0

I have been trying to setup Okta as IDP for WSO2 APIM 3.2.0 in update level 213. I followed this to set it up. I am getting an error after login to the APIM publisher portal when i use Okta as federated authenticator for the APIM publisher portal.

UI error

Error Stack race

[2023-03-18 09:55:42,238] DEBUG - OAuthClientAuthnService Error while evaluating client authenticator : BasicOAuthClientCredAuthenticator
org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnException: invalid_client
    at org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator.authenticateClient(BasicAuthClientAuthenticator.java:93) ~[org.wso2.carbon.identity.oauth_6.4.2.85.jar:?]
    at org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService.authenticateClient(OAuthClientAuthnService.java:211) ~[org.wso2.carbon.identity.oauth_6.4.2.85.jar:?]
    at org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService.executeAuthenticator(OAuthClientAuthnService.java:106) ~[org.wso2.carbon.identity.oauth_6.4.2.85.jar:?]
    at org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService.lambda$executeClientAuthenticators$0(OAuthClientAuthnService.java:149) ~[org.wso2.carbon.identity.oauth_6.4.2.85.jar:?]
    at java.util.ArrayList.forEach(ArrayList.java:1259) [?:1.8.0_292]
    at org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService.executeClientAuthenticators(OAuthClientAuthnService.java:148) [org.wso2.carbon.identity.oauth_6.4.2.85.jar:?]
    at org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService.authenticateClient(OAuthClientAuthnService.java:63) [org.wso2.carbon.identity.oauth_6.4.2.85.jar:?]
    at org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy.handleMessage(OAuthClientAuthenticatorProxy.java:80) [org.wso2.carbon.identity.oauth.client.authn.filter-6.4.2.62.jar:6.4.2.62]
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) [cxf-core-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217) [cxf-rt-transports-http-3.5.5.jar:3.5.5]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:696) [tomcat-servlet-api_9.0.71.wso2v1.jar:?]

  • Did you provide the required permissions correclty when cresting that role? – Joy Rathnayake Mar 30 '23 at 16:07
  • The provided log is a DEBUG log and not an ERROR Log. As per the screenshot, it seems the Role Mapping is not made as expected in your environment. Please revisit the configurations and make the required mappings to provisioning the User or Federate the user with respective API Manager related roles to access the portal. – Athiththan May 15 '23 at 15:57

0 Answers0