Testing the policy with cURL
Test the policy for role-based access control using cURL.
About this task
The PingAuthorize sample user data allows an employeeType
attribute but does not populate it with values for any users.
Confirm that user.2
cannot read the description
attribute, even though the profile
scope allows it, by running the following command.
curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.2", "scope": "profile", "client_id": "client1", "aud": "https://example.com"}'
The response should be similar to the following response.
{"id":"c9cbfb8c-d915-3de3-8a2c-a01c0ccc6d09","meta":{"resourceType":"Users","location":"https://localhost:7443/scim/v2/Users/c9cbfb8c-d915-3de3-8a2c-a01c0ccc6d09"},"schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"uid":["user.2"],"givenName":["Billy"],"sn":["Zaleski"]}