2

I am trying to create a OAuth2.0 Authentication server using IBM Websphere. I have followed steps from here.

Steps:

  • Created OAuthProvider using OauthConfigSample.xml template.
  • Installed IBM provided EAR using installOAuth2Service.py.
  • enabled OAuth TAI.
  • Registered clients using the sample base.clients.xml file.

now I am trying to get the token using postman, but while authenticate via browser I am unable to authenticate and getting error (PasswordCheckFailedException: CWWIM4537E No principal is found from the 'Client01' principal name.).

I have already followed this answer.

Please guide.

vipul kumawat
  • 88
  • 7
  • I was have tied one example from https://www.baeldung.com/java-ee-oauth2-implementation . So I was confused about Registered user. After @Chunglong, suggested example I come to know about "registered user" for login page credentials will be WebSphere console credential. along with that I have not "Enable application security" under Global security->Application security. Thanks Chunglong – vipul kumawat Jan 27 '21 at 14:25

1 Answers1

0

Here is a working example you can follow, https://www.ibm.com/developerworks/websphere/techjournal/1305_odonnell1/1305_odonnell1.html

Chunlong
  • 616
  • 5
  • 9
  • Thank you @Chunlong for quick answer. I followed the steps but getting below errors. If you have any idea regarding these. [2/2/21 10:51:24:370 IST] 00000148 TAMTrustAssoc I com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlusinitialize(Properties) AWXRB0008E An error occurred retrieving the mandatory property, com.ibm.websphere.security.webseal.loginId, causing initialization to fail. – vipul kumawat Feb 02 '21 at 09:55
  • 1
    you can safely ignore this error message. You can even delete this TAMTrustAssociationInterceptor – Chunlong Feb 03 '21 at 15:23
  • @Chunglong I need one more help. After generating token successfully using Postman, TAI is not authorizing the token before accessing the application(kept filter for application). I have passed wrong token to access the REST API still I'm able to access the resource. Do TAI, verify token for each request automatically or we need to customize WebSphereOauth20SP.ear for that each request? I really don't have idea please help me. – vipul kumawat Feb 04 '21 at 13:43
  • 1
    If URI has role requirement, the TAI will return 401 error if token is missing or wrong – Chunlong Feb 05 '21 at 14:48
  • Sorry @Chunglong for series of questions. I have kept security role for my Restful Application using web.xml. Along with that I have created role under "users and groups" in WebSphere console. both place I have added "websphere" as a user. still no success. could you please guide me or suggest some article where I can read and find more information regarding this. – vipul kumawat Feb 10 '21 at 13:53
  • 1
    maybe you use the sample shipped with websphere to verify OAuth is setup properly first, then work on your own application. You can find the sample from here https://www.ibm.com/support/knowledgecenter/SSAW57_9.0.5/com.ibm.websphere.base.doc/ae/video_transcript_InstallSnoopServlet.html. – Chunlong Feb 10 '21 at 15:10