Bug #11938
closedTask #11847: APIM 420 related bugs and improvements
Cannot get a access token for a sub tenant
0%
Description
application is registered via https://{{baseURL}}/api-application-registration/register API.
Payload for super tenant: [1]
Payload for sub tenant: [2]
Note the additional username attribute in the payload.
When this attribute is only the username the access token can be generated, but this token is pointed to super tenant.
But with the username and domain name("${tenant_user_name}@${domain_name}") it returns a error.
Error log when the username and domain name is present: [3]
[1]
{
"applicationName":"app_device_super",
"isAllowedToAllDomains":false,
"supportedGrantTypes" : ["refresh_token", "client_credentials", "password"],
"tags":["android", "device_management", "application_management", "subscription_management", "review_management"],
"isSaasApp":true,
"isMappingAnExistingOAuthApp":false
}
[2]
{
"applicationName":"app-device-sub",
"username":"${tenant_user_name}@${domain_name}",
"password":"${password}",
"supportedGrantTypes" : ["refresh_token", "client_credentials", "password"],
"callBackUrl":"www.example.com",
"isSaasApp":true,
"tags": ["android", "device_management", "application_management", "subscription_management", "review_management"]
}
[3]
[2024-09-12 13:39:31,702] ERROR - [CXFServlet] Servlet.service() for servlet [CXFServlet] in context with path [/api-key-management] threw exception
org.json.JSONException: JSONObject["access_token"] not found.
at org.json.JSONObject.get(JSONObject.java:570) ~[json_3.0.0.wso2v1.jar:?]
at org.json.JSONObject.getString(JSONObject.java:857) ~[json_3.0.0.wso2v1.jar:?]
at io.entgra.device.mgt.core.apimgt.keymgt.extension.service.KeyMgtServiceImpl.createAccessToken(KeyMgtServiceImpl.java:386) ~[io.entgra.device.mgt.core.apimgt.keymgt.extension_5.2.4.SNAPSHOT.jar:?]
at io.entgra.device.mgt.core.apimgt.keymgt.extension.service.KeyMgtServiceImpl.dynamicClientRegistration(KeyMgtServiceImpl.java:115) ~[io.entgra.device.mgt.core.apimgt.keymgt.extension_5.2.4.SNAPSHOT.jar:?]
at io.entgra.device.mgt.core.apimgt.keymgt.extension.api.KeyManagerServiceImpl.dynamicClientRegistration(KeyManagerServiceImpl.java:49) ~[?:?]
at jdk.internal.reflect.GeneratedMethodAccessor832.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179) ~[?:?]
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) ~[?:?]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201) ~[?:?]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104) ~[?:?]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) ~[?:?]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) ~[?:?]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) ~[?:?]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[?:?]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265) ~[?:?]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) ~[?:?]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) ~[?:?]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) ~[?:?]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225) ~[?:?]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304) ~[?:?]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217) ~[?:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:555) ~[tomcat-servlet-api_9.0.85.wso2v1.jar:?]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279) ~[?:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) ~[org.wso2.carbon.ui_4.8.1.13.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:119) ~[org.wso2.carbon.identity.context.rewrite.valve_1.7.1.jar:?]
at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:116) ~[org.wso2.carbon.identity.context.rewrite.valve_1.7.1.jar:?]
at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:165) ~[org.wso2.carbon.identity.authz.valve_1.7.1.jar:?]
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:118) ~[org.wso2.carbon.identity.auth.valve_1.7.1.2.jar:?]
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:106) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at io.entgra.device.mgt.core.webapp.authenticator.framework.WebappAuthenticationValve.invoke(WebappAuthenticationValve.java:86) ~[io.entgra.device.mgt.core.webapp.authenticator.framework_5.2.4.SNAPSHOT.jar:?]
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:67) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137) ~[org.wso2.carbon.tomcat.ext_4.8.1.jar:?]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat_9.0.85.wso2v1.jar:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat_9.0.85.wso2v1.jar:?]
at java.lang.Thread.run(Thread.java:829) [?:?]