Cannot delete OAUTH grants and devices on ISAM for Mobile

When using ISAM for Mobile, and you access the User Self Service/User Self Care pages for managing OAuth Grants, there is the option to delete and manage your grants.

https://<ISAM for Mobile Host>/mga/sps/mga/user/mgmt/html/device/device_selection.html


In earlier versions of ISAM for Mobile, the configuration prevented DELETE and PUT operations. This meant that WebSEAL would not allow the grant deletion and modification.

# Method disablement
# Specify the HTTP methods which should be blocked when requesting local or 
# remote resources. Multiple methods should be separated with a comma (','). 
# For example, to block access to the TRACE and PUT methods over local 
# junctions the configuration entry would be:
# http-method-disabled-local = TRACE,PUT
http-method-disabled-local = TRACE,PUT,DELETE,CONNECT
http-method-disabled-remote = TRACE,PUT,DELETE,CONNECT

Look for the above section in the WebSEAL configuration file, and remove the “DELETE” and “PUT” options.

http-method-disabled-remote = TRACE,CONNECT

Additionally, I’ve found that the ACLs can be a problem, if you still can’t make it work, add “d” and “m” to the ACL protecting the APIs.

In recent versions of ISAM, there is now a specific REST ACL, this should now be set automatically, and you won’t likely face this problem, however if you’re accessing these APIs from another non MGA configured instance, you can still use the REST ACL isam_mobile_rest, just look for the following:


To make your own that works – open up a PDADMIN session on the command line via the console or the SSH, using the Policy Administration UI, or via the REST API, and run the following commands.

pdadmin sec_master> acl modify someacl set any-other Trxdm
pdadmin sec_master> s r


Comments are closed.

Website Built with

Up ↑

%d bloggers like this: