CreateOTP rest api calls failing with Not Authorized error is a bug with OAM12c version. It can be fixed by following below steps.
- If using OID/OUD/OVD userstore as default store in OAM. Create a group named “OTPRestUserGroup” under ou=groups,dc=example,dc=com. (make sure using same group name as explained).
- Add weblogic/oamadmin as member of this group.
- Login to /oamconsole, navigate to Confguration > Administration > Add OTPRestUserGroup grant SytemAdministrator role. Save.
- Export oam-config.xml
- Edit , search for parameter “OAMMFAOTP”. change the UserStore parameter value from UserIdentityStore to name used for user store configured in OAM (OID/OUD/OVD).
<Setting Name=”OAMMFAOTP” Type=”htf:map”>
<Setting Name=”Enabled” Type=”xsd:boolean”>true</Setting>
<Setting Name=”RequireAuthorizationHeader” Type=”xsd:boolean”>true</Setting>
<Setting Name=”ServerType” Type=”xsd:string”>Managed</Setting>
<Setting Name=”Description” Type=”xsd:string”>OAM-MFA API</Setting>
<Setting Name=”UserStore” Type=”xsd:string”>OIDStore</Setting>
<Setting Name=”ConfigParams” Type=”htf:map”>
<Setting Name=”UseUdmStore” Type=”xsd:string”>true</Setting>
<Setting Name=”HandleFailedCounter” Type=”xsd:string”>true</Setting>
6. Import the oam-config.xml, restart OAM Domain. Test CreateOTP /ValidateOTP RestAPI call, should be generating OTP.