Layer 7 API Management: invalid_grant Resource Owner authentication failed
Article ID: 74764
Updated On:
Products
CA API Developer Portal
CA API Gateway
Issue/Introduction
When logging into the OAuth manager you may receive an error message similar to one of the below:
1.
{ "error":"login_required", "error_description":"The resource owner could not be authenticated due to missing or invalid credentials" }
2.
{"error":"invalid_grant" ,
"error_description":"Resource Owner authentication failed".}
1.
{ "error":"login_required", "error_description":"The resource owner could not be authenticated due to missing or invalid credentials" }
2.
{"error":"invalid_grant" ,
"error_description":"Resource Owner authentication failed".}
Environment
Release:
Component: APIPRD
Component: APIPRD
Cause
This can occur for a few reasons, most typically:
1. The username or password is incorrect
2. You are not authenticating against the correct identity provider.
3. Your account has been disabled/locked out
1. The username or password is incorrect
2. You are not authenticating against the correct identity provider.
3. Your account has been disabled/locked out
Resolution
To address each situation:
1. The username or password is incorrect
You will need to confirm you are using the correct ID and password for your account. It is important to note that the password is case sensitive. If using the internal IDP you can also reset the user account password via the policy manager.
2. You are not authenticating against the correct identity provider.
You will need access to the policy manager to view the authentication policy, OTK User Authentication. In newer versions of the OTK, 4.x, the customizations will be stored in the policy #OTK User Authentication.
By default, this uses only the Gateways internal identity provider. If it has been customized you will need to confirm the branching logic to see which IDP is being used and in what order.
3. Your account has been disabled/locked out
Depending on your IDP, you may need to work with the administrator of those systems to confirm you account status. If you are using the Internal IDP you can view the users properties in the policy manager and make sure the account is enabled.
1. The username or password is incorrect
You will need to confirm you are using the correct ID and password for your account. It is important to note that the password is case sensitive. If using the internal IDP you can also reset the user account password via the policy manager.
2. You are not authenticating against the correct identity provider.
You will need access to the policy manager to view the authentication policy, OTK User Authentication. In newer versions of the OTK, 4.x, the customizations will be stored in the policy #OTK User Authentication.
By default, this uses only the Gateways internal identity provider. If it has been customized you will need to confirm the branching logic to see which IDP is being used and in what order.
3. Your account has been disabled/locked out
Depending on your IDP, you may need to work with the administrator of those systems to confirm you account status. If you are using the Internal IDP you can view the users properties in the policy manager and make sure the account is enabled.
Feedback
Yes
No
Powered by
