OAuth2.0 error when trying to connect “Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body”

Which IIQ version are you inquiring about?

Version 8.3

Please share any images or screenshots, if relevant.

Share all details related to your problem, including any error messages you may have received.

When I try to connect to OAuth2.0 I get the error “Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body”.
From what I looked online, it looks like it is related to the POST request being made within SailPoint that sends the credentials in the authentication header and in the body.
Is there any parameters or configuration I am doing wrong in order to get that issue ?
Here is the stack trace

2024-01-08T08:45:16,129 ERROR http-nio-8080-exec-4 openconnector.connector.scim2.SCIM2Connector:414 - Test Connection Exception: 
openconnector.ConnectorException: Token generation failed. Unable to generate access token. Response returned: {"error":"invalid_request","error_description":"Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."}
        at openconnector.connector.scim2.SCIM2Connector.getAccessToken(SCIM2Connector.java:2229) ~[connector-bundle-webservices.jar:8.3p3]
        at openconnector.connector.scim2.SCIM2Connector.getRestService(SCIM2Connector.java:2152) [connector-bundle-webservices.jar:8.3p3]
        at openconnector.connector.scim2.SCIM2Connector.performTestConnection(SCIM2Connector.java:373) [connector-bundle-webservices.jar:8.3p3]
        at openconnector.connector.scim2.SCIM2Connector.testConnection(SCIM2Connector.java:362) [connector-bundle-webservices.jar:8.3p3]
        at sailpoint.connector.OpenConnectorAdapter.testConfiguration(OpenConnectorAdapter.java:789) [connector-bundle-identityiq.jar:8.3p3]
        at sailpoint.connector.ConnectorProxy.testConfiguration(ConnectorProxy.java:411) [connector-bundle-identityiq.jar:8.3p3]
        at sailpoint.web.ApplicationObjectBean.testConnectorAction(ApplicationObjectBean.java:2842) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.apache.el.parser.AstValue.invoke(AstValue.java:252) [jasper-el.jar:9.0.83]
        at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:266) [jasper-el.jar:9.0.83]
        at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.20.jar:2.2.20]
        at sailpoint.web.util.SailPointActionListener.processAction(SailPointActionListener.java:42) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at javax.faces.component.UICommand.broadcast(UICommand.java:315) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.20.jar:2.2.20]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:357) [tomahawk20-1.1.14.jar:1.1.14]
        at sailpoint.web.MyFacesExtensionsFilter.doFilter(MyFacesExtensionsFilter.java:62) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) [tomcat-websocket.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.SailPointResponseFilter.doFilter(SailPointResponseFilter.java:76) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.PageAuthorizationFilter.doFilter(PageAuthorizationFilter.java:97) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.PageAuthenticationFilter$Chainlink.doFilter(PageAuthenticationFilter.java:290) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at sailpoint.service.PageAuthenticationService.handleFinally(PageAuthenticationService.java:644) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at sailpoint.web.PageAuthenticationFilter$MyHandler.handle(PageAuthenticationFilter.java:333) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at sailpoint.web.PageAuthenticationFilter.doFilter(PageAuthenticationFilter.java:127) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:61) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.util.MethodFilter.doFilter(MethodFilter.java:51) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.util.TimingFilter.doFilter(TimingFilter.java:88) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.2.20.RELEASE.jar:5.2.20.RELEASE]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.20.RELEASE.jar:5.2.20.RELEASE]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [catalina.jar:9.0.83]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [catalina.jar:9.0.83]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [catalina.jar:9.0.83]
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:9.0.83]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:9.0.83]
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) [tomcat-coyote.jar:9.0.83]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote.jar:9.0.83]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928) [tomcat-coyote.jar:9.0.83]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794) [tomcat-coyote.jar:9.0.83]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-coyote.jar:9.0.83]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:9.0.83]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:9.0.83]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.83]
        at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: connector.common.oauth2.OAuth2Exception: Unable to generate access token. Response returned: {"error":"invalid_request","error_description":"Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."}
        at connector.common.oauth2.BaseTokenClient.generateToken(BaseTokenClient.java:127) ~[connector-bundle-webservices.jar:8.3p3]
        at connector.common.oauth2.TokenGeneratorFactory.getTokenInfo(TokenGeneratorFactory.java:79) ~[connector-bundle-webservices.jar:8.3p3]

If you don’t want to send credentials in the body you can use this

to exclude credential attributes from the body. If you want to exclude it from headers - use

instead to exclude attributes from header.

Here you can find all details about it
https://documentation.sailpoint.com/connectors/identityiq/scim_2_0/help/integrating_scim2/oauth2_authentication_iiq.html

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.