It's all about the answers!

Ask a question

How to login from external application when using JAS


Benjamin Silverman (4.1k59) | asked Sep 06 '16, 7:16 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I'm attempting to access some CLM resources for monitoring from an external web application.  I have JAS successfully configured and am wondering what the best way is to authenticate.  Here's what I did:

1)  Registered a new client with mkclient -u user:password.  I did this because I don't know the client secret for the RM application I'm trying to access, and changing the secret through the rm/admin -> Advanced Properties seemed to break the application.
2)  Noted the client ID and secret
3)  Encoded the client:secret in Base64
4)  POST to https://localhost:9643/oidc/endpoint/jazzop/token?grant_type=client_credentials  with the following headers:

Authorization: Basic <encoded client:secret>
Scope: general

The response from the server is:

{"error":"unsupported_grant_type","error_description":"CWOAU0025E: The grant_type parameter was invalid: client_credentials"}

The JSA log has this:

[9/6/16 19:08:06:597 EDT] 00000a13 com.ibm.ws.security.oauth20.web.ClientAuthentication         E CWOAU0038E: The client could not be verified. Either the client ID: null or client secret is incorrect.

I wonder if client_credentials is even the best method or not, given I'm not sure what resources I'd be able to access with the client I created using the mkclient utility. 

Is there a better way of authenticating from an external web application, perhaps using the "password" grant type?  Any information that could be provided on this would be helpful.  Thanks,

One answer



permanent link
Benjamin Silverman (4.1k59) | answered Sep 08 '16, 6:52 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
 I was able to get past this by using the method described here.

Your answer


Register or to post your answer.