Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6740

need to add delegation privilege of checking a users' token's MaxTime to a privilege such as RealmAdmin

    Details

    • Story Points:
      2
    • Support Ticket IDs:

      Description

      With the Legacy API, one is able to check a token's MaxTime and IdleTime parameters without having to authenticate.

      With the new REST API, one is ONLY able to check these values as the amAdmin.

      This is a request to be to add this feature to the configured Delegated Privileges such as the RealmAdmin

      We are using the following API to get the max time of a session which requires a amadmin session id.
      http://openam.example.com:8080/openam/json/sessions/?_action=getMaxTime&tokenId=<userToken>

      if you try to make the above call you get this response:

      {"code":403,"reason":"Forbidden","message":"User is not an administrator."}

      Delegated Privilege being discussed is here:
      http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index.html#delegate-realm-administration

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dipu.seminlal Dipu Seminlal
                Reporter:
                david.bate David Bate
              • Votes:
                4 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: