sohelkhan Absent Member.
Absent Member.
1329 views

Error while trying OAuth Client Registration using REST API

Hi,

I am trying to simulate scenario mentioned in KB 7018895 - Howto do OAuth Client Registration using REST API (https://support.microfocus.com/kb/doc.php?id=7018895#) document, there are four basic steps in this document for step one i am able to capture the session ID in cookies file using CURL command mentioned in the document which i am using in step two to get the access token generated.

But step two which actually generates an access token fails after 302 redirect stating " error=unauthorized_client&error_description=this+grant+is+not+supported+by+authorization+server".

Application registered to use for this scenario is web based and allows Authorization code & Resource Owner Credentials grant.

Really appreciate any help or pointers to this issue

I am using Access Manager 4.4 version.
0 Likes
14 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST API

sohelkhan,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 02-11-2018 12:04 PM, sohelkhan wrote:
>
> Hi,
>
> I am trying to simulate scenario mentioned in KB 7018895 - Howto do
> OAuth Client Registration using REST API
> (https://support.microfocus.com/kb/doc.php?id=7018895#) document, there
> are four basic steps in this document for step one i am able to capture
> the session ID in cookies file using CURL command mentioned in the
> document which i am using in step two to get the access token generated.
>
>
> But step two which actually generates an access token fails after 302
> redirect stating "
> error=unauthorized_client&error_description=this+grant+is+not+supported+by+authorization+server".
>
>
> Application registered to use for this scenario is web based and allows
> Authorization code & Resource Owner Credentials grant.
>
> Really appreciate any help or pointers to this issue
>
> I am using Access Manager 4.4 version.
>
>

Not sure if this is still a problem but the article isn't entirely correct.

Instead of response_type=token use response_type=code. This should get you past your error. using response_type=token is part of the implicit grant
but it doesn't make sense for the 2nd step to get an access token.

On the full scope disable 'require consent', otherwise you still won't get an access token back but a consent page.

Then using the access token I was able to register a new client successfully



--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491070 wrote:
On 02-11-2018 12:04 PM, sohelkhan wrote:
>
> Hi,
>
> I am trying to simulate scenario mentioned in KB 7018895 - Howto do
> OAuth Client Registration using REST API
> (https://support.microfocus.com/kb/doc.php?id=7018895#) document, there
> are four basic steps in this document for step one i am able to capture
> the session ID in cookies file using CURL command mentioned in the
> document which i am using in step two to get the access token generated.
>
>
> But step two which actually generates an access token fails after 302
> redirect stating "
> error=unauthorized_client&error_description=this+grant+is+not+supported+by+authorization+server".
>
>
> Application registered to use for this scenario is web based and allows
> Authorization code & Resource Owner Credentials grant.
>
> Really appreciate any help or pointers to this issue
>
> I am using Access Manager 4.4 version.
>
>

Not sure if this is still a problem but the article isn't entirely correct.

Instead of response_type=token use response_type=code. This should get you past your error. using response_type=token is part of the implicit grant
but it doesn't make sense for the 2nd step to get an access token.

On the full scope disable 'require consent', otherwise you still won't get an access token back but a consent page.

Then using the access token I was able to register a new client successfully



--
Cheers,
Edward



Hi Edward,

Thank you for your response,

I tried using code instead of token for "response_type" parameter and it did get me past the previous error i.e. "unauthorized_client&error_description=this+grant+is+not+supported+by+authorization+server" but it did not return token code that is expected to be passed in step 3.

step 2 output returned some garbage value instead of a valid access token which i am unable to extract and pass on in step 3.

I understand you were able to register new client successfully so possible can you please let me know the exact version of your access manager ?

Thanks and Regards,
Sohel
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 20-11-2018 12:44 PM, sohelkhan wrote:

> I tried using code instead of token for "response_type" parameter and it
> did get me past the previous error i.e.
> "unauthorized_client&error_description=this+grant+is+not+supported+by+authorization+server"
> but it did not return token code that is expected to be passed in step
> 3.
>
> step 2 output returned some garbage value instead of a valid access
> token which i am unable to extract and pass on in step 3.
>
> I understand you were able to register new client successfully so
> possible can you please let me know the exact version of your access
> manager ?
>
> Thanks and Regards,
> Sohel
>
>


I'm using 4.4 Sp3. Can you show the output from step 2? Did you disable consent on the scope by any chance? That is what I had to do.

--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491196 wrote:
On 20-11-2018 12:44 PM, sohelkhan wrote:

> I tried using code instead of token for "response_type" parameter and it
> did get me past the previous error i.e.
> "unauthorized_client&error_description=this+grant+is+not+supported+by+authorization+server"
> but it did not return token code that is expected to be passed in step
> 3.
>
> step 2 output returned some garbage value instead of a valid access
> token which i am unable to extract and pass on in step 3.
>
> I understand you were able to register new client successfully so
> possible can you please let me know the exact version of your access
> manager ?
>
> Thanks and Regards,
> Sohel
>
>


I'm using 4.4 Sp3. Can you show the output from step 2? Did you disable consent on the scope by any chance? That is what I had to do.

--
Cheers,
Edward


Thank you Edward,

Yes I did disable consent on scope but still same response, I will be trying with version upgrade i.e. from my current version 4.4.1.148 to 4.4 SP2 and test again.

I will update on how it goes.

Thanks and Regards,
Sohel
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 21-11-2018 10:06 AM, sohelkhan wrote:
>


> Yes I did disable consent on scope but still same response, I will be
> trying with version upgrade i.e. from my current version 4.4.1.148 to
> 4.4 SP2 and test again.


Can you post the output you get at least?


--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491270 wrote:
On 21-11-2018 10:06 AM, sohelkhan wrote:
>


> Yes I did disable consent on scope but still same response, I will be
> trying with version upgrade i.e. from my current version 4.4.1.148 to
> 4.4 SP2 and test again.


Can you post the output you get at least?


--
Cheers,
Edward


Please find below output of step 2,

GET /nidp/oauth/nam/authz?response_type=code&redirect_uri=https://client.example.org/callback&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977&scope=urn:netiq.com:nam:scope:oauth:registration:full HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xx.xx.xxx.xx
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: Apache-Coyote/1.1
* Added cookie JSESSIONID="29FAAF7FD071A01B3AACE5349F432887" for domain 10.xx.xxx.xx, path /nidp, expire 0
< Set-Cookie: JSESSIONID=29FAAF7FD071A01B3AACE5349F432887; Path=/nidp; Secure; HttpOnly
< Cache-Control: no-cache, no-store, no-transform
< Location: https://login-idpserver.com/nidp//app/login?target=https%3A%2F%2F10.xx.xxx.xx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fclient.example.org%2Fcallback%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
< Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
< Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
< Content-Length: 0
< Date: Wed, 21 Nov 2018 22:40:38 GMT
<
* Connection #0 to host 10.xx.xxx.xx left intact

Thanks & Regards,
Sohel
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 22-11-2018 10:04 AM, sohelkhan wrote:
>
> edmaa;2491270 Wrote:
>> On 21-11-2018 10:06 AM, sohelkhan wrote:
>>>

>>
>>> Yes I did disable consent on scope but still same response, I will be
>>> trying with version upgrade i.e. from my current version 4.4.1.148 to
>>> 4.4 SP2 and test again.

>>
>> Can you post the output you get at least?
>>
>>
>> --
>> Cheers,
>> Edward

>
> Please find below output of step 2,
>
> GET
> /nidp/oauth/nam/authz?response_type=code&redirect_uri=https://client.example.org/callback&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977&scope=urn:netiq.com:nam:scope:oauth:registration:full
> HTTP/1.1
>> User-Agent: curl/7.29.0
>> Host: xx.xx.xxx.xx
>> Accept: */*
>>

> < HTTP/1.1 302 Found
> < Server: Apache-Coyote/1.1
> * Added cookie JSESSIONID="29FAAF7FD071A01B3AACE5349F432887" for domain
> 10.xx.xxx.xx, path /nidp, expire 0
> < Set-Cookie: JSESSIONID=29FAAF7FD071A01B3AACE5349F432887; Path=/nidp;
> Secure; HttpOnly
> < Cache-Control: no-cache, no-store, no-transform
> < Location:
> https://login-idpserver.com/nidp//app/login?target=https%3A%2F%2F10.xx.xxx.xx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fclient.example.org%2Fcallback%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
> < Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
> < Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type,
> Accept, Authorization
> < Content-Length: 0
> < Date: Wed, 21 Nov 2018 22:40:38 GMT
> <
> * Connection #0 to host 10.xx.xxx.xx left intact
>
> Thanks & Regards,
> Sohel
>
>


You are being redirected to a login page. I don't see any cookies in your GET request. Did you do a curl against the login url first?

--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491368 wrote:
On 22-11-2018 10:04 AM, sohelkhan wrote:
>
> edmaa;2491270 Wrote:
>> On 21-11-2018 10:06 AM, sohelkhan wrote:
>>>

>>
>>> Yes I did disable consent on scope but still same response, I will be
>>> trying with version upgrade i.e. from my current version 4.4.1.148 to
>>> 4.4 SP2 and test again.

>>
>> Can you post the output you get at least?
>>
>>
>> --
>> Cheers,
>> Edward

>
> Please find below output of step 2,
>
> GET
> /nidp/oauth/nam/authz?response_type=code&redirect_uri=https://client.example.org/callback&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977&scope=urn:netiq.com:nam:scope:oauth:registration:full
> HTTP/1.1
>> User-Agent: curl/7.29.0
>> Host: xx.xx.xxx.xx
>> Accept: */*
>>

> < HTTP/1.1 302 Found
> < Server: Apache-Coyote/1.1
> * Added cookie JSESSIONID="29FAAF7FD071A01B3AACE5349F432887" for domain
> 10.xx.xxx.xx, path /nidp, expire 0
> < Set-Cookie: JSESSIONID=29FAAF7FD071A01B3AACE5349F432887; Path=/nidp;
> Secure; HttpOnly
> < Cache-Control: no-cache, no-store, no-transform
> < Location:
> https://login-idpserver.com/nidp//app/login?target=https%3A%2F%2F10.xx.xxx.xx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fclient.example.org%2Fcallback%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
> < Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
> < Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type,
> Accept, Authorization
> < Content-Length: 0
> < Date: Wed, 21 Nov 2018 22:40:38 GMT
> <
> * Connection #0 to host 10.xx.xxx.xx left intact
>
> Thanks & Regards,
> Sohel
>
>


You are being redirected to a login page. I don't see any cookies in your GET request. Did you do a curl against the login url first?

--
Cheers,
Edward


Hi Edward,

Yes i did curl for login url first and did create a cookie with the Jsession ID in it. but in the subsequent step for some reason it is not picking the authentication information.

Thanks and Regards,
Sohel
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

sohelkhan;2491394 wrote:
Hi Edward,

Yes i did curl for login url first and did create a cookie with the Jsession ID in it. but in the subsequent step for some reason it is not picking the authentication information.

Thanks and Regards,
Sohel



Below information i was able fetch from log file that suggests user was authenticated.

<amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105013: AMDEVICEID#B74B3934F62FD6A4: AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9: Authenticated user cn=XXXXXXXX,ou=XXX,ou=XXXX,ou=XXXXX,o=XXXXXX in User Store XXXXXXX with roles "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated". </amLogEntry>

<amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105017: AMDEVICEID#B74B3934F62FD6A4: AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9: nLogin succeeded, redirecting to https://idpserver.com/nidp/app. </amLogEntry>

Thanks and Regards,
Sohel
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 23-11-2018 9:44 AM, sohelkhan wrote:
>
> sohelkhan;2491394 Wrote:
>> Hi Edward,
>>
>> Yes i did curl for login url first and did create a cookie with the
>> Jsession ID in it. but in the subsequent step for some reason it is not
>> picking the authentication information.
>>
>> Thanks and Regards,
>> Sohel

>
>
> Below information i was able fetch from log file that suggests user was
> authenticated.
>
> <amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9:
> Authenticated user cn=XXXXXXXX,ou=XXX,ou=XXXX,ou=XXXXX,o=XXXXXX in User
> Store XXXXXXX with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9:
> nLogin succeeded, redirecting to https://idpserver.com/nidp/app.
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


Weird, somehow NAM is challenging you for auth again with that redirect. Can you supply/check your catalina.out? It should show something like this on
the first oauth request:

<amLogEntry> 2018-11-23T08:02:10Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 63 * Server has received a
request on thread ajp-nio-127.0.0.1-9019-exec-10
63 > GET
https://appliance.site.com:8443/nidp/oauth/nam/authz?response_type=code&client_id=b7b7e353-4e50-4111-a8e2-884109d228e2&redirect_uri=https://client.example.org/callback&scope=urn:netiq.com:nam:scope:oauth:registration:full
63 > accept: */*
63 > cookie: JSESSIONID=DCDEE4A1551B7A25EE931A67F62D535B
63 > host: appliance.site.com:8443
63 > user-agent: curl/7.57.0
63 > Via: 1.1 appliance.site.com (Access Gateway-ag-5E2FA6689EB91570-27450)
</amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9019-exec-10

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@50ded5e6 from cache session succeeded using key
0bffdb025916cb90ecc21f7beab0d2830e232fd1830fa790c1c21270aad5c8b5. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9019-exec-10



--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491405 wrote:
On 23-11-2018 9:44 AM, sohelkhan wrote:
>
> sohelkhan;2491394 Wrote:
>> Hi Edward,
>>
>> Yes i did curl for login url first and did create a cookie with the
>> Jsession ID in it. but in the subsequent step for some reason it is not
>> picking the authentication information.
>>
>> Thanks and Regards,
>> Sohel

>
>
> Below information i was able fetch from log file that suggests user was
> authenticated.
>
> <amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9:
> Authenticated user cn=XXXXXXXX,ou=XXX,ou=XXXX,ou=XXXXX,o=XXXXXX in User
> Store XXXXXXX with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9:
> nLogin succeeded, redirecting to https://idpserver.com/nidp/app.
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


Weird, somehow NAM is challenging you for auth again with that redirect. Can you supply/check your catalina.out? It should show something like this on
the first oauth request:

<amLogEntry> 2018-11-23T08:02:10Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 63 * Server has received a
request on thread ajp-nio-127.0.0.1-9019-exec-10
63 > GET
https://appliance.site.com:8443/nidp/oauth/nam/authz?response_type=code&client_id=b7b7e353-4e50-4111-a8e2-884109d228e2&redirect_uri=https://client.example.org/callback&scope=urn:netiq.com:nam:scope:oauth:registration:full
63 > accept: */*
63 > cookie: JSESSIONID=DCDEE4A1551B7A25EE931A67F62D535B
63 > host: appliance.site.com:8443
63 > user-agent: curl/7.57.0
63 > Via: 1.1 appliance.site.com (Access Gateway-ag-5E2FA6689EB91570-27450)
</amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9019-exec-10

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@50ded5e6 from cache session succeeded using key
0bffdb025916cb90ecc21f7beab0d2830e232fd1830fa790c1c21270aad5c8b5. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9019-exec-10



--
Cheers,
Edward


Hi Edward,

Unfortunately I am not getting any logs as suggested above in my Catalina.out file, only interesting logs that I get is as below,

<amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105013: AMDEVICEID#B74B3934F62FD6A4: AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254: Authenticated user cn=xxxxxx,ou=xxxxxxxx,ou=xxxx,ou=xxxxxxxxx,o=xxxxxxxx in User Store xxxxxx with roles "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated". </amLogEntry>

<amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105017: AMDEVICEID#B74B3934F62FD6A4: AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254: nLogin succeeded, redirecting to https://idpserver/nidp/app. </amLogEntry>

<amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 291 * Server has received a request on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
291 > GET https://idpserver/nidp/oauth/nam/authz?response_type=code&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977d741&scope=urn:netiq.com:nam:scope:oauth:registration:full
291 > accept: */*
291 > host: xx.xx.xxx.xxx
291 > user-agent: curl/7.29.0
</amLogEntry>

<amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 292 * Server responded with a response on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
292 < 302
292 < Cache-Control: no-cache, no-store, no-transform
292 < Location: https://idpserver/nidp//app/login?target=https%3A%2F%2Fxx.xx.xxx.xxx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977d741%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
</amLogEntry>

Thanks and Regards,
Sohel
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 26-11-2018 1:46 PM, sohelkhan wrote:
>


> Unfortunately I am not getting any logs as suggested above in my
> Catalina.out file, only interesting logs that I get is as below,
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> Authenticated user
> cn=xxxxxx,ou=xxxxxxxx,ou=xxxx,ou=xxxxxxxxx,o=xxxxxxxx in User Store
> xxxxxx with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> nLogin succeeded, redirecting to https://idpserver/nidp/app.
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 291 * Server
> has received a request on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 291 > GET
> https://idpserver/nidp/oauth/nam/authz?response_type=code&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977d741&scope=urn:netiq.com:nam:scope:oauth:registration:full
> 291 > accept: */*
> 291 > host: xx.xx.xxx.xxx
> 291 > user-agent: curl/7.29.0
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 292 * Server
> responded with a response on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 292 < 302
> 292 < Cache-Control: no-cache, no-store, no-transform
> 292 < Location:
> https://idpserver/nidp//app/login?target=https%3A%2F%2Fxx.xx.xxx.xxx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977d741%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


It looks like you are not sending the session cookie (JSESSIONID)

--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491476 wrote:
On 26-11-2018 1:46 PM, sohelkhan wrote:
>


> Unfortunately I am not getting any logs as suggested above in my
> Catalina.out file, only interesting logs that I get is as below,
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> Authenticated user
> cn=xxxxxx,ou=xxxxxxxx,ou=xxxx,ou=xxxxxxxxx,o=xxxxxxxx in User Store
> xxxxxx with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> nLogin succeeded, redirecting to https://idpserver/nidp/app.
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 291 * Server
> has received a request on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 291 > GET
> https://idpserver/nidp/oauth/nam/authz?response_type=code&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977d741&scope=urn:netiq.com:nam:scope:oauth:registration:full
> 291 > accept: */*
> 291 > host: xx.xx.xxx.xxx
> 291 > user-agent: curl/7.29.0
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 292 * Server
> responded with a response on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 292 < 302
> 292 < Cache-Control: no-cache, no-store, no-transform
> 292 < Location:
> https://idpserver/nidp//app/login?target=https%3A%2F%2Fxx.xx.xxx.xxx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977d741%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


It looks like you are not sending the session cookie (JSESSIONID)

--
Cheers,
Edward


Thank you Edward for your help, I understand the issue was with session cookie. Now I able to register client using the same procedure.

Really appreciate your help.

Thank and Regards,
Sohel
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.