WSO2 Identity server not able to consume custom federated authenticator
I am trying to use my own java application based on oauth2 as a federated authenticator in WSO2 IS. I have implemented the following things
- created IDP which points to my java auth application with required client-id and secret key
- created service provider which uses this IDP as federated authenticator
- service provider also has oauth2 as inbound authenticator
However, wso2-is is not passing on my auth request to federated authenticator and is using local auth only to generate tokens. I do not wish to create my userbase on wso2 so local auth is not an option for me.
Pls find debug logs below and let me know where i am going wrong.
[2019-01-11 12:28:41,046] DEBUG - LOAD IMMEDIATE started {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Started loading 3000 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Beginning a new transaction {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Committing on org.apache.geronimo.transaction.manager.GeronimoTransactionManager@f596317... {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Transaction is successfully committed {org.wso2.carbon.humantask.core.dao.jpa.openjpa.HumanTaskDAOConnectionFactoryImpl}
[2019-01-11 12:28:41,048] DEBUG - loaded 0 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - LOAD IMMEDIATE complete {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,371] DEBUG - Created singleton instance for org.wso2.carbon.identity.auth.service.handler.HandlerManager {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler for the given handler list. {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler : DefaultAuthenticationManager(org.wso2.carbon.identity.auth.service.AuthenticationManager) {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,374] DEBUG - Executing OAuth client authenticators. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Retrieving registered OAuth client authenticator list. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Evaluating canAuthenticate of authenticator : BasicOAuthClientCredAuthenticator {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Basic auth credentials exists as Authorization header. Hence returning true. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - BasicOAuthClientCredAuthenticator authenticator can handle incoming request. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authenticator BasicOAuthClientCredAuthenticator can authenticate the client request. Hence trying to evaluate authentication {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authorization header exists. Hence validating whether body params also present {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - Authenticating client : 98XLmZC4b27FOjoq1b8qTqoOjrQa with client secret. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were fetched from the database. {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Successfully authenticated the client with client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were added to the cache for client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Authentication result from OAuth client authenticator BasicOAuthClientCredAuthenticator is : true {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,419] DEBUG - Setting OAuth client authentication context to request {org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy}
[2019-01-11 12:28:41,421] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil}
[2019-01-11 12:28:41,422] DEBUG - Access Token request received for Client ID 98XLmZC4b27FOjoq1b8qTqoOjrQa, User ID Dev, Scope : and Grant Type : password {org.wso2.carbon.identity.oauth2.OAuth2Service}
[2019-01-11 12:28:41,422] DEBUG - Triggering access token pre issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Retrieving 0 Scope validators registered for OAuth appId 1 {org.wso2.carbon.identity.oauth.dao.OAuthAppDAO}
[2019-01-11 12:28:41,423] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Loading Basic Application Data of DemoService {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - ApplicationID: 2 ApplicationName: DemoService UserName: admin TenantDomain: carbon.super {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Clients of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Steps of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Claim Mappings of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/username SPClaim: username {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/identity/askPassword SPClaim: password {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Role Mapping of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,431] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,432] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Retrieved service provider: DemoService for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa, scope: oauth2, tenant: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved tenant id: -1234 for tenant domain: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved user store manager for tenant id: -1234 {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Pre authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,434] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,434] DEBUG - Cache entry not found for Identity Provider LOCAL. Fetching entry from DB {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,435] DEBUG - Entry fetched from DB for Identity Provider LOCAL. Updating cache {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,436] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,436] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,436] DEBUG - Account disable feature is disabled for tenant :carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountDisableHandler}
[2019-01-11 12:28:41,436] DEBUG - Handling event : PRE_AUTHENTICATION {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate - AdminForcedPasswordResetHandler for user : Dev@carbon.super {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - Error while reading user store property CaseInsensitiveUsername. Considering as case sensitive. {org.wso2.carbon.identity.core.util.IdentityUtil}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate {org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler}
[2019-01-11 12:28:41,437] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,459] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Cache entry found for Identity Provider LOCAL {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,461] DEBUG - Cache Key not found for Random Password Container {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor}
[2019-01-11 12:28:41,462] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,463] DEBUG - Account lock handler is disabled in tenant: carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler}
[2019-01-11 12:28:41,463] DEBUG - Authenticating user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,475] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,484] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User, Dev does not exist in PRIMARY {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener}
[2019-01-11 12:28:41,486] DEBUG - post authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,486] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,498] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - IdentityMgtEventListener returns since user: Dev not available in current user store domain: PRIMARY {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,501] DEBUG - Authentication failure. Wrong username or password is provided. {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - user Dev authenticated: false {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,501] DEBUG - Error occurred while validating grant {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Authentication failed for Dev
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateUserCredentials(PasswordGrantHandler.java:134)
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateGrant(PasswordGrantHandler.java:70)
at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:225)
at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:225)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:293)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
[2019-01-11 12:28:41,503] DEBUG - Invalid Grant provided by the client Id: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - OAuth-Error-Code=invalid_grant client-id=98XLmZC4b27FOjoq1b8qTqoOjrQa grant-type=password scope= {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - Triggering access token post issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
Inbound authenticator client id is : 98XLmZC4b27FOjoq1b8qTqoOjrQa
User id (from my user store) is : Dev
My Id Provider Configuration is as below
My Service Provider Configuration is as below
java wso2is
add a comment |
I am trying to use my own java application based on oauth2 as a federated authenticator in WSO2 IS. I have implemented the following things
- created IDP which points to my java auth application with required client-id and secret key
- created service provider which uses this IDP as federated authenticator
- service provider also has oauth2 as inbound authenticator
However, wso2-is is not passing on my auth request to federated authenticator and is using local auth only to generate tokens. I do not wish to create my userbase on wso2 so local auth is not an option for me.
Pls find debug logs below and let me know where i am going wrong.
[2019-01-11 12:28:41,046] DEBUG - LOAD IMMEDIATE started {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Started loading 3000 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Beginning a new transaction {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Committing on org.apache.geronimo.transaction.manager.GeronimoTransactionManager@f596317... {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Transaction is successfully committed {org.wso2.carbon.humantask.core.dao.jpa.openjpa.HumanTaskDAOConnectionFactoryImpl}
[2019-01-11 12:28:41,048] DEBUG - loaded 0 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - LOAD IMMEDIATE complete {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,371] DEBUG - Created singleton instance for org.wso2.carbon.identity.auth.service.handler.HandlerManager {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler for the given handler list. {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler : DefaultAuthenticationManager(org.wso2.carbon.identity.auth.service.AuthenticationManager) {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,374] DEBUG - Executing OAuth client authenticators. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Retrieving registered OAuth client authenticator list. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Evaluating canAuthenticate of authenticator : BasicOAuthClientCredAuthenticator {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Basic auth credentials exists as Authorization header. Hence returning true. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - BasicOAuthClientCredAuthenticator authenticator can handle incoming request. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authenticator BasicOAuthClientCredAuthenticator can authenticate the client request. Hence trying to evaluate authentication {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authorization header exists. Hence validating whether body params also present {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - Authenticating client : 98XLmZC4b27FOjoq1b8qTqoOjrQa with client secret. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were fetched from the database. {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Successfully authenticated the client with client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were added to the cache for client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Authentication result from OAuth client authenticator BasicOAuthClientCredAuthenticator is : true {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,419] DEBUG - Setting OAuth client authentication context to request {org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy}
[2019-01-11 12:28:41,421] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil}
[2019-01-11 12:28:41,422] DEBUG - Access Token request received for Client ID 98XLmZC4b27FOjoq1b8qTqoOjrQa, User ID Dev, Scope : and Grant Type : password {org.wso2.carbon.identity.oauth2.OAuth2Service}
[2019-01-11 12:28:41,422] DEBUG - Triggering access token pre issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Retrieving 0 Scope validators registered for OAuth appId 1 {org.wso2.carbon.identity.oauth.dao.OAuthAppDAO}
[2019-01-11 12:28:41,423] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Loading Basic Application Data of DemoService {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - ApplicationID: 2 ApplicationName: DemoService UserName: admin TenantDomain: carbon.super {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Clients of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Steps of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Claim Mappings of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/username SPClaim: username {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/identity/askPassword SPClaim: password {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Role Mapping of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,431] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,432] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Retrieved service provider: DemoService for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa, scope: oauth2, tenant: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved tenant id: -1234 for tenant domain: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved user store manager for tenant id: -1234 {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Pre authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,434] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,434] DEBUG - Cache entry not found for Identity Provider LOCAL. Fetching entry from DB {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,435] DEBUG - Entry fetched from DB for Identity Provider LOCAL. Updating cache {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,436] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,436] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,436] DEBUG - Account disable feature is disabled for tenant :carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountDisableHandler}
[2019-01-11 12:28:41,436] DEBUG - Handling event : PRE_AUTHENTICATION {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate - AdminForcedPasswordResetHandler for user : Dev@carbon.super {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - Error while reading user store property CaseInsensitiveUsername. Considering as case sensitive. {org.wso2.carbon.identity.core.util.IdentityUtil}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate {org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler}
[2019-01-11 12:28:41,437] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,459] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Cache entry found for Identity Provider LOCAL {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,461] DEBUG - Cache Key not found for Random Password Container {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor}
[2019-01-11 12:28:41,462] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,463] DEBUG - Account lock handler is disabled in tenant: carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler}
[2019-01-11 12:28:41,463] DEBUG - Authenticating user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,475] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,484] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User, Dev does not exist in PRIMARY {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener}
[2019-01-11 12:28:41,486] DEBUG - post authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,486] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,498] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - IdentityMgtEventListener returns since user: Dev not available in current user store domain: PRIMARY {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,501] DEBUG - Authentication failure. Wrong username or password is provided. {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - user Dev authenticated: false {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,501] DEBUG - Error occurred while validating grant {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Authentication failed for Dev
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateUserCredentials(PasswordGrantHandler.java:134)
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateGrant(PasswordGrantHandler.java:70)
at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:225)
at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:225)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:293)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
[2019-01-11 12:28:41,503] DEBUG - Invalid Grant provided by the client Id: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - OAuth-Error-Code=invalid_grant client-id=98XLmZC4b27FOjoq1b8qTqoOjrQa grant-type=password scope= {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - Triggering access token post issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
Inbound authenticator client id is : 98XLmZC4b27FOjoq1b8qTqoOjrQa
User id (from my user store) is : Dev
My Id Provider Configuration is as below
My Service Provider Configuration is as below
java wso2is
Are you using password grant to create the access token?
– senthalan
Jan 15 at 9:05
@senthalan yes i'm trying to use password grant type to generate access token. Password validator and token generator will be my external java application which i want to connect to wso2 as a federated authenticator
– Pranav
Jan 20 at 4:20
add a comment |
I am trying to use my own java application based on oauth2 as a federated authenticator in WSO2 IS. I have implemented the following things
- created IDP which points to my java auth application with required client-id and secret key
- created service provider which uses this IDP as federated authenticator
- service provider also has oauth2 as inbound authenticator
However, wso2-is is not passing on my auth request to federated authenticator and is using local auth only to generate tokens. I do not wish to create my userbase on wso2 so local auth is not an option for me.
Pls find debug logs below and let me know where i am going wrong.
[2019-01-11 12:28:41,046] DEBUG - LOAD IMMEDIATE started {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Started loading 3000 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Beginning a new transaction {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Committing on org.apache.geronimo.transaction.manager.GeronimoTransactionManager@f596317... {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Transaction is successfully committed {org.wso2.carbon.humantask.core.dao.jpa.openjpa.HumanTaskDAOConnectionFactoryImpl}
[2019-01-11 12:28:41,048] DEBUG - loaded 0 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - LOAD IMMEDIATE complete {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,371] DEBUG - Created singleton instance for org.wso2.carbon.identity.auth.service.handler.HandlerManager {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler for the given handler list. {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler : DefaultAuthenticationManager(org.wso2.carbon.identity.auth.service.AuthenticationManager) {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,374] DEBUG - Executing OAuth client authenticators. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Retrieving registered OAuth client authenticator list. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Evaluating canAuthenticate of authenticator : BasicOAuthClientCredAuthenticator {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Basic auth credentials exists as Authorization header. Hence returning true. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - BasicOAuthClientCredAuthenticator authenticator can handle incoming request. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authenticator BasicOAuthClientCredAuthenticator can authenticate the client request. Hence trying to evaluate authentication {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authorization header exists. Hence validating whether body params also present {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - Authenticating client : 98XLmZC4b27FOjoq1b8qTqoOjrQa with client secret. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were fetched from the database. {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Successfully authenticated the client with client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were added to the cache for client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Authentication result from OAuth client authenticator BasicOAuthClientCredAuthenticator is : true {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,419] DEBUG - Setting OAuth client authentication context to request {org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy}
[2019-01-11 12:28:41,421] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil}
[2019-01-11 12:28:41,422] DEBUG - Access Token request received for Client ID 98XLmZC4b27FOjoq1b8qTqoOjrQa, User ID Dev, Scope : and Grant Type : password {org.wso2.carbon.identity.oauth2.OAuth2Service}
[2019-01-11 12:28:41,422] DEBUG - Triggering access token pre issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Retrieving 0 Scope validators registered for OAuth appId 1 {org.wso2.carbon.identity.oauth.dao.OAuthAppDAO}
[2019-01-11 12:28:41,423] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Loading Basic Application Data of DemoService {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - ApplicationID: 2 ApplicationName: DemoService UserName: admin TenantDomain: carbon.super {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Clients of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Steps of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Claim Mappings of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/username SPClaim: username {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/identity/askPassword SPClaim: password {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Role Mapping of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,431] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,432] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Retrieved service provider: DemoService for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa, scope: oauth2, tenant: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved tenant id: -1234 for tenant domain: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved user store manager for tenant id: -1234 {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Pre authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,434] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,434] DEBUG - Cache entry not found for Identity Provider LOCAL. Fetching entry from DB {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,435] DEBUG - Entry fetched from DB for Identity Provider LOCAL. Updating cache {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,436] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,436] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,436] DEBUG - Account disable feature is disabled for tenant :carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountDisableHandler}
[2019-01-11 12:28:41,436] DEBUG - Handling event : PRE_AUTHENTICATION {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate - AdminForcedPasswordResetHandler for user : Dev@carbon.super {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - Error while reading user store property CaseInsensitiveUsername. Considering as case sensitive. {org.wso2.carbon.identity.core.util.IdentityUtil}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate {org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler}
[2019-01-11 12:28:41,437] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,459] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Cache entry found for Identity Provider LOCAL {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,461] DEBUG - Cache Key not found for Random Password Container {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor}
[2019-01-11 12:28:41,462] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,463] DEBUG - Account lock handler is disabled in tenant: carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler}
[2019-01-11 12:28:41,463] DEBUG - Authenticating user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,475] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,484] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User, Dev does not exist in PRIMARY {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener}
[2019-01-11 12:28:41,486] DEBUG - post authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,486] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,498] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - IdentityMgtEventListener returns since user: Dev not available in current user store domain: PRIMARY {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,501] DEBUG - Authentication failure. Wrong username or password is provided. {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - user Dev authenticated: false {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,501] DEBUG - Error occurred while validating grant {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Authentication failed for Dev
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateUserCredentials(PasswordGrantHandler.java:134)
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateGrant(PasswordGrantHandler.java:70)
at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:225)
at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:225)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:293)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
[2019-01-11 12:28:41,503] DEBUG - Invalid Grant provided by the client Id: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - OAuth-Error-Code=invalid_grant client-id=98XLmZC4b27FOjoq1b8qTqoOjrQa grant-type=password scope= {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - Triggering access token post issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
Inbound authenticator client id is : 98XLmZC4b27FOjoq1b8qTqoOjrQa
User id (from my user store) is : Dev
My Id Provider Configuration is as below
My Service Provider Configuration is as below
java wso2is
I am trying to use my own java application based on oauth2 as a federated authenticator in WSO2 IS. I have implemented the following things
- created IDP which points to my java auth application with required client-id and secret key
- created service provider which uses this IDP as federated authenticator
- service provider also has oauth2 as inbound authenticator
However, wso2-is is not passing on my auth request to federated authenticator and is using local auth only to generate tokens. I do not wish to create my userbase on wso2 so local auth is not an option for me.
Pls find debug logs below and let me know where i am going wrong.
[2019-01-11 12:28:41,046] DEBUG - LOAD IMMEDIATE started {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Started loading 3000 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,046] DEBUG - Beginning a new transaction {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Committing on org.apache.geronimo.transaction.manager.GeronimoTransactionManager@f596317... {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - Transaction is successfully committed {org.wso2.carbon.humantask.core.dao.jpa.openjpa.HumanTaskDAOConnectionFactoryImpl}
[2019-01-11 12:28:41,048] DEBUG - loaded 0 jobs from db {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,048] DEBUG - LOAD IMMEDIATE complete {org.wso2.carbon.humantask.core.scheduler.SimpleScheduler}
[2019-01-11 12:28:41,371] DEBUG - Created singleton instance for org.wso2.carbon.identity.auth.service.handler.HandlerManager {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler for the given handler list. {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,371] DEBUG - Get first priority handler : DefaultAuthenticationManager(org.wso2.carbon.identity.auth.service.AuthenticationManager) {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2019-01-11 12:28:41,374] DEBUG - Executing OAuth client authenticators. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Retrieving registered OAuth client authenticator list. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,374] DEBUG - Evaluating canAuthenticate of authenticator : BasicOAuthClientCredAuthenticator {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Basic auth credentials exists as Authorization header. Hence returning true. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - BasicOAuthClientCredAuthenticator authenticator can handle incoming request. {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authenticator BasicOAuthClientCredAuthenticator can authenticate the client request. Hence trying to evaluate authentication {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,375] DEBUG - Authorization header exists. Hence validating whether body params also present {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,375] DEBUG - Authenticating client : 98XLmZC4b27FOjoq1b8qTqoOjrQa with client secret. {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were fetched from the database. {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Successfully authenticated the client with client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Client credentials were added to the cache for client id : 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.util.OAuth2Util}
[2019-01-11 12:28:41,419] DEBUG - Authentication result from OAuth client authenticator BasicOAuthClientCredAuthenticator is : true {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService}
[2019-01-11 12:28:41,419] DEBUG - Setting OAuth client authentication context to request {org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy}
[2019-01-11 12:28:41,421] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil}
[2019-01-11 12:28:41,422] DEBUG - Access Token request received for Client ID 98XLmZC4b27FOjoq1b8qTqoOjrQa, User ID Dev, Scope : and Grant Type : password {org.wso2.carbon.identity.oauth2.OAuth2Service}
[2019-01-11 12:28:41,422] DEBUG - Triggering access token pre issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Retrieving 0 Scope validators registered for OAuth appId 1 {org.wso2.carbon.identity.oauth.dao.OAuthAppDAO}
[2019-01-11 12:28:41,423] DEBUG - Oauth App validation success for consumer key: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,423] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,424] DEBUG - Loading Basic Application Data of DemoService {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - ApplicationID: 2 ApplicationName: DemoService UserName: admin TenantDomain: carbon.super {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Clients of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,424] DEBUG - Reading Steps of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Claim Mappings of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/username SPClaim: username {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Local Claim: http://wso2.org/claims/identity/askPassword SPClaim: password {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,425] DEBUG - Reading Role Mapping of Application 2 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2019-01-11 12:28:41,431] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,432] DEBUG - Is listener enabled from configs: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Is consent enabled system wide: true {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Listener is enabled and consent is enabled system wide. Hence returning true for isEnabled {org.wso2.carbon.identity.consent.mgt.listener.ConsentDeletionAppMgtListener}
[2019-01-11 12:28:41,433] DEBUG - Retrieved service provider: DemoService for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa, scope: oauth2, tenant: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved tenant id: -1234 for tenant domain: carbon.super {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Retrieved user store manager for tenant id: -1234 {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,433] DEBUG - Pre authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,434] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,434] DEBUG - Cache entry not found for Identity Provider LOCAL. Fetching entry from DB {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,435] DEBUG - Entry fetched from DB for Identity Provider LOCAL. Updating cache {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,436] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,436] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,436] DEBUG - Account disable feature is disabled for tenant :carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountDisableHandler}
[2019-01-11 12:28:41,436] DEBUG - Handling event : PRE_AUTHENTICATION {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate - AdminForcedPasswordResetHandler for user : Dev@carbon.super {org.wso2.carbon.identity.recovery.handler.AdminForcedPasswordResetHandler}
[2019-01-11 12:28:41,436] DEBUG - Error while reading user store property CaseInsensitiveUsername. Considering as case sensitive. {org.wso2.carbon.identity.core.util.IdentityUtil}
[2019-01-11 12:28:41,436] DEBUG - PreAuthenticate {org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler}
[2019-01-11 12:28:41,437] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,437] DEBUG - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2019-01-11 12:28:41,437] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,459] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,461] DEBUG - Cache entry found for Identity Provider LOCAL {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO}
[2019-01-11 12:28:41,461] DEBUG - Cache Key not found for Random Password Container {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor}
[2019-01-11 12:28:41,462] DEBUG - Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2019-01-11 12:28:41,463] DEBUG - Account lock handler is disabled in tenant: carbon.super {org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler}
[2019-01-11 12:28:41,463] DEBUG - Authenticating user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,463] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,475] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,478] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,484] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - User, Dev does not exist in PRIMARY {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener}
[2019-01-11 12:28:41,486] DEBUG - post authenticator is called in IdentityMgtEventListener {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,486] DEBUG - Searching for user Dev {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,486] DEBUG - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,498] DEBUG - Searching for user with SearchFilter: (&(objectClass=person)(uid=Dev)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - Name in space for Dev is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - User: Dev exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - IdentityMgtEventListener returns since user: Dev not available in current user store domain: PRIMARY {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener}
[2019-01-11 12:28:41,501] DEBUG - Authentication failure. Wrong username or password is provided. {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
[2019-01-11 12:28:41,501] DEBUG - user Dev authenticated: false {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler}
[2019-01-11 12:28:41,501] DEBUG - Error occurred while validating grant {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Authentication failed for Dev
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateUserCredentials(PasswordGrantHandler.java:134)
at org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler.validateGrant(PasswordGrantHandler.java:70)
at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:225)
at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:225)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:293)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
[2019-01-11 12:28:41,503] DEBUG - Invalid Grant provided by the client Id: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - OAuth-Error-Code=invalid_grant client-id=98XLmZC4b27FOjoq1b8qTqoOjrQa grant-type=password scope= {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
[2019-01-11 12:28:41,503] DEBUG - Triggering access token post issuer listeners for client: 98XLmZC4b27FOjoq1b8qTqoOjrQa {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer}
Inbound authenticator client id is : 98XLmZC4b27FOjoq1b8qTqoOjrQa
User id (from my user store) is : Dev
My Id Provider Configuration is as below
My Service Provider Configuration is as below
java wso2is
java wso2is
edited Jan 11 at 12:51
Pranav
asked Jan 11 at 12:46
PranavPranav
126
126
Are you using password grant to create the access token?
– senthalan
Jan 15 at 9:05
@senthalan yes i'm trying to use password grant type to generate access token. Password validator and token generator will be my external java application which i want to connect to wso2 as a federated authenticator
– Pranav
Jan 20 at 4:20
add a comment |
Are you using password grant to create the access token?
– senthalan
Jan 15 at 9:05
@senthalan yes i'm trying to use password grant type to generate access token. Password validator and token generator will be my external java application which i want to connect to wso2 as a federated authenticator
– Pranav
Jan 20 at 4:20
Are you using password grant to create the access token?
– senthalan
Jan 15 at 9:05
Are you using password grant to create the access token?
– senthalan
Jan 15 at 9:05
@senthalan yes i'm trying to use password grant type to generate access token. Password validator and token generator will be my external java application which i want to connect to wso2 as a federated authenticator
– Pranav
Jan 20 at 4:20
@senthalan yes i'm trying to use password grant type to generate access token. Password validator and token generator will be my external java application which i want to connect to wso2 as a federated authenticator
– Pranav
Jan 20 at 4:20
add a comment |
1 Answer
1
active
oldest
votes
To use federated users for the password grant type, you need to customize PasswordGrantHandler. You need to create a new class(lets say custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler
) extending this and override the validateGrant method. Then make it as an OSGi bundle and deploy in IS_HOME/repository/components/dropins. Also, change the GrantTypeHandlerImplClass
of the password grant type in IS_HOME/repository/components/conf/identity/identity.xml
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54146879%2fwso2-identity-server-not-able-to-consume-custom-federated-authenticator%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
To use federated users for the password grant type, you need to customize PasswordGrantHandler. You need to create a new class(lets say custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler
) extending this and override the validateGrant method. Then make it as an OSGi bundle and deploy in IS_HOME/repository/components/dropins. Also, change the GrantTypeHandlerImplClass
of the password grant type in IS_HOME/repository/components/conf/identity/identity.xml
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
add a comment |
To use federated users for the password grant type, you need to customize PasswordGrantHandler. You need to create a new class(lets say custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler
) extending this and override the validateGrant method. Then make it as an OSGi bundle and deploy in IS_HOME/repository/components/dropins. Also, change the GrantTypeHandlerImplClass
of the password grant type in IS_HOME/repository/components/conf/identity/identity.xml
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
add a comment |
To use federated users for the password grant type, you need to customize PasswordGrantHandler. You need to create a new class(lets say custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler
) extending this and override the validateGrant method. Then make it as an OSGi bundle and deploy in IS_HOME/repository/components/dropins. Also, change the GrantTypeHandlerImplClass
of the password grant type in IS_HOME/repository/components/conf/identity/identity.xml
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
To use federated users for the password grant type, you need to customize PasswordGrantHandler. You need to create a new class(lets say custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler
) extending this and override the validateGrant method. Then make it as an OSGi bundle and deploy in IS_HOME/repository/components/dropins. Also, change the GrantTypeHandlerImplClass
of the password grant type in IS_HOME/repository/components/conf/identity/identity.xml
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>custom.oauth2.token.handlers.grant.CustomPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
answered Jan 18 at 17:23
senthalansenthalan
295111
295111
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
add a comment |
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
This works for me. I am able to generate tokens. Can you also guide me on integrating wso2is server with wso2 api manager to use these tokens for API consumption?
– Pranav
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
You can refer to this doc docs.wso2.com/display/AM260/… (in the place of key manager you can use IS)
– senthalan
2 days ago
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54146879%2fwso2-identity-server-not-able-to-consume-custom-federated-authenticator%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Are you using password grant to create the access token?
– senthalan
Jan 15 at 9:05
@senthalan yes i'm trying to use password grant type to generate access token. Password validator and token generator will be my external java application which i want to connect to wso2 as a federated authenticator
– Pranav
Jan 20 at 4:20