Highlighted
KSEB1 Absent Member.
Absent Member.
567 views

Unable to authenticate. ( Connection refused -esp-B06C39C629

Net iq access manager

When login to portal page it is showing Unable to authenticate. ( Connection refused -esp-B06C39C629F12AB5).

But directly the portal server is accessible
login page comes and when user credential given it accepts and then it shows the below mentioned error

Unable to authenticate. ( Connection refused -esp-B06C39C629F12AB5)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

On 13-05-2019 10:16 PM, KSEB wrote:
>
> Net iq access manager
>
> When login to portal page it is showing Unable to authenticate. (
> Connection refused -esp-B06C39C629F12AB5).
>
> But directly the portal server is accessible
> login page comes and when user credential given it accepts and then it
> shows the below mentioned error
>
> Unable to authenticate. ( Connection refused -esp-B06C39C629F12AB5)


are you running the access manager appliance?

Enable debug logging for the IDP cluster (Devices | IDP | edit cluster | logging | application -> set log to debug). Update both the IDP and access
gateway. Reproduce the error and post the /opt/novell/nam/mag/logs/catalina.out here


--
Cheers,
Edward
0 Likes
SLong Valued Contributor.
Valued Contributor.

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

Connection refused - sounds like a certificate/SSL error?

0 Likes
Knowledge Partner
Knowledge Partner

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

I guess you are running the access manager appliance? The ESP is throwing the error so best to get the logs from that.

/opt/novell/nam/mag/logs/catalina.out

 

You probably first have to enable debug logging to get some relevant info out of it tho. Go to IDP | Edit Cluster | logging and auditing and set application to debug and update both the IDP and ESP and regenerate the event and then either post the log here or have a look yourself.

0 Likes
SLong Valued Contributor.
Valued Contributor.

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

Below is the log.    We have another proxy on the same AG fronting the IDP, so I think it's getting confused.  It's getting me confused too.  I think I probably need to add the cert to the trust store on the lag... but, it should already be, since there is a proxy on the same box for the IDP?  My thoughts are being if the browsers can connect through the reverse proxy, so also should another RP hosted on the same server.

 

2019-06-24T15:43:23Z VERBOSE NIDS Application: Attempting to connect to URL: https://am.us.xyc.com/nidp/idff/metadata via GET 2019-06-24T15:43:23Z DEBUG NIDS Application: Method: URLUtil.connectToURL Thread: ajp-nio-127.0.0.1-9009-exec-25 Error connecting to URL Connection refused (Connection refused) 2019-06-24T15:43:23Z SEVERE NIDS IDFF: AM#100106001: AMDEVICEID#esp-18B9A63AFFCEE270: AMAUTHID#803e9573e589a59df8f71f14a4ddd2a4842828c71ef9195ad3374863a402ed02: Unable to load metadata for Embedded Service Provider: https://am.us.xyc.com/nidp/idff/metadata, error: Connection refused (Connection refused) 2019-06-24T15:43:23Z DEBUG NIDS Application: Method: NIDPServletContext.goJSP Thread: ajp-nio-127.0.0.1-9009-exec-25 Forwarding to JSP: /jsp/top.jsp 2019-06-24T15:43:23Z DEBUG NIDS Application: Method: CacheMap.A Thread: ajp-nio-127.0.0.1-9009-exec-25 Retrieval of object com.novell.nidp.servlets.NIDPServletSession@6c53c8ea from cache session succeeded using key bcd2f6b106833b5852b6139cadbff2c8e15bd4595a8bd97e504cbdfc2bbee840. Cache size is 3 2019-06-24T15:43:23Z INFO NIDS Application: AM#500105039: AMDEVICEID#esp-18B9A63AFFCEE270: AMAUTHID#bcd2f6b106833b5852b6139cadbff2c8e15bd4595a8bd97e504cbdfc2bbee840: Error on session id bcd2f6b106833b5852b6139cadbff2c8e15bd4595a8bd97e504cbdfc2bbee840, error 100101044Connection refused (Connection refused)-esp-18B9A63AFFCEE270, Unable to authenticate.:NIDPLOGGING.100101044Connection refused (Connection refused)null:

0 Likes
Knowledge Partner
Knowledge Partner

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

This AG is trying to connect to https://am.us.xyc.com/nidp/idff/metadata which is failing (see: error: Connection refused) . Did you enable port redirection using iptables to DNAT traffic from 443 to 8443?

0 Likes
SLong Valued Contributor.
Valued Contributor.

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

I figured it by using curl -k  https:\\metadata.  It was baffling because curl was returning the metadata.  So I could get a curl response from the IDP directly, but not through the RP.  I found a leftover host entry for RP I put the IDP on when I was testing.  We moved that RP to another IP so the host entry was invalid.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

So everything is all good now?
0 Likes
SLong Valued Contributor.
Valued Contributor.

Re: Unable to authenticate. ( Connection refused -esp-B06C39C629

Yes

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.