Hitachi Content Platform​

https://community.hitachivantara.com/message/35779-401-unauthorised-when-using-auth-api

Try the above document and see what error is returned. Post it here.

This is usually caused by an issue with the user in the Active Directory, eg not having  a principal name.

gives the same error "unauthorized"

curl -ik -X POST https://10.32.148.226:8000/auth/oauth -d grant_type=password -d username=tallurhi -d password=xxxxxxx -d scope=* -d realm=UBSPROD -d client_id=hci-client -d client_secret=hci-client

HTTP/1.1 401 Unauthorized

Set-Cookie: JwtCookie=deleteMe; Path=/; Max-Age=0; Expires=Tue, 27-Nov-2018 21:34:13 GMT; Secure

WWW-Authenticate: Bearer realm="application"

Content-Length: 0

Date: Wed, 28 Nov 2018 21:34:13 GMT

Server: HCI

i can confirm that it is not credential issues as i see the below

1. When i do ldapsearch from the linux instance i can connect to the domain using the credentials and search queries works without issues

2.When i perform a test before adding the Identity provider it connects sucessfuly

3.Admin console returns not authorized and search console says invalid credentials.

I think i figured out the issue(query timeout??) ...here is what i observed.

the customer BASE DN for User and group is different

-when i set the base DN to a level above where the group and users are available i always get the error invalid credentials.

-When i set the base DN to the level of User directory then i get "unauthorised" error

-When i set the base DN to group directory and below then i get "invalid credentials"

Is it possible to modify the plugin the mention both user and group base DN separately to avoid search timeout or hitting search limit.

The problem was principal name mismatch. Thanks Jon for providing additional info on logging.