Security

Hi folks, 

I'm attempting to add a Generic HTTP Context Server that requires OAuth2 (grant_type=client_credentials). After entering required fields, I get an error when I click the "validate" button saying "Invalid OAuth2 credentials". I've got the same client id/secret set up in Postman just fine. 

Any tips on troubleshooting this? Is there a debug I can enable to see what kind of response I got from the token endpoint? The server will accept client id/secret in body or as an Authorization header using Basic auth, so I don't think that's the problem. Not sure what else it could be though.

There is not so much information in your request, like how you entered the credentials in the ClearPass Context server, or in Postman that you used for testing, nor on the application that you try to reach.

In that situation, I would setup a PHP script that records all headers and payload of the HTTPS request and fire both ClearPass and Postman to that script to compare and find the differences. It may be some additional header that is required and missing. It may be possible to increase logging in ClearPass, but I would not know which log to increase, and dumping the requests and compare worked for me in the past.

Hi folks, 

I'm attempting to add a Generic HTTP Context Server that requires OAuth2 (grant_type=client_credentials). After entering required fields, I get an error when I click the "validate" button saying "Invalid OAuth2 credentials". I've got the same client id/secret set up in Postman just fine. 

Any tips on troubleshooting this? Is there a debug I can enable to see what kind of response I got from the token endpoint? The server will accept client id/secret in body or as an Authorization header using Basic auth, so I don't think that's the problem. Not sure what else it could be though.

Thanks for the reply, Herman!

I tried your suggestion with Python instead of PHP. 

Found that ClearPass is sending body as application/json where as server only accepts application/x-www-form-urlencoded.

Also seems that x-www-form-urlencoded is mandatory per spec: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1

Any suggestions for how to proceed?

There is not so much information in your request, like how you entered the credentials in the ClearPass Context server, or in Postman that you used for testing, nor on the application that you try to reach.

In that situation, I would setup a PHP script that records all headers and payload of the HTTPS request and fire both ClearPass and Postman to that script to compare and find the differences. It may be some additional header that is required and missing. It may be possible to increase logging in ClearPass, but I would not know which log to increase, and dumping the requests and compare worked for me in the past.

Hi folks, 

I'm attempting to add a Generic HTTP Context Server that requires OAuth2 (grant_type=client_credentials). After entering required fields, I get an error when I click the "validate" button saying "Invalid OAuth2 credentials". I've got the same client id/secret set up in Postman just fine. 

Any tips on troubleshooting this? Is there a debug I can enable to see what kind of response I got from the token endpoint? The server will accept client id/secret in body or as an Authorization header using Basic auth, so I don't think that's the problem. Not sure what else it could be though.

That is not something that I can test very easy. If there are no other responses here, can you open a case with TAC? The OAuth2 is relatively new, or I just did not see the option before. There was a Universal Authentication Proxy in the past that took care of this... if code changes have to be done, it may be worth having a look at that if it still works.

Thanks for the reply, Herman!

I tried your suggestion with Python instead of PHP. 

Found that ClearPass is sending body as application/json where as server only accepts application/x-www-form-urlencoded.

Also seems that x-www-form-urlencoded is mandatory per spec: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1

Any suggestions for how to proceed?

There is not so much information in your request, like how you entered the credentials in the ClearPass Context server, or in Postman that you used for testing, nor on the application that you try to reach.

In that situation, I would setup a PHP script that records all headers and payload of the HTTPS request and fire both ClearPass and Postman to that script to compare and find the differences. It may be some additional header that is required and missing. It may be possible to increase logging in ClearPass, but I would not know which log to increase, and dumping the requests and compare worked for me in the past.

Hi folks, 

I'm attempting to add a Generic HTTP Context Server that requires OAuth2 (grant_type=client_credentials). After entering required fields, I get an error when I click the "validate" button saying "Invalid OAuth2 credentials". I've got the same client id/secret set up in Postman just fine. 

Any tips on troubleshooting this? Is there a debug I can enable to see what kind of response I got from the token endpoint? The server will accept client id/secret in body or as an Authorization header using Basic auth, so I don't think that's the problem. Not sure what else it could be though.