I have configured two tenants in my WSO2 Identity server(5.3).
mydomain.com-->tenant1
mydomain2.com--->tenant22
Each tenant has couple of users configured in them. In Tenant1(my domain.com) I have added application under service provider. Note: Saas check box is unchecked.
I tried to generate the OAuth access token via clientCredential and password grant types. I face issues below issues.
- client credentials grant:
curl -u LdTubNF7u1pxTeWa98Q46K2vqhUa:clx4UTH1h2DdXuSMhzWrfXPSBJga -k -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded" http://10.37.2.XX:9763/oauth2/token
This generates the token for me. Ideally it should have failed as the application is configured for the specific tenant. I tried to access it by passing some domain name which is not listed still it works. e.g
curl -u LdTubNF7u1pxTeWa98Q46K2vqhUa:clx4UTH1h2DdXuSMhzWrfXPSBJga -k -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded" http://10.37.2.XX:9763/oauth2/token?tenantDomain=mytrail.com
password grant
curl -v -X POST -H "Authorization: Basic TGRUdWJORjd1MXB4VGVXYTk4UTQ2SzJ2cWhVYTpjbHg0VVRIMWgyRGRYdVNNaHpXcmZYUFNCSmdh" -k -d "grant_type=password&username=xxx&password=xxxx" -H "Content-Type:application/x-www-form-urlencoded" http://10.37.2.xx:9763/oauth2/token
Here the username and password belongs to tenant mydomain.com and I get below error.
[2017-03-31 01:45:33,420] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler} - Non-SaaS service provider tenant domain is not same as user tenant domain; mydomain.com != carbon.super
[2017-03-31 01:45:33,420] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} - Invalid Grant provided by the client Id: LdTubNF7u1pxTeWa98Q46K2vqhUa
Can any one tell me what I missed here? I want my application to be tenant specific.
thanks Rama