Highlighted
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491405 wrote:
On 23-11-2018 9:44 AM, sohelkhan wrote:
>
> sohelkhan;2491394 Wrote:
>> Hi Edward,
>>
>> Yes i did curl for login url first and did create a cookie with the
>> Jsession ID in it. but in the subsequent step for some reason it is not
>> picking the authentication information.
>>
>> Thanks and Regards,
>> Sohel

>
>
> Below information i was able fetch from log file that suggests user was
> authenticated.
>
> <amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9:
> Authenticated user cn=XXXXXXXX,ou=XXX,ou=XXXX,ou=XXXXX,o=XXXXXX in User
> Store XXXXXXX with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-22T22:26:26Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#ce75bcbc7a55ed4ae82214fd625a0746443fa04c59838eb8fda93c086b5fafd9:
> nLogin succeeded, redirecting to https://idpserver.com/nidp/app.
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


Weird, somehow NAM is challenging you for auth again with that redirect. Can you supply/check your catalina.out? It should show something like this on
the first oauth request:

<amLogEntry> 2018-11-23T08:02:10Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 63 * Server has received a
request on thread ajp-nio-127.0.0.1-9019-exec-10
63 > GET
https://appliance.site.com:8443/nidp/oauth/nam/authz?response_type=code&client_id=b7b7e353-4e50-4111-a8e2-884109d228e2&redirect_uri=https://client.example.org/callback&scope=urn:netiq.com:nam:scope:oauth:registration:full
63 > accept: */*
63 > cookie: JSESSIONID=DCDEE4A1551B7A25EE931A67F62D535B
63 > host: appliance.site.com:8443
63 > user-agent: curl/7.57.0
63 > Via: 1.1 appliance.site.com (Access Gateway-ag-5E2FA6689EB91570-27450)
</amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9019-exec-10

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@50ded5e6 from cache session succeeded using key
0bffdb025916cb90ecc21f7beab0d2830e232fd1830fa790c1c21270aad5c8b5. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>

<amLogEntry> 2018-11-23T08:02:10Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9019-exec-10



--
Cheers,
Edward


Hi Edward,

Unfortunately I am not getting any logs as suggested above in my Catalina.out file, only interesting logs that I get is as below,

<amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105013: AMDEVICEID#B74B3934F62FD6A4: AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254: Authenticated user cn=xxxxxx,ou=xxxxxxxx,ou=xxxx,ou=xxxxxxxxx,o=xxxxxxxx in User Store xxxxxx with roles "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated". </amLogEntry>

<amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105017: AMDEVICEID#B74B3934F62FD6A4: AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254: nLogin succeeded, redirecting to https://idpserver/nidp/app. </amLogEntry>

<amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 291 * Server has received a request on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
291 > GET https://idpserver/nidp/oauth/nam/authz?response_type=code&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977d741&scope=urn:netiq.com:nam:scope:oauth:registration:full
291 > accept: */*
291 > host: xx.xx.xxx.xxx
291 > user-agent: curl/7.29.0
</amLogEntry>

<amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 292 * Server responded with a response on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
292 < 302
292 < Cache-Control: no-cache, no-store, no-transform
292 < Location: https://idpserver/nidp//app/login?target=https%3A%2F%2Fxx.xx.xxx.xxx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977d741%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
</amLogEntry>

Thanks and Regards,
Sohel
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Error while trying OAuth Client Registration using REST API

On 26-11-2018 1:46 PM, sohelkhan wrote:
>


> Unfortunately I am not getting any logs as suggested above in my
> Catalina.out file, only interesting logs that I get is as below,
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> Authenticated user
> cn=xxxxxx,ou=xxxxxxxx,ou=xxxx,ou=xxxxxxxxx,o=xxxxxxxx in User Store
> xxxxxx with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> nLogin succeeded, redirecting to https://idpserver/nidp/app.
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 291 * Server
> has received a request on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 291 > GET
> https://idpserver/nidp/oauth/nam/authz?response_type=code&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977d741&scope=urn:netiq.com:nam:scope:oauth:registration:full
> 291 > accept: */*
> 291 > host: xx.xx.xxx.xxx
> 291 > user-agent: curl/7.29.0
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 292 * Server
> responded with a response on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 292 < 302
> 292 < Cache-Control: no-cache, no-store, no-transform
> 292 < Location:
> https://idpserver/nidp//app/login?target=https%3A%2F%2Fxx.xx.xxx.xxx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977d741%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


It looks like you are not sending the session cookie (JSESSIONID)

--
Cheers,
Edward
0 Likes
sohelkhan Absent Member.
Absent Member.

Re: Error while trying OAuth Client Registration using REST

edmaa;2491476 wrote:
On 26-11-2018 1:46 PM, sohelkhan wrote:
>


> Unfortunately I am not getting any logs as suggested above in my
> Catalina.out file, only interesting logs that I get is as below,
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105013:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> Authenticated user
> cn=xxxxxx,ou=xxxxxxxx,ou=xxxx,ou=xxxxxxxxx,o=xxxxxxxx in User Store
> xxxxxx with roles
> "NAM_OAUTH2_DEVELOPER","NAM_OAUTH2_ADMIN","authenticated".
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:09Z INFO NIDS Application: AM#500105017:
> AMDEVICEID#B74B3934F62FD6A4:
> AMAUTHID#f39bcb27e93a7fd827ea5ab1c2003be9fa95bcc4ae316462023501cbd944f254:
> nLogin succeeded, redirecting to https://idpserver/nidp/app.
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 291 * Server
> has received a request on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 291 > GET
> https://idpserver/nidp/oauth/nam/authz?response_type=code&client_id=4e6c88ef-54cb-45fc-9eed-2a32b977d741&scope=urn:netiq.com:nam:scope:oauth:registration:full
> 291 > accept: */*
> 291 > host: xx.xx.xxx.xxx
> 291 > user-agent: curl/7.29.0
> </amLogEntry>
>
> <amLogEntry> 2018-11-26T02:35:45Z INFO NIDS Session Logger:
> com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 292 * Server
> responded with a response on thread http-nio-xx.xx.xxx.xxx-8443-exec-6
> 292 < 302
> 292 < Cache-Control: no-cache, no-store, no-transform
> 292 < Location:
> https://idpserver/nidp//app/login?target=https%3A%2F%2Fxx.xx.xxx.xxx%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fresponse_type%3Dcode%26client_id%3D4e6c88ef-54cb-45fc-9eed-2a32b977d741%26scope%3Durn%3Anetiq.com%3Anam%3Ascope%3Aoauth%3Aregistration%3Afull
> </amLogEntry>
>
> Thanks and Regards,
> Sohel
>
>


It looks like you are not sending the session cookie (JSESSIONID)

--
Cheers,
Edward


Thank you Edward for your help, I understand the issue was with session cookie. Now I able to register client using the same procedure.

Really appreciate your help.

Thank and Regards,
Sohel
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.