I have a client that is making a getUser SCIM request. It successfully can get an access token and RPT, however when it actually comes to the getUser request, I get a response with the status '403 Forbidden' with a ticket as the body of the response. According to this UMA document a permission ticket indicates the request was valid, but the client does not have permission. I have tried everything I can think of to give this client permissions, but havent managed to get it working.
Does anyone know how to give a client permissions to do SCIM requests?
My current method of attempting a request is:
Get access token using client credentials
Get RPT using access token acquired in step 1 as authorization
make domain.com/identity/seam/resource/restv1/scim/v1/Users request using RPT as authorization
Follow the seek authorization steps of sending request to RPT endpoint with ticket and old RPT. This replies with a new RPT.
Attempt step 3 again using the RPT from step 4 as authorization
Any advice would be appreciated.