PingAuthorize

Testing the policy with cURL

Test the policy for role-based access control using cURL.

About this task

The PingAuthorize sample user data allows an employeeType attribute but does not populate it with values for any users.

Confirm that user.2 cannot read the description attribute, even though the profile scope allows it, by running the following command.

curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.2", "scope": "profile", "client_id": "client1", "aud": "https://example.com"}'

The response should be similar to the following response.

{"id":"c9cbfb8c-d915-3de3-8a2c-a01c0ccc6d09","meta":{"resourceType":"Users","location":"https://localhost:7443/scim/v2/Users/c9cbfb8c-d915-3de3-8a2c-a01c0ccc6d09"},"schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"uid":["user.2"],"givenName":["Billy"],"sn":["Zaleski"]}