Arne Frequent Contributor.
Frequent Contributor.

Oauth2-error upon starting REST-driver

I'm in the process of setting up a REST-driver using OAuth-authentication for the first time.

It seems the driver is trying to get a token upon driver start, but it fails, seemingly becuase the token endpoint is expecting a request formatted as JSON and I suspect the driver is sending it as XML.

Here's the trace, that also shows the subscriber config. Trace level is 10, but I don't see the request or response sent to/received from the token endpoint:

<nds dtdversion="4.0" ndsversion="8.x">
<product edition="Advanced" version="">DirXML</product>
<contact>NetIQ Corporation</contact>
<init-params src-dn="\HRG\system\driverset1\MySite">
<allow-class class-name="User">
<allow-attr attr-name="userName"/>
<allow-attr attr-name="name.formatted"/>
<allow-attr attr-name="active"/>
<allow-attr attr-name="name.givenName"/>
<allow-attr attr-name="emails"/>
<allow-attr attr-name="addresses"/>
<allow-attr attr-name="phoneNumbers"/>
<allow-attr attr-name="name.familyName"/>
<allow-attr attr-name="title"/>
<subAuthMethod display-name="Authentication Method">OAuth</subAuthMethod>
<subAuthBasicID display-name="Authentication ID"></subAuthBasicID>
<subAuthBasicPwd display-name="Authentication Password" is-sensitive="true" type="password-ref"/>
<bearerToken display-name="Bearer Token">hide</bearerToken>
<bearerTokenID display-name="Bearer Token ID"></bearerTokenID>
<subOAuthURL display-name="Access Token URL">https://mysite.com/configapi/v2/oauth/token</subOAuthURL>
<subOAuthID display-name="User Name"></subOAuthID>
<subOAuthPwd display-name="User Password" is-sensitive="true" type="password-ref"/>
<query-name display-name="Query Name">grant_type</query-name>
<query-value display-name="Query Value">client_credentials</query-value>
<query-name display-name="Query Name">client_id</query-name>
<query-value display-name="Query Value">admin</query-value>
<query-name display-name="Query Name">client_secret</query-name>
<query-value display-name="Query Value">*****************************************</query-value>
<query-name display-name="Query Name">scope</query-name>
<query-value display-name="Query Value">mysite.com</query-value>
<header-name display-name="Header Name">content-type</header-name>
<header-value display-name="Header Value">application/xml</header-value>
<subTrustStoreFile display-name="Truststore file">E:\NetIQ\IdentityManager\RESTDriversKeystore.jks</subTrustStoreFile>
<mutualFields display-name="Set mutual authentication parameters">hide</mutualFields>
<subKeystoreFile display-name="Keystore file"></subKeystoreFile>
<subKeystorePassword display-name="Keystore password" is-sensitive="true" type="password-ref"/>
<connTimeOut display-name="Http Connection Timeout">1</connTimeOut>
<proxy display-name="Proxy host and port"></proxy>
<proxyFields display-name="Set proxy authentication parameters">hide</proxyFields>
<proxyUserName display-name="User name"></proxyUserName>
<proxyPassword display-name="Password" is-sensitive="true" type="password-ref"/>
<subHttpErrorsToRetry display-name="HTTP errors to retry">307 408 503 504</subHttpErrorsToRetry>
<subHttpRESTBASEURL display-name="Base URL for REST Resources">https://mysite.com/configapi/v2/scim/</subHttpRESTBASEURL>
<resrc-schemaName display-name="Schema name">User</resrc-schemaName>
<resrc-operationMode display-name="Configure Handlers">CUSTOM</resrc-operationMode>
<resrc-handlerConf display-name="Rest Handler Details">users/#0#1# users/&lt;association>&lt;filter>#2#0# users/&lt;association>/#1#3# users/&lt;association>#3#1#</resrc-handlerConf>
[10/07/19 15:13:39.220]:BP ST:MySite: RESTSubscriptionShim.init()
[10/07/19 15:13:39.220]:BP ST:MySite: Connecting to REST service via OAuth2
[10/07/19 15:13:39.957]:BP ST:SubscriptionShim.init() returned:
[10/07/19 15:13:39.957]:BP ST:
<nds dtdversion="3.5" ndsversion="8.x">
<product build="20180222_0635" instance="MySite" version="">Identity Manager REST Driver</product>
<contact>NetIQ Corporation.</contact>
<status level="fatal" type="app-authentication">org.codehaus.jettison.json.JSONException: A JSONObject text must begin with '{' at character 1 of &lt;html>&lt;head>&lt;meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>&lt;title>Error 415 Unsupported Media Type&lt;/title>&lt;/head>&lt;body>&lt;h2>HTTP ERROR 415&lt;/h2>&lt;p>Problem accessing /configapi/v2/oauth/token. Reason:&lt;pre> Unsupported Media Type&lt;/pre>&lt;/p>&lt;hr>&lt;a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.12.v20180830&lt;/a>&lt;hr/>&lt;/body>&lt;/html></status>

Labels (1)
3 Replies
Arne Frequent Contributor.
Frequent Contributor.

Re: Oauth2-error upon starting REST-driver

To clarify, this is the error message from the token service:

<status level="fatal" type="app-authentication">org.codehaus.jettison.json.JSONException: A JSONObject text must begin with '{' at character 1 of <html>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 415 Unsupported Media Type</title>
<h2>HTTP ERROR 415</h2>
<p>Problem accessing /configapi/v2/oauth/token. Reason:<pre> Unsupported Media Type</pre>
<a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.12.v20180830</a>

Is there some way to make sure that the request-body for the token call is formatted as json? And is there some way to get debug info for these parts of the driver communications?


pdeneu Super Contributor.
Super Contributor.

Re: Oauth2-error upon starting REST-driver

Hey Arne,

you can define the Headers in the subscriber channel options in driver configuration.

Set Header to "Content-Type" with value "application/json"



Arne Frequent Contributor.
Frequent Contributor.

Re: Oauth2-error upon starting REST-driver

Hi Philipp

I've tried setting that, but it seems more to be a statement about what is in token request rather than actually affect what is being sent. I.e. the request now says that the payload is json, but it's still being sent as XML (seemingly).

Still wondering, though, how I can "up" the debug written to the trace log for this part of the driver operation. Even at trace level 10, there is nothing logged between the reading of config variables and the driver saying a fatal error has occurred 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.