Cannot delete OAUTH grants and devices on ISAM for Mobile

When using ISAM for Mobile, and you access the User Self Service/User Self Care pages for managing OAuth Grants, there is the option to delete and manage your grants.

https://<ISAM for Mobile Host>/mga/sps/mga/user/mgmt/html/device/device_selection.html

grantlist

In earlier versions of ISAM for Mobile, the configuration prevented DELETE and PUT operations. This meant that WebSEAL would not allow the grant deletion and modification.

#---------------------
# Method disablement
#---------------------
# Specify the HTTP methods which should be blocked when requesting local or 
# remote resources. Multiple methods should be separated with a comma (','). 
# For example, to block access to the TRACE and PUT methods over local 
# junctions the configuration entry would be:
# http-method-disabled-local = TRACE,PUT
#
http-method-disabled-local = TRACE,PUT,DELETE,CONNECT
http-method-disabled-remote = TRACE,PUT,DELETE,CONNECT

Look for the above section in the WebSEAL configuration file, and remove the “DELETE” and “PUT” options.

http-method-disabled-remote = TRACE,CONNECT

Additionally, I’ve found that the ACLs can be a problem, if you still can’t make it work, add “d” and “m” to the ACL protecting the APIs.

In recent versions of ISAM, there is now a specific REST ACL, this should now be set automatically, and you won’t likely face this problem, however if you’re accessing these APIs from another non MGA configured instance, you can still use the REST ACL isam_mobile_rest, just look for the following:

newACL

To make your own that works – open up a PDADMIN session on the command line via the console or the SSH, using the Policy Administration UI, or via the REST API, and run the following commands.

pdadmin sec_master> acl modify someacl set any-other Trxdm
pdadmin sec_master> s r

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: