Hello everybody,
First, thank you for all of your answers :)
Then, here is a screenshot of the users list in the **IS**, where we can
see that I have a user (versusmind) stored in a secondary user store (with
the domain RGPD) :
[image: Images intégrées 1]
Then, I tried to execute the following cUrl commands but I have the same
error as before. It is like the APIM cannot "access" to the user in the
secondary user store of the IS (which seems to be logic because only the
primary user store is shared between the APIM and the IS) :
curl -v -X POST --basic -u
Lz6FaylMv5fF5ax4TrTZzlvlEowa:ih0znfMUS6lgqShXSYcDlhEUMqYa \
-H "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" \
-k -d
"grant_type=password&username=RGPD/versusmind&password=versusmind" \
https://40.118.24.155:8243/token
or
curl -v -X POST --basic -u
Lz6FaylMv5fF5ax4TrTZzlvlEowa:ih0znfMUS6lgqShXSYcDlhEUMqYa \
-H "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" \
-k -d "grant_type=password&username=versusmind&password=versusmind" \
https://40.118.24.155:8243/token
Regards,
Thomas
2018-01-18 8:19 GMT+01:00 Godwin Shrimal <[email protected]>:
> Yes, So Thomas's issue should be something different since he has used
> correct format of a request(Without using user store domain).
>
> @Thomas: Can you login to IS Management console and check secondary user
> store's users are listing under Users & Roles->List-> Users?
>
> Thanks
> Godwin
>
> On Thu, Jan 18, 2018 at 2:05 PM, Sathya Bandara <[email protected]> wrote:
>
>> Hi,
>>
>> On Thu, Jan 18, 2018 at 12:20 PM, Godwin Shrimal <[email protected]> wrote:
>>
>>> Hi Sathya,
>>>
>>> Ideally, user should get authenticated even you send without user store
>>> domain. right?
>>>
>>
>> Yes. user gets authenticated without the user store domain. If the user
>> is in super tenant domain(carbon.super), we can discard the tenant domain
>> as well.
>>
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>>
>>> On Thu, Jan 18, 2018 at 1:15 PM, Sathya Bandara <[email protected]> wrote:
>>>
>>>> Hi Thomas,
>>>>
>>>> Can you try with the following curl command.
>>>>
>>>> curl -v -X POST --basic -u <client_id>:<client_secret> -H
>>>> "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d
>>>> "grant_type=password&username=<userstore_domain>/[email protected]&password=admin"
>>>> https://localhost:8243/token
>>>>
>>>> [1] https://docs.wso2.com/display/AM210/Password+Grant
>>>>
>>>> On Wed, Jan 17, 2018 at 7:11 PM, Thomas LEGRAND <
>>>> [email protected]> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I configured the Identity Server (IS) to be the Key Manager of the API
>>>>> Manager (APIM). In the IS, I configured a secondary user store where I
>>>>> will
>>>>> have my users of my applications. But, I think I missed something because
>>>>> when I want to generate a OAuth token for a user stored in this secondary
>>>>> user store, I have an error:
>>>>>
>>>>> My request:
>>>>>
>>>>> curl -k -d "grant_type=password&username=
>>>>> <USR_NAME>&password=<USR_PASSWD>" -H "Authorization: Basic
>>>>> <BASE64_KEY_SECRET_COUPLE>" https://apim:8243/token
>>>>>
>>>>> The response:
>>>>>
>>>>> {"error_description":"Authentication failed for
>>>>> <USR_NAME>@carbon.super","error":"invalid_grant"}.
>>>>>
>>>>> In the application in the store of the APIM, "Password" is ticked so
>>>>> the grant_type is right.
>>>>> And I tried with the following pattern for the <USR_NAME>:
>>>>> - <USR_NAME>
>>>>> - <DOMAIN>/<USR_NAME>
>>>>> - <DOMAIN>\<USR_NAME>
>>>>>
>>>>> Can you help me? How can I ensure that the APIM uses all of the user
>>>>> stores from the IS.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Thomas
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sathya Bandara
>>>> Software Engineer
>>>> WSO2 Inc. http://wso2.com
>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>>
>>>> <+94%2071%20411%205032>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> [email protected]
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>> twitter: https://twitter.com/godwinamila
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
