OAM 11.1.2.2: Mobile and Social: JWTAuthentication: OID IDS Profile: HTTP 401 UnAuthorized. (Doc ID 2005771.1)

Last updated on SEPTEMBER 18, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.2 and later
Information in this document applies to any platform.

Symptoms

On : OAM 11.1.2.2.2 : Mobile and Social service

Use curl command to make OAM rest API (oic_rest/rest/jwtauthentication/authenticate) calls to obtain user token


ACTUAL BEHAVIOR
---------------

curl command works with local user defined in embedded ldap but get 401 Unauthorized response for users in OID IDSprofile.


curl command output for working case

# curl -i -H "Content-Type: application/json" --request POST http://oam11gr2ps2.vm.oracle.com:14100/oic_rest/rest/jwtauthentication/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"weblogic","X-Idaas-Rest-Subject-Password":"arr0wecs","X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Wed, 29 Apr 2015 20:48:40 GMT
Transfer-Encoding: chunked
Content-Type: application/json
X-IDAAS-REST-VERSION: v1
Set-Cookie: JSESSIONID=3fsSVBDL111Gv1hsYJGDYwTgpCqyb0nT8cGxTSdVhyH9sSPtnfT8!-1881384821; path=/; HttpOnly
X-ORACLE-DMS-ECID: f9230e6a9c248ef0:69e074ff:14d0126d565:-8000-00000000000098ab
X-Powered-By: Servlet/2.5 JSP/2.1


curl command output for not working case

# curl -i -H "Content-Type: application/json" --request POST http://oam11gr2ps2.vm.oracle.com:14100/oic_rest/rest/jwtauthentication/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"oamadmin","X-Idaas-Rest-Subject-Password":"t0rti11a","X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
HTTP/1.1 401 Unauthorized
Date: Wed, 29 Apr 2015 22:24:07 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Set-Cookie: JSESSIONID=2MCSVBhHt1hz21Gtf5VJ0Jrpm7TZx28TKhV5zr6pDZ6FMtzfWnJY!-1881384821; path=/; HttpOnly
X-ORACLE-DMS-ECID: f9230e6a9c248ef0:69e074ff:14d0126d565:-8000-000000000000a0a0
X-Powered-By: Servlet/2.5 JSP/2.1

EXPECTED BEHAVIOR
-----------------------
The curl command should return HTTP 200 when using users in OID IDS profile.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:

1. In OAM console, enable mobile and social services (Configuration --> Available Services --> enable Mobile and Social service)

2. run the curl command with username and password for a user in weblogic embedded ldap, it returns HTTP 200

# curl -i -H "Content-Type: application/json" --request POST http://oam11gr2ps2.vm.oracle.com:14100/oic_rest/rest/jwtauthentication/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"weblogic","X-Idaas-Rest-Subject-Password":"arr0wecs","X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Wed, 29 Apr 2015 20:48:40 GMT
Transfer-Encoding: chunked
Content-Type: application/json
X-IDAAS-REST-VERSION: v1
Set-Cookie: JSESSIONID=3fsSVBDL111Gv1hsYJGDYwTgpCqyb0nT8cGxTSdVhyH9sSPtnfT8!-1881384821; path=/; HttpOnly
X-ORACLE-DMS-ECID: f9230e6a9c248ef0:69e074ff:14d0126d565:-8000-00000000000098ab


3. run the curl command with username and password for a user in OID IDS profile, it should return HTTP 401.
# curl -i -H "Content-Type: application/json" --request POST http://oam11gr2ps2.vm.oracle.com:14100/oic_rest/rest/jwtauthentication/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"oamadmin","X-Idaas-Rest-Subject-Password":"t0rti11a","X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
HTTP/1.1 401 Unauthorized
Date: Wed, 29 Apr 2015 22:24:07 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Set-Cookie: JSESSIONID=2MCSVBhHt1hz21Gtf5VJ0Jrpm7TZx28TKhV5zr6pDZ6FMtzfWnJY!-1881384821; path=/; HttpOnly
X-ORACLE-DMS-ECID: f9230e6a9c248ef0:69e074ff:14d0126d565:-8000-000000000000a0a0
X-Powered-By: Servlet/2.5 JSP/2.1




Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms