Topic
8 replies Latest Post - ‏2014-04-23T19:00:40Z by tallurisri
Datapowerforum
Datapowerforum
39 Posts
ACCEPTED ANSWER

Pinned topic OAuth related Error while trying to generate Token during Authorization

‏2014-04-10T09:48:19Z |

Hi ,

I am using the following link to implement Oauth,

http://www.ibm.com/developerworks/websphere/library/techarticles/1208_yeh/1208_yeh.html#_Step_1:_Client

I have used same configurations to implement "getAccessToken" part but getting an error at authorization.

Please find the below details,

Curl script using to invoke service is below:

curl -v -k --insecure http://XXXXXXXX:XXXX/token -d "grant_type=client_credentials&scope=getAccount" -H "Authorization: Basic QWxpY2U6cGFzc3cwcmQ="
 

Error:

* About to connect() to XXXXXXX port XXXX
*   Trying  XXXXXXX... connected
* Connected to  XXXXXXX ( XXXXXXX) port XXXX

> POST /token HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: XXXXXXX:XXXX
> Accept: */*
> Authorization: Basic QWxpY2U6cGFzc3cwcmQ=
> Content-Length: 46
> Content-Type: application/x-www-form-urlencoded
>
> grant_type=client_credentials&scope=getAccountHTTP/1.1 400 Processed
< X-Backside-Transport: FAIL FAIL
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< Content-Type: application/json; charset=UTF-8
< Cache-Control: no-store
< Pragma: no-cache
* Connection #0 to host 1XXXXXXX left intact
* Closing connection #0
{ "error":"unauthorized_client", "error_description":"not authorized for the resources" }$

  • shiufun
    shiufun
    52 Posts
    ACCEPTED ANSWER

    Re: OAuth related Error while trying to generate Token during Authorization

    ‏2014-04-15T20:25:31Z  in response to Datapowerforum

    This seems like a configuration issue..  What is the AAA setting that you have ? And what version of firmware ?

    • Datapowerforum
      Datapowerforum
      39 Posts
      ACCEPTED ANSWER

      Re: OAuth related Error while trying to generate Token during Authorization

      ‏2014-04-16T09:22:07Z  in response to shiufun

      Hi shiufun,

                 There was some namespace error in AAA which got sorted out now. But now i stuck  up with another issue.

               Need some idea for getting OAuth code, which can be used to get Access token.

             So here my concern is how to implement in MPG to get Oauth code. We are using Curl script to pass request .

        Kindly provide me some input, how to proceed to generate OAuth token and i need the curl script . we are using XI52 5.0

       

       

       

      • tallurisri
        tallurisri
        86 Posts
        ACCEPTED ANSWER

        Re: OAuth related Error while trying to generate Token during Authorization

        ‏2014-04-17T01:43:30Z  in response to Datapowerforum

        Hi Experts, 

        I am trying to configure OAuth using DataPower as an enforcement point for resource server.

        We are using Ping Federate as a OAuth authorization server, we are thinking to do access token verification using DataPower as enforcement point.

        I am following part#7 article:

        Using OAuth on IBM WebSphere DataPower Appliances, Part 7: Using DataPower with Tivoli Federated Identity Manager to support OAuth 2.0

        But this article only allowing me to configure FIM endpoint using Tivoli Federated Identity Manager as OAuth authorization server.

        Can you please help me to configure Ping server as OAuth authorization server. 

        Thanks,

        Sri.

         

         

        • shiufun
          shiufun
          52 Posts
          ACCEPTED ANSWER

          Re: OAuth related Error while trying to generate Token during Authorization

          ‏2014-04-17T04:01:47Z  in response to tallurisri

          Sri,

          The best way is to use the customized oauth client support, provide the support for the operation, verify-access-token, with call to ping federation with url-open call.

          Kind Regards.

           

          • tallurisri
            tallurisri
            86 Posts
            ACCEPTED ANSWER

            Re: OAuth related Error while trying to generate Token during Authorization

            ‏2014-04-17T18:12:40Z  in response to shiufun

            Hi Shiufun,

            Thanks for your quick response, Can you please explain me what are the steps i need to do in AAA policy configuration to verify access-token with Ping server. 

             

            Thanks,

            Sri. 

             

          • tallurisri
            tallurisri
            86 Posts
            ACCEPTED ANSWER

            Re: OAuth related Error while trying to generate Token during Authorization

            ‏2014-04-17T18:14:01Z  in response to shiufun

            Hi Shiufun,

            Thanks for your quick response, Can you please explain me what are the steps i need to do in AAA policy configuration to verify access-token with Ping server. 

             

            Thanks,

            Sri. 

             

      • shiufun
        shiufun
        52 Posts
        ACCEPTED ANSWER

        Re: OAuth related Error while trying to generate Token during Authorization

        ‏2014-04-17T03:58:42Z  in response to Datapowerforum

        Please advise on the version of the firmware that you are using.. for the authorization code grant type, there is an authorization/consent form in the OAuth's dance.  If you are using 6.0.0 and later, you can use preapproval support to by-pass that. In addition to that, the resource owner has to be able to authenticate successfully (and potentially authotized to the resource in the first place).

        So in you configuration for the AAA for authorization code grant type, if you use 'basic authentication' for resource owner.. you can do sometihng like this..  (with alice being your resource owner)

        curl -k -v https://dp:port/authz --data "client_id=xxx&client_secret=xxx&redirect_uri=https//youclient.com/redirect&scope=yourscope&response_type=code"  --user alice:password"

        • tallurisri
          tallurisri
          86 Posts
          ACCEPTED ANSWER

          Re: OAuth related Error while trying to generate Token during Authorization

          ‏2014-04-23T19:00:40Z  in response to shiufun

          Hi Shiufun,

          I am trying to implement OAuth on DataPower XI52 6.0.0.2. 

          I created WTS service to use DataPower as authorization server, implemented oauth clients to accept grant type as client_credential.

          I configured AAA policy to handle authorization using local aaainfo.xml file. 

          It seems service is working fine and am able to get access tokens, but no authentication or authorization was not happening in AAA. I am getting access tokens also in authentication/authorization failure scenario.

          I followed this link http://www.ibm.com/developerworks/websphere/library/techarticles/1208_yeh/1208_yeh.html to configure OAuth.

          Please share your suggestions to fix(authorization check should work) this issue.

          Thank You.

          Sri. 

           

           

          Updated on 2014-04-25T13:28:01Z at 2014-04-25T13:28:01Z by tallurisri