Brtdku

I am trying to use my own java application based on oauth2 as a federated authenticator in WSO2 IS. I have implemented the following things

1. created IDP which points to my java auth application with required client-id and secret key


2. created service provider which uses this IDP as federated authenticator


3. service provider also has oauth2 as inbound authenticator

However, wso2-is is not passing on my auth request to federated authenticator and is using local auth only to generate tokens. I do not wish to create my userbase on wso2 so local auth is not an option for me.

Pls find debug logs below and let me know where i am going wrong.

[2019-01-11 12:28:41,046] DEBUG - LOAD IMMEDIATE started {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Started loading 3000 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Beginning a new transaction {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Committing on org.apache.geronimo.transaction.manager.GeronimoTransactionManager@f596317... {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Transaction is successfully committed {org.wso2.carbon.humantask.core.dao.jpa.openjpa.HumanTaskDAOConnectionFactoryImpl}
[2019-01-11 12:28:41,048] DEBUG - loaded 0 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - LOAD IMMEDIATE complete {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,371] DEBUG - Created singleton instance for org.wso2.carbon.identity.auth.service.handler.HandlerManager {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler for the given handler list. {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler : DefaultAuthenticationManager(org.wso2.carbon.identity.auth.service.AuthenticationManager) {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,374] DEBUG - Executing OAuth client authenticators. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Retrieving registered OAuth client authenticator list. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Evaluating canAuthenticate of authenticator : BasicOAuthClientCredAuthenticator {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Basic auth credentials exists as Authorization header. Hence returning true. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - BasicOAuthClientCredAuthenticator authenticator can handle incoming request. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authenticator BasicOAuthClientCredAuthenticator can authenticate the client request. Hence trying to evaluate authentication {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authorization header exists. Hence validating whether body params also present {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - Authenticating client : 98XLmZC4b27FOjoq1b8qTqoOjrQa with client secret. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were fetched from the database. {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Successfully authenticated the client with client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were added to the cache for client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Authentication result from OAuth client authenticator BasicOAuthClientCredAuthenticator is : true {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,419] DEBUG - Setting OAuth client authentication context to request {org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy}
[2019-01-11 12:28:41,421] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil}
[2019-01-11 12:28:41,422] DEBUG - Access Token request received for Client ID 98XLmZC4b27FOjoq1b8qTqoOjrQa, User ID Dev, Scope : and Grant Type : password {org.wso2.carbon.identity.oauth2.OAuth2Service}
[2019-01-11 12:28:41,422] DEBUG - Triggering access token pre issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Retrieving 0 Scope validators registered for OAuth appId 1 {org.wso2.carbon.identity.oauth.dao.OAuthAppDAO}
[2019-01-11 12:28:41,423] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Loading Basic Application Data of DemoService {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - ApplicationID: 2 ApplicationName: DemoService UserName: admin TenantDomain: carbon.super {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Clients of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Steps of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Claim Mappings of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/username SPClaim: username {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/identity/askPassword SPClaim: password {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Role Mapping of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,431] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,432] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Retrieved service provider: DemoService for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa, scope: oauth2, tenant: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved tenant id: -1234 for tenant domain: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved user store manager for tenant id: -1234 {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Pre authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,434] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,434] DEBUG - Cache entry not found for Identity Provider LOCAL. Fetching entry from DB {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,435] DEBUG - Entry fetched from DB for Identity Provider LOCAL. Updating cache {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,436] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,436] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,436] DEBUG - Account disable feature is disabled for tenant :carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountDisableHandler}
[2019-01-11 12:28:41,436] DEBUG - Handling event : PRE_AUTHENTICATION {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate - AdminForcedPasswordResetHandler for user : Dev@carbon.super {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - Error while reading user store property CaseInsensitiveUsername. Considering as case sensitive. {org.wso2.carbon.identity.core.util.IdentityUtil}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate {org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler}
[2019-01-11 12:28:41,437] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,459] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Cache entry found for Identity Provider LOCAL {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,461] DEBUG - Cache Key not found for Random Password Container {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor}
[2019-01-11 12:28:41,462] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,463] DEBUG - Account lock handler is disabled in tenant: carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler}
[2019-01-11 12:28:41,463] DEBUG - Authenticating user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,475] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,484] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User, Dev does not exist in PRIMARY {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener}
[2019-01-11 12:28:41,486] DEBUG - post authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,486] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,498] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - IdentityMgtEventListener returns since user: Dev not available in current user store domain: PRIMARY {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,501] DEBUG - Authentication failure. Wrong username or password is provided. {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - user Dev authenticated: false {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,501] DEBUG - Error occurred while validating grant {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Authentication failed for Dev
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateUserCredentials(PasswordGrantHandler.java:134)
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateGrant(PasswordGrantHandler.java:70)
at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:225)
at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:225)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:293)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
[2019-01-11 12:28:41,503] DEBUG - Invalid Grant provided by the client Id: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - OAuth-Error-Code=invalid_grant client-id=98XLmZC4b27FOjoq1b8qTqoOjrQa grant-type=password scope= {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - Triggering access token post issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}

Inbound authenticator client id is : 98XLmZC4b27FOjoq1b8qTqoOjrQa

User id (from my user store) is : Dev

My Id Provider Configuration is as below

My Service Provider Configuration is as below

To use federated users for the password grant type, you need to customize PasswordGrantHandler. You need to create a new class(lets say custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler) extending this and override the validateGrant method. Then make it as an OSGi bundle and deploy in IS_HOME/repository/components/dropins. Also, change the GrantTypeHandlerImplClass of the password grant type in IS_HOME/repository/components/conf/identity/identity.xml

<SupportedGrantType>

      <GrantTypeName>password</GrantTypeName>

<GrantTypeHandlerImplClass>custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler</GrantTypeHandlerImplClass>

</SupportedGrantType>