CA API Management: invalid_grant Resource Owner authentication failed

Document ID : KB000074764
Last Modified Date : 23/03/2018
Show Technical Document Details
Issue:
When logging into the OAuth manager you may receive an error message similar to one of the below:

1.
​{ "error":"login_required", "error_description":"The resource owner could not be authenticated due to missing or invalid credentials" }

2.
{"error":"invalid_grant" ,
"error_description":"Resource Owner authentication failed".}


 
Cause:
This can occur for a few reasons, most typically:

1. The username or password is incorrect
2. You are not authenticating against the correct identity provider.
3. Your account has been disabled/locked out
Resolution:
To address each situation:

1. The username or password is incorrect

You will need to confirm you are using the correct ID and password for your account. It is important to note that the password is case sensitive. If using the internal IDP you can also reset the user account password via the policy manager.

2. You are not authenticating against the correct identity provider.

You will need access to the policy manager to view the authentication policy, OTK User Authentication. In newer versions of the OTK, 4.x, the customizations will be stored in the policy #OTK User Authentication.

By default, this uses only the Gateways internal identity provider. If it has been customized you will need to confirm the branching logic to see which IDP is being used and in what order.

3. Your account has been disabled/locked out

Depending on your IDP, you may need to work with the administrator of those systems to confirm you account status. If you are using the Internal IDP you can view the users properties in the policy manager and make sure the account is enabled.