Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed

[Krzysztof B. <kb...@un...>]

Dear Zoltan,


W dniu 25.08.2021 o 15:34, ba...@aw... pisze:
> Dear Krzysztof,
>
>> One more thing to check: please ensure that your authenticator used by OAuth token endpoint ('pwd') is linked to a *password credential* that is actually set for the client. It is a common pitfall (as >in Unity you can have multiple password credentials).
> Could you please describe how to do this step-by-step? I'm afraid I do not speak the Unity language yet.
> Also, in my first email I linked screenshots of the whole configuration. Can you check whether the authenticator is linked to the correct credential?
> Perhaps you could point me to the relevant part in the documentation?

One of the screenshots you have shared shows that your OAuth clients are 
configured to authenticate with the *authenticator* called 'pwd'.

Now this authenticator is defining how to check the client's credential. 
In Authentication -> Facilities you will find the list of your 
authenticators. Locate entry 'pwd' there and check details. It should be 
an authenticator of type 'password' (i.e. checking passwords stored 
locally). And in its configuration there will be a password credential 
selected, which is used by this authenticator.  Note it down.

Next check if your client (in Directory browser) has this particular  
password credential set. Note that you can define multiple password 
credentials for your system (e.g. one for admins with high security 
requirements, one for ordinary users with lower requirements). Also 
unity defines one by its own (used to for the initial admin's password). 
So it is likely you have >1, and make sure the authenticator is using 
the correct one.

HTH,
Krzysztof