Wikis - Page

Knowledge Doc: Identity Applications request resource looping

0 Likes

Summary
Identity Applications request resource looping

Products
Identity Manager (IDM)

 

Environment
Identity Manager 4.8

Situation 

  • When trying to request any resource, the browser redirects to the forms engine and goes into a loop.
  • No obvious errors can be seen in the logs on the system
  • Browser trace shows that it's continiously sending an oauth token and get an 401 (no access) response
https://idapps.ntslab.aws:8600/oauth
https://idapps.ntslab.aws:8600/ospconfig
https://idapps.ntslab.aws:8600/WFHandler?sid=IDM&uri=/rest/access/info/user/rights
https://idapps.ntslab.aws:8600/WFHandler?sid=IDM&uri=/rest/access/forms&id=cn=Help-desk%20Request%20Form,cn=WorkflowForms,cn=appconfig,cn=User%20Application%20Driver,cn=driverset1,o=system&pid=cn=helpdeskticket,cn=requestdefs,cn=appconfig,cn=user%20application%20driver,cn=driverset1,o=system&formContainer=RequestForms&recipient=&locale=en&proxyFor=
https://idapps.ntslab.aws:8543/osp/a/idm/auth/oauth2/auth?redirect_uri=https://idapps.ntslab.aws:8600/forms/oauth.html&client_id=forms&response_type=code
https://idapps.ntslab.aws:8543/osp/a/idm/auth/oauth2/authcodecontinue?privateId=b6455a522751371f42b7&client_id=forms&irdpkg=1669384354774-ahqXYGzIEe2H5AIjJVYJ0A
https://idapps.ntslab.aws:8600/forms/oauth.html?code=eH8AIL3rgCK2BCILszNXM8WSMit9n-HhSHNAinsald9wFilj4M9IAZR6pCoekHW0igGUqV9N2KQQO1tExhnrk6m_dibTIvj6m-rW9aPek2iPHMZfd8YT1Xz21Ej7Qn3p3LuZGwsDkHVj_4mvUvhrBBVtv38dbK6B4tlPPJT_Vme_62nRQws8JGYIrGOTklITsufpPtQ_vs1mRDOa59TE3WzfVotrXg8_MNQqJy6Qk6qNmtUUcReWzYC7LnCpFgIe4kQOl0KCkF3PFE8yg4yrJLe7I2rb4DY8BplOtsxEF6BErvVrKkw2crP2sHSkSO8y01x8-vnRwU_bAnAFAVTLOyh9JmycOsGTTzDd-_2OXXP__ujnEQ9ruowl5qvli0mHCVx-94rToj2pbk5elkVDEo2we0QoynkCXDaepMel6IacGL0AbQZOyA2ZvlUatFvURd86ZNyQzhFxZ9284MUSajT1SSWSEvdSojLTYu48zs2tihpjcGH5NyBeYyGN-Qfdz1Z_qeV9NDPbqYVltexsjtT1z7quX93JOqiMCXelVqOLn9XowPmJiN6KsCUHNFp6-4114YqxnE8DUODPcnsilyAR5mrpLtxs4jsAPt0hu_CnoRn6z9RmKOqoLnOfevP266TvAw
https://idapps.ntslab.aws:8600/oauth
https://idapps.ntslab.aws:8600/ospconfig
 
Cause 
The Forms secret doesn't match the secret in config.ini
 
Resolution
Make sure that the secret configured in configupdate matches the one in /opt/netiq/idm/apps/sites/config.ini
  • Change the IDM SSO Client | Forms | Oauth Client Secret.
  • You need to base64 the secret using -n switch to prevent newline character 
# echo -n 'novell'|base64
bm92ZWxs
  • Edit the /opt/netiq/idm/apps/sites/config.ini and change the ClientPass to the base64 encoded secret.
OSPIssuerUrl=https://idapps.ntslab.aws:8543/osp/a/idm/auth/oauth2
OSPRedirectUrl=https://idapps.ntslab.aws:8600/forms/oauth.html
ClientID=forms
OSPLogoutUrl=https://idapps.ntslab.aws:8543/osp/a/idm/auth/app/logout
ClientPass=bm92ZWxs
LogLevel=info
ConfigFile=/opt/netiq/idm/apps/sites/config.ini
FormsServerAPILogMaxSize=50MB
SessionTimeout=1200
  • Restart nginx and Identity applications
     systemctl restart netiq-tomcat.service
     systemctl restart netiq-nginx.service


URL Name
KM000012298

Labels:

Support Tips/Knowledge Docss/Knowledge Docs
Support Tips/Knowledge Docs
Comment List
Related
Recommended