From: Krzysztof B. <kb...@un...> - 2021-08-30 08:25:40
|
Dear Zoltan, W dniu 25.08.2021 o 15:34, ba...@aw... pisze: > Dear Krzysztof, > >> One more thing to check: please ensure that your authenticator used by OAuth token endpoint ('pwd') is linked to a *password credential* that is actually set for the client. It is a common pitfall (as >in Unity you can have multiple password credentials). > Could you please describe how to do this step-by-step? I'm afraid I do not speak the Unity language yet. > Also, in my first email I linked screenshots of the whole configuration. Can you check whether the authenticator is linked to the correct credential? > Perhaps you could point me to the relevant part in the documentation? One of the screenshots you have shared shows that your OAuth clients are configured to authenticate with the *authenticator* called 'pwd'. Now this authenticator is defining how to check the client's credential. In Authentication -> Facilities you will find the list of your authenticators. Locate entry 'pwd' there and check details. It should be an authenticator of type 'password' (i.e. checking passwords stored locally). And in its configuration there will be a password credential selected, which is used by this authenticator. Note it down. Next check if your client (in Directory browser) has this particular password credential set. Note that you can define multiple password credentials for your system (e.g. one for admins with high security requirements, one for ordinary users with lower requirements). Also unity defines one by its own (used to for the initial admin's password). So it is likely you have >1, and make sure the authenticator is using the correct one. HTH, Krzysztof |