Menu
▾
▴
Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: Zoltan B. <ba...@aw...> - 2021-08-30 13:26:23
|
Dear Krzysztof, First of all: now it works, many thanks for the help. > One of the screenshots you have shared shows that your OAuth clients are > configured to authenticate with the *authenticator* called 'pwd'. Yes, but that 'pwd' authenticator is under Identity provider>Jupyter hub login>Users authentication (https://snipboard.io/rUS3MP.jpg). Since it is under Users authentication I assumed that authenticator is used (only) for checking user's credentials and not the client credentials. > Next check if your client (in Directory browser) has this particular > password credential set. I did not have a password configured there. Once I set it (with Update credential button in the context menu) and adjusted the jupyter hub config it started to work. I must have overlooked the relevant part in the docs. However, it is still super confusing to me. Now I have 2 "passwords" for the client. The one that can be set in the directory browser here: https://snipboard.io/BEAplM.jpg And another one that can be set under Identity Provider>Jupyter hub login> Oauth client> [client ID]>Client secret : https://snipboard.io/YnEado.jpg Of course, up to now I tried to use the client secret from this latter option, which did not work. What is the purpose of the Client secret then? Br, Zoltan On 8/30/2021 10:25 AM, Krzysztof Benedyczak wrote: > Dear Zoltan, > > > W dniu 25.08.2021 o 15:34, ba...@aw... pisze: >> Dear Krzysztof, >> >>> One more thing to check: please ensure that your authenticator used >>> by OAuth token endpoint ('pwd') is linked to a *password credential* >>> that is actually set for the client. It is a common pitfall (as >in >>> Unity you can have multiple password credentials). >> Could you please describe how to do this step-by-step? I'm afraid I do >> not speak the Unity language yet. >> Also, in my first email I linked screenshots of the whole >> configuration. Can you check whether the authenticator is linked to >> the correct credential? >> Perhaps you could point me to the relevant part in the documentation? > > One of the screenshots you have shared shows that your OAuth clients are > configured to authenticate with the *authenticator* called 'pwd'. > > Now this authenticator is defining how to check the client's credential. > In Authentication -> Facilities you will find the list of your > authenticators. Locate entry 'pwd' there and check details. It should be > an authenticator of type 'password' (i.e. checking passwords stored > locally). And in its configuration there will be a password credential > selected, which is used by this authenticator. Note it down. > > Next check if your client (in Directory browser) has this particular > password credential set. Note that you can define multiple password > credentials for your system (e.g. one for admins with high security > requirements, one for ordinary users with lower requirements). Also > unity defines one by its own (used to for the initial admin's password). > So it is likely you have >1, and make sure the authenticator is using > the correct one. > > HTH, > Krzysztof > |
.){kind=link}
