Anonymous_User Absent Member.
Absent Member.
1432 views

No Authentication service configured...Access Review


Hi All,

I have following setup
Server 1:
IDV
Server 2:
OSP
Tomcat using by Userapp and osp
UserApp(including landing,IDMPROV)
Oracle database using by User App.
Server 3:
Postgres Database using by Access Review
tomcat using by AR
Access Review

Now my osp is working properly for the User
Applications(landing,IDMProv,rra etc.). I am using same osp for AR
authentication configuration. But unfortunately when I am trying to
login using bootstrap admin(aradmin) or
userappadmin(cn=uaadmin,ou=sa,o=data) It is giving error "No
authentication service configured".

As per the documentation I followed the following steps
1.copy adminuser.text from AR server to OSP server under osp
2.configured SSO clenent for Access Review from OSP sever using
configupdate.sh
3. export idv server certificate and import it to AR keystore.
4. export keystore from OSP and import to AR keystore.


Still this is not working. Please help me to understand what I am
missing.

Thanks
Joydeep Mukherjee


--
joydeep9j
------------------------------------------------------------------------
joydeep9j's Profile: https://forums.netiq.com/member.php?userid=4754
View this thread: https://forums.netiq.com/showthread.php?t=55069

0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: No Authentication service configured...Access Review

On 12/30/2015 11:54 AM, joydeep9j wrote:
>
> Hi All,
>
> I have following setup
> Server 1:
> IDV
> Server 2:
> OSP
> Tomcat using by Userapp and osp
> UserApp(including landing,IDMPROV)
> Oracle database using by User App.
> Server 3:
> Postgres Database using by Access Review
> tomcat using by AR
> Access Review
>
> Now my osp is working properly for the User
> Applications(landing,IDMProv,rra etc.). I am using same osp for AR
> authentication configuration. But unfortunately when I am trying to
> login using bootstrap admin(aradmin) or
> userappadmin(cn=uaadmin,ou=sa,o=data) It is giving error "No
> authentication service configured".
>
> As per the documentation I followed the following steps
> 1.copy adminuser.text from AR server to OSP server under osp
> 2.configured SSO clenent for Access Review from OSP sever using
> configupdate.sh
> 3. export idv server certificate and import it to AR keystore.
> 4. export keystore from OSP and import to AR keystore.


anything in catalina.out on either AR or OSP box when you try to login?

Enable osp logging (tomcat/bin/setenv.sh file, there is a -Dsomething or
other that ends in INFO, and change to a higher level (ALL is crazy,
DEBUG is ok, TRACE is crazier) and see if you get a hint in there.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review

On 12/30/15 11:54 AM, joydeep9j wrote:
>
> Hi All,
>
> I have following setup
> Server 1:
> IDV
> Server 2:
> OSP
> Tomcat using by Userapp and osp
> UserApp(including landing,IDMPROV)
> Oracle database using by User App.
> Server 3:
> Postgres Database using by Access Review
> tomcat using by AR
> Access Review
>
> Now my osp is working properly for the User
> Applications(landing,IDMProv,rra etc.). I am using same osp for AR
> authentication configuration. But unfortunately when I am trying to
> login using bootstrap admin(aradmin) or
> userappadmin(cn=uaadmin,ou=sa,o=data) It is giving error "No
> authentication service configured".
>
> As per the documentation I followed the following steps
> 1.copy adminuser.text from AR server to OSP server under osp
> 2.configured SSO clenent for Access Review from OSP sever using
> configupdate.sh
> 3. export idv server certificate and import it to AR keystore.
> 4. export keystore from OSP and import to AR keystore.
>
>
> Still this is not working. Please help me to understand what I am
> missing.
>
> Thanks
> Joydeep Mukherjee
>
>

Greetings,
For the OSP set-up (IDM), did you copy over the xml file, update
the entry in configupdate, so that when you launch it you now have an AR
tab?

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review

On 12/30/15 2:39 PM, Steven Williams wrote:
> On 12/30/15 11:54 AM, joydeep9j wrote:
>>
>> Hi All,
>>
>> I have following setup
>> Server 1:
>> IDV
>> Server 2:
>> OSP
>> Tomcat using by Userapp and osp
>> UserApp(including landing,IDMPROV)
>> Oracle database using by User App.
>> Server 3:
>> Postgres Database using by Access Review
>> tomcat using by AR
>> Access Review
>>
>> Now my osp is working properly for the User
>> Applications(landing,IDMProv,rra etc.). I am using same osp for AR
>> authentication configuration. But unfortunately when I am trying to
>> login using bootstrap admin(aradmin) or
>> userappadmin(cn=uaadmin,ou=sa,o=data) It is giving error "No
>> authentication service configured".
>>
>> As per the documentation I followed the following steps
>> 1.copy adminuser.text from AR server to OSP server under osp
>> 2.configured SSO clenent for Access Review from OSP sever using
>> configupdate.sh
>> 3. export idv server certificate and import it to AR keystore.
>> 4. export keystore from OSP and import to AR keystore.
>>
>>
>> Still this is not working. Please help me to understand what I am
>> missing.
>>
>> Thanks
>> Joydeep Mukherjee
>>
>>

> Greetings,
> For the OSP set-up (IDM), did you copy over the xml file, update
> the entry in configupdate, so that when you launch it you now have an AR
> tab?
>

Greetings
Also, did you restart both Tomcat servers after updating the AR
information in the configupdate of IDM?



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review


Yes I copied the .xml file from AR server to OSP server to enable the AR
tab in configupdate.sh. It was working fine and I was also able to save
AR authentication information and bootstrap file information by running
configupdate.sh from OSP end.

One more information to provide is that when I login to AR using
userappadmin, It is giving error No authentication service configured
but able to access landing and IDMProv apps with the same session. I
believe SSO is happening.

Thanks in advance for your suggestion


--
joydeep9j
------------------------------------------------------------------------
joydeep9j's Profile: https://forums.netiq.com/member.php?userid=4754
View this thread: https://forums.netiq.com/showthread.php?t=55069

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review


Hi All,

I'm also facing the same problem. In my case OSP and AR both are
installed in the same sever. Whenever I'm accessing the AR url it's
redirecting to osp login page after providing valid bootstrap admin
credentials (LDAP admin configured as bootstrapadmin) it's redirecting
me to the original requested page after authentication but showing the
error "No authentication service configured".

Interestingly from OSP logs it's terminating the JNDI connection from
user store after generating the response token. Also from the http trace
I can find that https://server:port/api/whoami page is throwing an 503
error after successful redirection after login .


Please find below the OSP debug log.

[OIDP]
Time: 2015-12-31T09:41:46.149+0000
Level: INFO
Java Execution:
Class: com.novell.oidp.session.NIDPSession
Method: authenticate
Line Number: -1
Thread: localhost-startStop-1
Message: Authenticated user cn=admin,ou=sa,o=system in User Store
Authentication from IDM eDir with roles

[OIDP]
Time: 2015-12-31T09:57:48.621+0000
Level: INFO
Java Execution:
Class: com.novell.oidp.profile.LoginProfile
Method: successfulAuthentication
Line Number: -1
Thread: http-bio-8443-exec-9
Message: nLogin succeeded, redirecting to http://tinyurl.com/j939yry.

[OIDP]
Time: 2015-12-31T09:57:49.197+0000
Level: INFO
Java Execution:
Class: com.netiq.oidpp.oauth2.OAuth2Handler
Method: B
Line Number: -1
Thread: http-bio-8443-exec-7
Event:
Id: 0.0.2.0
Desc: Issue access token in response to OAuth2 request
(response_type=token)
Outcome: 0
Message: IssueOAuthToken

[OIDP]
Time: 2015-12-31T09:57:51.519+0000
Level: WARN
Java Execution:
Class: com.novell.oidp.source.ldap.jndi.JNDIAuditEventListener
Method: accept
Line Number: -1
Thread: OSP JNDI Connection Retirement
Event:
Id: 0.0.6.1
Desc: Close connection 0663401f-59c4-465b-81d7-74f29c1b6976 to user
store replica
Outcome: 0
Message: TerminateConnection


--
ramanujtapadar
------------------------------------------------------------------------
ramanujtapadar's Profile: https://forums.netiq.com/member.php?userid=11157
View this thread: https://forums.netiq.com/showthread.php?t=55069

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review

On 12/31/15 6:21 AM, ramanujtapadar wrote:
>
> Hi All,
>
> I'm also facing the same problem. In my case OSP and AR both are
> installed in the same sever. Whenever I'm accessing the AR url it's
> redirecting to osp login page after providing valid bootstrap admin
> credentials (LDAP admin configured as bootstrapadmin) it's redirecting
> me to the original requested page after authentication but showing the
> error "No authentication service configured".
>
> Interestingly from OSP logs it's terminating the JNDI connection from
> user store after generating the response token. Also from the http trace
> I can find that https://server:port/api/whoami page is throwing an 503
> error after successful redirection after login .
>
>
> Please find below the OSP debug log.
>
> [OIDP]
> Time: 2015-12-31T09:41:46.149+0000
> Level: INFO
> Java Execution:
> Class: com.novell.oidp.session.NIDPSession
> Method: authenticate
> Line Number: -1
> Thread: localhost-startStop-1
> Message: Authenticated user cn=admin,ou=sa,o=system in User Store
> Authentication from IDM eDir with roles
>
> [OIDP]
> Time: 2015-12-31T09:57:48.621+0000
> Level: INFO
> Java Execution:
> Class: com.novell.oidp.profile.LoginProfile
> Method: successfulAuthentication
> Line Number: -1
> Thread: http-bio-8443-exec-9
> Message: nLogin succeeded, redirecting to http://tinyurl.com/j939yry.
>
> [OIDP]
> Time: 2015-12-31T09:57:49.197+0000
> Level: INFO
> Java Execution:
> Class: com.netiq.oidpp.oauth2.OAuth2Handler
> Method: B
> Line Number: -1
> Thread: http-bio-8443-exec-7
> Event:
> Id: 0.0.2.0
> Desc: Issue access token in response to OAuth2 request
> (response_type=token)
> Outcome: 0
> Message: IssueOAuthToken
>
> [OIDP]
> Time: 2015-12-31T09:57:51.519+0000
> Level: WARN
> Java Execution:
> Class: com.novell.oidp.source.ldap.jndi.JNDIAuditEventListener
> Method: accept
> Line Number: -1
> Thread: OSP JNDI Connection Retirement
> Event:
> Id: 0.0.6.1
> Desc: Close connection 0663401f-59c4-465b-81d7-74f29c1b6976 to user
> store replica
> Outcome: 0
> Message: TerminateConnection
>
>

Greetings ramanujtapadar,
Your issue is different and should be in a different thread. Since
you can not login with the Bootstrap admin configured for LDAP, that
normally means you did not update the setting in configutil to switch
from "File" for the bootstrap admin.

1. Stop Tomcat

2. Open a terminal and navigate to the %access-review-install%/bin folder

3.a) Launch configutil (./configutil -password %the-db-password%
3.b) Select the Authentication Server Details Tab
3.b.1) In the middle of the page you will see the "Bootstrap Admin" section.
3.b.1.a) Make user the ID is correct
3.b.1.b) Change the "Authentication Source" dropdown from 'File' to
'Identity Vault'.
3.c) Press the Save Button
3.d) Close configutil

4) Clear our the tomcat/work/Catalina and the tomcat/temp directories.
I would also suggest deleting the logs

5) Start Tomcat

6) Test.

If this does not work, then start a new thread.



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review

On 12/31/15 2:04 AM, joydeep9j wrote:
>
> Yes I copied the .xml file from AR server to OSP server to enable the AR
> tab in configupdate.sh. It was working fine and I was also able to save
> AR authentication information and bootstrap file information by running
> configupdate.sh from OSP end.
>
> One more information to provide is that when I login to AR using
> userappadmin, It is giving error No authentication service configured
> but able to access landing and IDMProv apps with the same session. I
> believe SSO is happening.
>
> Thanks in advance for your suggestion
>
>

Greetings Joydeep9j,
During the install, it appears from your earlier post that you set
the bootstrap admin (default admin for AR) to 'aradmin' This is the
only user that will be able to successfully login and see anything in AR
until you

1. Create an IDM Identity Collector
2. Collect from the above Collector
3. Publish from the above Collector
4. Map some of the user(s) to the Access Review Admin Permissions in AR.


Please confirm the following:

A. What Service Pack do you have installed for IDM 4.5?

B. What HotFix do you have applied to OSP?

C. What is the exact version of Access Review you have installed?



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review


Thanks Steven,

The issue finally fixed after following steps
1. I applied HotFix over the OSP(My external Authentication service
provider)
2. Since OSP(external authentication service provider) and AR are in
different server. It is required to install a locat/Internal OSP on the
same server where AR is running and we have to provide external OSP
information during Internal OSP installation/configuration. Also in AR
configuration we had to provide external OSP information as
authentication server details
3. I installed Access Review 1.5

Thanks
Joydeep Mukherjee


--
joydeep9j
------------------------------------------------------------------------
joydeep9j's Profile: https://forums.netiq.com/member.php?userid=4754
View this thread: https://forums.netiq.com/showthread.php?t=55069

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: No Authentication service configured...Access Review

On 1/6/16 7:14 AM, joydeep9j wrote:
>
> Thanks Steven,
>
> The issue finally fixed after following steps
> 1. I applied HotFix over the OSP(My external Authentication service
> provider)
> 2. Since OSP(external authentication service provider) and AR are in
> different server. It is required to install a locat/Internal OSP on the
> same server where AR is running and we have to provide external OSP
> information during Internal OSP installation/configuration. Also in AR
> configuration we had to provide external OSP information as
> authentication server details
> 3. I installed Access Review 1.5
>
> Thanks
> Joydeep Mukherjee
>
>

Greetings Joydeep,
If you were using AR 1.5 and pointing to the OSP from IDM 4.5 then
that will not work (yet). AR 1.5 requires a different version of OSP
and this is called out in the documentation.

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.