Piyush,
When authenticating using client credentials, the Reverse Proxy will attempt to create a credential for a user with username = client-id. If this user doesn't exist in Verify Access that will fail. Can you try creating a user in your system with username = client-id and see if that helps. If it does then we can look at the next steps (in case you don't want to create a user for each client).
Also, is there anything useful in the Reverse Proxy log file - or the AAC Runtime messages.log file?
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Mon August 24, 2020 07:37 PM
From: Piyush Agrawal
Subject: Accessing protected resource with Client Credential Flow
Hello,
We have exposed APIs behind webseal with ACL protection, this leads to many System User/Users in ISAM Ldap with different group memberships.
With OAuth we are trying to replace system Users with Client Credential Flow.
I am getting access token after calling /token endpoint, /introspect is also working. But when I try to call resource with
curl -k --noproxy "*" -L 'https://test-api.com/tools/epac.jsp' -H 'Authorization: Bearer uXIweM4q0Ppx77C0xYGL'
I am always redirected to Login page.
Authorization Flow/Implicit Flow is working but Client Credential Flow doesn't work.
Any help will speed up in resolving this issue.
ISAM Verstion 9.0.7
Thank you in Advance,
Regards,
------------------------------
Piyush Agrawal
------------------------------