32.12.13 OAuth Client Registration Fails If a Role Policy Contains a Condition Other than LDAP Attribute, LDAP Group, or LDAP OU

For registering OAuth client applications by using Identity Server, you must have a role called NAM_OAUTH2_DEVELOPER assigned.

The following are the recommended conditions in an Identity Server Role policy that assigns the NAM_OAUTH2_DEVELOPER role:

  • LDAP Attribute

  • LDAP Group

  • LDAP OU conditions

The client registration will not work if this role policy contains any of the following conditions:

  • Authenticating IDP

  • Authentication Contract

  • Authentication Method

  • Authentication Type

  • Credential Profile

  • Liberty User profile

  • Roles from Identity Provider

  • User Store