OAuth2.0 error when trying to connect “Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body”

jessicabelleville · January 8, 2024, 12:53pm

Which IIQ version are you inquiring about?

Version 8.3

Please share any images or screenshots, if relevant.

Share all details related to your problem, including any error messages you may have received.

When I try to connect to OAuth2.0 I get the error “Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body”.
From what I looked online, it looks like it is related to the POST request being made within SailPoint that sends the credentials in the authentication header and in the body.
Is there any parameters or configuration I am doing wrong in order to get that issue ?
Here is the stack trace

2024-01-08T08:45:16,129 ERROR http-nio-8080-exec-4 openconnector.connector.scim2.SCIM2Connector:414 - Test Connection Exception: 
openconnector.ConnectorException: Token generation failed. Unable to generate access token. Response returned: {"error":"invalid_request","error_description":"Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."}
        at openconnector.connector.scim2.SCIM2Connector.getAccessToken(SCIM2Connector.java:2229) ~[connector-bundle-webservices.jar:8.3p3]
        at openconnector.connector.scim2.SCIM2Connector.getRestService(SCIM2Connector.java:2152) [connector-bundle-webservices.jar:8.3p3]
        at openconnector.connector.scim2.SCIM2Connector.performTestConnection(SCIM2Connector.java:373) [connector-bundle-webservices.jar:8.3p3]
        at openconnector.connector.scim2.SCIM2Connector.testConnection(SCIM2Connector.java:362) [connector-bundle-webservices.jar:8.3p3]
        at sailpoint.connector.OpenConnectorAdapter.testConfiguration(OpenConnectorAdapter.java:789) [connector-bundle-identityiq.jar:8.3p3]
        at sailpoint.connector.ConnectorProxy.testConfiguration(ConnectorProxy.java:411) [connector-bundle-identityiq.jar:8.3p3]
        at sailpoint.web.ApplicationObjectBean.testConnectorAction(ApplicationObjectBean.java:2842) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.apache.el.parser.AstValue.invoke(AstValue.java:252) [jasper-el.jar:9.0.83]
        at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:266) [jasper-el.jar:9.0.83]
        at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.20.jar:2.2.20]
        at sailpoint.web.util.SailPointActionListener.processAction(SailPointActionListener.java:42) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at javax.faces.component.UICommand.broadcast(UICommand.java:315) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.20.jar:2.2.20]
        at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.20.jar:2.2.20]
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.20.jar:2.2.20]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:357) [tomahawk20-1.1.14.jar:1.1.14]
        at sailpoint.web.MyFacesExtensionsFilter.doFilter(MyFacesExtensionsFilter.java:62) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) [tomcat-websocket.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.SailPointResponseFilter.doFilter(SailPointResponseFilter.java:76) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.PageAuthorizationFilter.doFilter(PageAuthorizationFilter.java:97) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.PageAuthenticationFilter$Chainlink.doFilter(PageAuthenticationFilter.java:290) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at sailpoint.service.PageAuthenticationService.handleFinally(PageAuthenticationService.java:644) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at sailpoint.web.PageAuthenticationFilter$MyHandler.handle(PageAuthenticationFilter.java:333) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at sailpoint.web.PageAuthenticationFilter.doFilter(PageAuthenticationFilter.java:127) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:61) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.util.MethodFilter.doFilter(MethodFilter.java:51) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.util.TimingFilter.doFilter(TimingFilter.java:88) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.2.20.RELEASE.jar:5.2.20.RELEASE]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.20.RELEASE.jar:5.2.20.RELEASE]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.jar:9.0.83]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [catalina.jar:9.0.83]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [catalina.jar:9.0.83]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [catalina.jar:9.0.83]
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670) [catalina.jar:9.0.83]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:9.0.83]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:9.0.83]
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) [tomcat-coyote.jar:9.0.83]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote.jar:9.0.83]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928) [tomcat-coyote.jar:9.0.83]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794) [tomcat-coyote.jar:9.0.83]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-coyote.jar:9.0.83]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:9.0.83]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:9.0.83]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.83]
        at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: connector.common.oauth2.OAuth2Exception: Unable to generate access token. Response returned: {"error":"invalid_request","error_description":"Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."}
        at connector.common.oauth2.BaseTokenClient.generateToken(BaseTokenClient.java:127) ~[connector-bundle-webservices.jar:8.3p3]
        at connector.common.oauth2.TokenGeneratorFactory.getTokenInfo(TokenGeneratorFactory.java:79) ~[connector-bundle-webservices.jar:8.3p3]

kjakubiak · January 8, 2024, 2:33pm

If you don’t want to send credentials in the body you can use this

to exclude credential attributes from the body. If you want to exclude it from headers - use

instead to exclude attributes from header.

Here you can find all details about it
https://documentation.sailpoint.com/connectors/identityiq/scim_2_0/help/integrating_scim2/oauth2_authentication_iiq.html

system · March 8, 2024, 2:33pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Salesforce Connector Test Connection Error Using OAuth2 IIQ Discussion and Questions apis , identityiq	5	460	January 31, 2024
Unable to connect to Genesys purecloud using SCIM2.0 and OAUTH2.0 ISC Discussion and Questions	3	1054	July 19, 2023
How to configure oauth2 authorization in Webservice connector IIQ Discussion and Questions	8	1762	July 19, 2023
Unable to get OAuth2 in IdentityIQ v8.1 working IdentityIQ (IIQ)	2	1821	November 17, 2021
Web Service connector: HTTP 415 Error IdentityIQ (IIQ)	7	2853	January 27, 2022

OAuth2.0 error when trying to connect “Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body”

Which IIQ version are you inquiring about?

Please share any images or screenshots, if relevant.

Share all details related to your problem, including any error messages you may have received.

Related Topics