How to login from external application when using JAS
I'm attempting to access some CLM resources for monitoring from an external web application. I have JAS successfully configured and am wondering what the best way is to authenticate. Here's what I did:
1) Registered a new client with mkclient -u user:password. I did this because I don't know the client secret for the RM application I'm trying to access, and changing the secret through the rm/admin -> Advanced Properties seemed to break the application.
2) Noted the client ID and secret
3) Encoded the client:secret in Base64
4) POST to https://localhost:9643/oidc/endpoint/jazzop/token?grant_type=client_credentials with the following headers:
Authorization: Basic <encoded client:secret>
Scope: general
The response from the server is:
{"error":"unsupported_grant_type","error_description":"CWOAU0025E: The grant_type parameter was invalid: client_credentials"}
The JSA log has this:
[9/6/16 19:08:06:597 EDT] 00000a13 com.ibm.ws.security.oauth20.web.ClientAuthentication E CWOAU0038E: The client could not be verified. Either the client ID: null or client secret is incorrect.
I wonder if client_credentials is even the best method or not, given I'm not sure what resources I'd be able to access with the client I created using the mkclient utility.
Is there a better way of authenticating from an external web application, perhaps using the "password" grant type? Any information that could be provided on this would be helpful. Thanks,
1) Registered a new client with mkclient -u user:password. I did this because I don't know the client secret for the RM application I'm trying to access, and changing the secret through the rm/admin -> Advanced Properties seemed to break the application.
2) Noted the client ID and secret
3) Encoded the client:secret in Base64
4) POST to https://localhost:9643/oidc/endpoint/jazzop/token?grant_type=client_credentials with the following headers:
Authorization: Basic <encoded client:secret>
Scope: general
The response from the server is:
{"error":"unsupported_grant_type","error_description":"CWOAU0025E: The grant_type parameter was invalid: client_credentials"}
The JSA log has this:
[9/6/16 19:08:06:597 EDT] 00000a13 com.ibm.ws.security.oauth20.web.ClientAuthentication E CWOAU0038E: The client could not be verified. Either the client ID: null or client secret is incorrect.
I wonder if client_credentials is even the best method or not, given I'm not sure what resources I'd be able to access with the client I created using the mkclient utility.
Is there a better way of authenticating from an external web application, perhaps using the "password" grant type? Any information that could be provided on this would be helpful. Thanks,