so that the client can continue with the authorization flow

To authenticate to the endpoint, send the SSO token of the resource owner as the value of the iplanetDirectoryPro header.