Environment
Identity Manager 4.8
Situation
- When trying to request any resource, the browser redirects to the forms engine and goes into a loop.
- No obvious errors can be seen in the logs on the system
- Browser trace shows that it's continiously sending an oauth token and get an 401 (no access) response
https://idapps.ntslab.aws:8600/oauth https://idapps.ntslab.aws:8600/ospconfig https://idapps.ntslab.aws:8600/WFHandler?sid=IDM&uri=/rest/access/info/user/rights https://idapps.ntslab.aws:8600/WFHandler?sid=IDM&uri=/rest/access/forms&id=cn=Help-desk%20Request%20Form,cn=WorkflowForms,cn=appconfig,cn=User%20Application%20Driver,cn=driverset1,o=system&pid=cn=helpdeskticket,cn=requestdefs,cn=appconfig,cn=user%20application%20driver,cn=driverset1,o=system&formContainer=RequestForms&recipient=&locale=en&proxyFor= https://idapps.ntslab.aws:8543/osp/a/idm/auth/oauth2/auth?redirect_uri=https://idapps.ntslab.aws:8600/forms/oauth.html&client_id=forms&response_type=code https://idapps.ntslab.aws:8543/osp/a/idm/auth/oauth2/authcodecontinue?privateId=b6455a522751371f42b7&client_id=forms&irdpkg=1669384354774-ahqXYGzIEe2H5AIjJVYJ0A https://idapps.ntslab.aws:8600/forms/oauth.html?code=eH8AIL3rgCK2BCILszNXM8WSMit9n-HhSHNAinsald9wFilj4M9IAZR6pCoekHW0igGUqV9N2KQQO1tExhnrk6m_dibTIvj6m-rW9aPek2iPHMZfd8YT1Xz21Ej7Qn3p3LuZGwsDkHVj_4mvUvhrBBVtv38dbK6B4tlPPJT_Vme_62nRQws8JGYIrGOTklITsufpPtQ_vs1mRDOa59TE3WzfVotrXg8_MNQqJy6Qk6qNmtUUcReWzYC7LnCpFgIe4kQOl0KCkF3PFE8yg4yrJLe7I2rb4DY8BplOtsxEF6BErvVrKkw2crP2sHSkSO8y01x8-vnRwU_bAnAFAVTLOyh9JmycOsGTTzDd-_2OXXP__ujnEQ9ruowl5qvli0mHCVx-94rToj2pbk5elkVDEo2we0QoynkCXDaepMel6IacGL0AbQZOyA2ZvlUatFvURd86ZNyQzhFxZ9284MUSajT1SSWSEvdSojLTYu48zs2tihpjcGH5NyBeYyGN-Qfdz1Z_qeV9NDPbqYVltexsjtT1z7quX93JOqiMCXelVqOLn9XowPmJiN6KsCUHNFp6-4114YqxnE8DUODPcnsilyAR5mrpLtxs4jsAPt0hu_CnoRn6z9RmKOqoLnOfevP266TvAw https://idapps.ntslab.aws:8600/oauth https://idapps.ntslab.aws:8600/ospconfig
Cause
The Forms secret doesn't match the secret in config.ini
Resolution
Make sure that the secret configured in configupdate matches the one in /opt/netiq/idm/apps/sites/config.ini
- Change the IDM SSO Client | Forms | Oauth Client Secret.
- You need to base64 the secret using -n switch to prevent newline character
# echo -n 'novell'|base64 bm92ZWxs
- Edit the /opt/netiq/idm/apps/sites/config.ini and change the ClientPass to the base64 encoded secret.
OSPIssuerUrl=https://idapps.ntslab.aws:8543/osp/a/idm/auth/oauth2 OSPRedirectUrl=https://idapps.ntslab.aws:8600/forms/oauth.html ClientID=forms OSPLogoutUrl=https://idapps.ntslab.aws:8543/osp/a/idm/auth/app/logout ClientPass=bm92ZWxs LogLevel=info ConfigFile=/opt/netiq/idm/apps/sites/config.ini FormsServerAPILogMaxSize=50MB SessionTimeout=1200
- Restart nginx and Identity applications
systemctl restart netiq-tomcat.service systemctl restart netiq-nginx.service
URL Name
KM000012298