REST error User Application 4.7.2 Is able to get access_token but not a successfull Rest API call

 

I follow REST API Documentation (below) and successfully and I get a access_token

Determine where your authorization server is listening for logins. Usually it is the server base url /osp/a/idm/auth/oauth2/grant.
Obtain OSP client userid and password. Out of the box, client id is rbpm and password as set by your system administrator during install.
Obtain a userid and password of a user who has the required privilege for the API you wish to call.
Create a REST POST request with the following characteristics:
content-type header: application/x-www-form-urlencoded
authorization header: Basic Auth format using client userid/password from step 2 above
body: \"grant_type=password&username=USERID&password=PASSWORD\", where USERID and PASSWORD are from step 3 above
The JSON response comes back like this:{\n \"access_token\": \"eHwAIIo/s5YRJUlk7vudjO3DQSHcwsubZOe...\",\n \"token_type\": \"bearer\",\n \"expires_in\": 2592001,\n \"refresh_token\": \"eHwAIMImaydGbAamBgNA1CEGcFjCXNcaqM4OA...\"\n}\n

This below results in error 404:

Sample Rest API call:
Consider a POST request for creating a new Navigation item in Applications page.

1) Setting Authorization header
Access token generated by following the above mentioned steps is used in the API call as follows :

Authorization header : Bearer [space] [Access Token]

2) Request method: POST
3) Request URL: [host url]/rest/access/ulp/items
4) Content-type: application/json
5) Payload
{ "items":[ { "name":"Microfocus", "desc":"Microfocus Link", "appUrl":"http://www.microfocus.com", "idmdashAppUrl":"http://www.microfocus.com", "itemOrder":11, "image":"", "idmdashImage":"", "itemCategoryId":1 } ] }

Like this:

POST MY_SERVER_DNS:8543/.../items

Authorization Header:  Bearer eH8AIOhLw0QRslPNMDf56FBMUM8ye4aeyiZN7/43ZeO2KT9yBCe7ZS4XKwp4OFa9lL7xLxzb6c4P7LiAtvD8LL@C9cHBMDku1XL3@F0lpAKeR6ngRpF43uHdWpaiLgp6GmS1l74O7tf9/2DisHHZoUyCSi55SNzu4CpU9RfZ96lZTLv5cl3ju5cT3sCRtDSCK36xOQ5iwtISG48euLN6GUcY3/rlBf6fJdfxa0RUcaKactZb

Payload/Body  Content-type: application/json:  {"items":[{"name":"Microfocus","desc":"Microfocus Link","appUrl":"http://www.microfocus.com","idmdashAppUrl":"http://www.microfocus.com","itemOrder":11,"image":"","idmdashImage":"","itemCategoryId":1}]}

Response: HTTP/1.1 404
Content-Length: 0
Date: Sat, 17 Aug 2019 10:08:42 GMT 

I get no errors in catalina.out

Any ideas?

  • Only POST Method is not working ?

     

  • No, I have tested GET /access/requests/history, (server:port/.../history). And GET /users/userDefaults (server:port/.../userDefaults).

    Also this: GET /statistics/memoryinfo (server:port/.../memoryinfo).

    Error 404.

  • To clarify, have you been able to get a token from OAuth?  If not, enable logging to ALL on OSP.

    /op/netiq/idm/apps/tomcat/bin/setenv.sh file in the last line look for the osp log param set to WARN probably and change to ALL for debugging (Put it back when done, super duper verbose).

    See if that gives you any error messages.

  • Embarrassing to say but I connected to my iManager server -not User Application.

    I do get a error now and not a access token:

     

    "Fault": 
    "Value": "Sender",
    "Subcode": 
    "Value": "XDAS_OUT_ENTITY_NON_EXISTANT"
    "Code":
     
    "Reason": 
    "Text": "Not found: auth"

     

  • I think you are missing IDMProv in your URL. 

    Can you try as like below..

    Server:Port/.../version

  • Thank you for clarifying that.

    I don't get a access token now when I connect to the running UA server (and not a server where we tried to install UA but with no succeess, except osp)

    Error now:

    error.jpgpost.jpg
  • No REST access-token (see previous message for error message) but web login works.

    In catalina.out I get some errors after login:

    One is this: No external item found with id:cn=HomeMyHistory,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=User Application Driver,No external item found with id:cn=HomeMyHistory,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=User Application Driver,cn=Driver Set,o=servercn=Driver Set,o=server

    I have specified UA Driver and not User Application Driver in Configupdate.sh. Where is this "User Application Driver" coming from?

    Log is attached

    catalina.zip
  • This is from log file idapps.out when I get "unauthorized_client" , "Profile Resource Owner Credentials not supported for client "rbpm"",

    Any ideas?

    Preamble: [OSP]
    Priority Level: FINER
    Java: internal.osp.common.logging.HttpRequestLogger.log() [340] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.716 0200
    Log Data: HttpServletRequest (Number 1)
    Method: POST
    Request URL: /osp/a/idm/auth/oauth2/grant

    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.oauth2.handler.Grant.getCommand() [204] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.727 0200
    Elapsed time: 55.972 microseconds
    Log Data: Parse OAuth 2.0 response_type or grant_type:
    grant_type: password
    Maps to: Resource Owner Password Credentials Grant profile

    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.() [344] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.739 0200
    Elapsed time: 1.489 milliseconds
    Log Data: Creating new session:
    Identifier: cd1716c0c5ac11e9a0e20050569ef062-543d3039793521203c-CX

    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.cluster.ClusterCookieContext.resolveSession() [147] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.732 0200
    Elapsed time: 8.643 milliseconds
    Log Data: Session will be created because the request is not a user request and no cookie accompanied the request.

    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.oidp.service.session.NIDPSession.getSessionData() [811] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.744 0200
    Elapsed time: 2.396 milliseconds
    Log Data: Get session data based on request:
    Creating new session data; id: 0

    Preamble: [OIDP]
    Priority Level: INFO
    Java: internal.osp.oidp.service.oauth2.handler.TokenRequestHandlerBase.auditTokenCreation() [392] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.759 0200
    Log Data: IssueOAuthToken

    Preamble: [OIDP]
    Priority Level: FINER
    Java: internal.osp.framework.UIResponder$Response.setResponse() [1464] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.760 0200
    Elapsed time: 6.323 milliseconds
    Log Data: Set response:
    JSON content.

    Preamble: [OSP]
    Priority Level: FINER
    Java: internal.osp.common.logging.HttpResponseLogger.log() [138] thread=https-jsse-nio-8543-exec-3
    Time: 2019-08-23T15:49:17.771 0200
    Log Data: HttpServletResponse (Number 1)
    Duration (seconds): 0.60

     

  • Verified Answer

    Finally a solution from support:

    Can you try using the access token instead.

    https://eur03.safelinks.protection.outlook.com/?url=https://www.netiq.com/documentation/identity-governance-35/references/REST-API-Access-Token.pdf&data=02|01|roger.hansson@umea.se|4ce4a1d348ae48b35e3408d72c51b085|6666873a59e746b0b92e00af0a3633e2|1|1|637026601684584039&sdata=t3+dt3RSOPQb69orGOjETSxLc9I3pKp3eTShstPzmoE=&reserved=0