sosix Trusted Contributor.
Trusted Contributor.
820 views

OSP error

Detail error in "osp-idm.2019-03-27.log"


Preamble: [OSP]
Priority Level: WARNING
Java: internal.osp.framework.servlet.OSPServlet.auditFailedRequest() [474] thread=http-nio-8080-exec-2
Time: 2019-03-27T10:18:36.522-0300
Log Data: InternalError

Preamble: [OSP]
Priority Level: SEVERE
Java: internal.osp.framework.servlet.OSPServlet.errorResponse() [281] thread=http-nio-8080-exec-2
Time: 2019-03-27T10:18:36.788-0300
Log Data: Code: internal.osp.framework.handler.TenantRequestHandler.<init>() [70]
Text: Unrecognized interface. Invalid Host Header Name or Request URL Domain Name.

Preamble: [OSP]
Priority Level: WARNING
Java: internal.osp.framework.servlet.OSPServlet.auditFailedRequest() [474] thread=http-nio-8080-exec-5
Time: 2019-03-27T10:18:46.710-0300
Log Data: InternalError

Preamble: [OSP]
Priority Level: SEVERE
Java: internal.osp.framework.servlet.OSPServlet.errorResponse() [281] thread=http-nio-8080-exec-5
Time: 2019-03-27T10:18:46.710-0300
Log Data: Code: internal.osp.framework.handler.TenantRequestHandler.<init>() [70]
Text: Unrecognized interface. Invalid Host Header Name or Request URL Domain Name.

Preamble: [OSP]
Priority Level: WARNING
Java: internal.osp.framework.servlet.OSPServlet.auditFailedRequest() [474] thread=http-nio-8080-exec-7
Time: 2019-03-27T10:19:55.106-0300
Log Data: InternalError

Preamble: [OSP]
Priority Level: SEVERE
Java: internal.osp.framework.servlet.OSPServlet.errorResponse() [281] thread=http-nio-8080-exec-7
Time: 2019-03-27T10:19:55.106-0300
Log Data: Code: internal.osp.framework.handler.TenantRequestHandler.<init>() [70]
Text: Unrecognized interface. Invalid Host Header Name or Request URL Domain Name.

Preamble: [OIDP]
Priority Level: SEVERE
Java: internal.osp.oidp.service.oauth2.handler.RequestHandler.respondWithPageError() [582] thread=https-openssl-nio-8443-exec-10
Time: 2019-03-27T10:20:06.264-0300
Log Data: Code: internal.osp.oidp.service.oauth2.handler.HandlerException.<init>() [183]
Text: Client-supplied redirect URI is not registered: http://w16qavidgsrv01.ad.gi.cl:8080/oauth.html

Preamble: [OIDP]
Priority Level: SEVERE
Java: internal.osp.oidp.service.oauth2.handler.RequestHandler.respondWithPageError() [582] thread=https-openssl-nio-8443-exec-9
Time: 2019-03-27T10:21:43.829-0300
Log Data: Code: internal.osp.oidp.service.oauth2.handler.HandlerException.<init>() [183]
Text: Supplied client identifier is invalid.

Preamble: [OIDP]
Priority Level: SEVERE
Java: internal.osp.oidp.service.oauth2.handler.RequestHandler.respondWithPageError() [582] thread=https-openssl-nio-8443-exec-10
Time: 2019-03-27T10:23:51.538-0300
Log Data: Code: internal.osp.oidp.service.oauth2.handler.HandlerException.<init>() [183]
Text: Supplied client identifier is invalid.



Detail error (only one) in catalina.2019-03-26.log:



[SEVERE] 2019-03-26 18:44:36 com.netiq.iac.server.j2ee.ArcServerInitListener loadBaseData - [IG-SERVER] Encountered unexpected error: Encountered unexpected exception




Server install details:
APP Server: IG 3.5 + Script install ("IDGov35-Core-Helper-IDGov.ps1") + Certificate SHA256withRSA
DB Server: PostgreSQL
RPT Server: PostgreSQL + Script install ("IDGov35-Core-Helper-Base.ps1") + Certificate SHA256withRSA
0 Likes
14 Replies
Knowledge Partner
Knowledge Partner

Re: OSP error

On 3/27/2019 10:04 AM, sosix wrote:
>
> Detail error in "osp-idm.2019-03-27.log"
>
>
>> Preamble: [OSP]
>> Priority Level: WARNING
>> Java: internal.osp.framework.servlet.OSPServlet.auditFailedRequest()
>> [474] thread=http-nio-8080-exec-2
>> Time: 2019-03-27T10:18:36.522-0300
>> Log Data: InternalError
>>
>> Preamble: [OSP]
>> Priority Level: SEVERE
>> Java: internal.osp.framework.servlet.OSPServlet.errorResponse() [281]
>> thread=http-nio-8080-exec-2
>> Time: 2019-03-27T10:18:36.788-0300
>> Log Data: Code:
>> internal.osp.framework.handler.TenantRequestHandler.<init>() [70]
>> Text: Unrecognized interface. Invalid Host Header Name or Request URL
>> Domain Name.
>>
>> Preamble: [OSP]
>> Priority Level: WARNING
>> Java: internal.osp.framework.servlet.OSPServlet.auditFailedRequest()
>> [474] thread=http-nio-8080-exec-5
>> Time: 2019-03-27T10:18:46.710-0300
>> Log Data: InternalError
>>
>> Preamble: [OSP]
>> Priority Level: SEVERE
>> Java: internal.osp.framework.servlet.OSPServlet.errorResponse() [281]
>> thread=http-nio-8080-exec-5
>> Time: 2019-03-27T10:18:46.710-0300
>> Log Data: Code:
>> internal.osp.framework.handler.TenantRequestHandler.<init>() [70]
>> Text: Unrecognized interface. Invalid Host Header Name or Request URL
>> Domain Name.
>>
>> Preamble: [OSP]
>> Priority Level: WARNING
>> Java: internal.osp.framework.servlet.OSPServlet.auditFailedRequest()
>> [474] thread=http-nio-8080-exec-7
>> Time: 2019-03-27T10:19:55.106-0300
>> Log Data: InternalError
>>
>> Preamble: [OSP]
>> Priority Level: SEVERE
>> Java: internal.osp.framework.servlet.OSPServlet.errorResponse() [281]
>> thread=http-nio-8080-exec-7
>> Time: 2019-03-27T10:19:55.106-0300
>> Log Data: Code:
>> internal.osp.framework.handler.TenantRequestHandler.<init>() [70]
>> Text: Unrecognized interface. Invalid Host Header Name or Request URL
>> Domain Name.
>>
>> Preamble: [OIDP]
>> Priority Level: SEVERE
>> Java:
>> internal.osp.oidp.service.oauth2.handler.RequestHandler.respondWithPageError()
>> [582] thread=https-openssl-nio-8443-exec-10
>> Time: 2019-03-27T10:20:06.264-0300
>> Log Data: Code:
>> internal.osp.oidp.service.oauth2.handler.HandlerException.<init>()
>> [183]
>> Text: Client-supplied redirect URI is not registered:
>> http://w16qavidgsrv01.ad.gi.cl:8080/oauth.html
>>
>> Preamble: [OIDP]
>> Priority Level: SEVERE
>> Java:
>> internal.osp.oidp.service.oauth2.handler.RequestHandler.respondWithPageError()
>> [582] thread=https-openssl-nio-8443-exec-9
>> Time: 2019-03-27T10:21:43.829-0300
>> Log Data: Code:
>> internal.osp.oidp.service.oauth2.handler.HandlerException.<init>()
>> [183]
>> Text: Supplied client identifier is invalid.
>>
>> Preamble: [OIDP]
>> Priority Level: SEVERE
>> Java:
>> internal.osp.oidp.service.oauth2.handler.RequestHandler.respondWithPageError()
>> [582] thread=https-openssl-nio-8443-exec-10
>> Time: 2019-03-27T10:23:51.538-0300
>> Log Data: Code:
>> internal.osp.oidp.service.oauth2.handler.HandlerException.<init>()
>> [183]
>> Text: Supplied client identifier is invalid.

>
>
> Detail error (only one) in catalina.2019-03-26.log:
>
>
>
>> [SEVERE] 2019-03-26 18:44:36
>> com.netiq.iac.server.j2ee.ArcServerInitListener loadBaseData -
>> [IG-SERVER] Encountered unexpected error: Encountered unexpected
>> exception



OSP is super duper picky about the URL in the browser bar, matching the
value in the config. It is annoying, but apparently part of teh
standard, so operating correctly.

In the ism-configuration.properties (in your Tomcat/conf dir) what value
do you have for the osp url? I forget the property name, but they should
all be basically the same in the file.

Is it exactly:
http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?

> Server install details:
> APP Server: IG 3.5 + Script install ("IDGov35-Core-Helper-IDGov.ps1") +
> Certificate SHA256withRSA
> DB Server: PostgreSQL
> RPT Server: PostgreSQL + Script install ("IDGov35-Core-Helper-Base.ps1")
> + Certificate SHA256withRSA
>
>


0 Likes
sosix Trusted Contributor.
Trusted Contributor.

Re: OSP error

OSP is super duper picky about the URL in the browser bar, matching the
value in the config. It is annoying, but apparently part of teh
standard, so operating correctly.

In the ism-configuration.properties (in your Tomcat/conf dir) what value
do you have for the osp url? I forget the property name, but they should
all be basically the same in the file.

Is it exactly:
http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?



Is not the same...

Detail ism.configuration.properties:


com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443
0 Likes
Knowledge Partner
Knowledge Partner

Re: OSP error

On 3/27/2019 10:44 AM, sosix wrote:
>
>> OSP is super duper picky about the URL in the browser bar, matching the
>> value in the config. It is annoying, but apparently part of teh
>> standard, so operating correctly.
>>
>> In the ism-configuration.properties (in your Tomcat/conf dir) what value
>> do you have for the osp url? I forget the property name, but they should
>> all be basically the same in the file.
>>
>> Is it exactly:
>> http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?

>
>
> Is not the same...
>
> Detail ism.configuration.properties:
>
>>
>> com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443


So, one of these things is not like the other, one of these things,
doesn't belong, can you tell me which one of these is not like the
other, before I finish this song? (Hat tip to Sesame Street).

So... You MUST access services authenticated by OSP via the configured
URL. Period.

So, have you tried the proper URL? Does that work?


0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OSP error

On 3/27/19 10:48 AM, Geoffrey Carman wrote:
> On 3/27/2019 10:44 AM, sosix wrote:
>>
>>> OSP is super duper picky about the URL in the browser bar, matching the
>>> value in the config. It is annoying, but apparently part of teh
>>> standard, so operating correctly.
>>>
>>> In the ism-configuration.properties (in your Tomcat/conf dir) what value
>>> do you have for the osp url? I forget the property name, but they should
>>> all be basically the same in the file.
>>>
>>> Is it exactly:
>>> http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?

>>
>>
>> Is not the same...
>>
>> Detail ism.configuration.properties:
>>
>>>
>>> com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443

>
> So, one of these things is not like the other, one of these things,
> doesn't belong, can you tell me which one of these is not like the
> other, before I finish this song?  (Hat tip to Sesame Street).
>
> So... You MUST access services authenticated by OSP via the configured
> URL. Period.
>
> So, have you tried the proper URL?  Does that work?
>
>

Greetings,
If you have switched from http to https you have to update the
redirect and server information in both configutil and configupdate. ID
Gov has to know and so does OSP.

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
sosix Trusted Contributor.
Trusted Contributor.

Re: OSP error

stevewdj;2497447 wrote:
On 3/27/19 10:48 AM, Geoffrey Carman wrote:
> On 3/27/2019 10:44 AM, sosix wrote:
>>
>>> OSP is super duper picky about the URL in the browser bar, matching the
>>> value in the config. It is annoying, but apparently part of teh
>>> standard, so operating correctly.
>>>
>>> In the ism-configuration.properties (in your Tomcat/conf dir) what value
>>> do you have for the osp url? I forget the property name, but they should
>>> all be basically the same in the file.
>>>
>>> Is it exactly:
>>> http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?

>>
>>
>> Is not the same...
>>
>> Detail ism.configuration.properties:
>>
>>>
>>> com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443

>
> So, one of these things is not like the other, one of these things,
> doesn't belong, can you tell me which one of these is not like the
> other, before I finish this song?Â* (Hat tip to Sesame Street).
>
> So... You MUST access services authenticated by OSP via the configured
> URL. Period.
>
> So, have you tried the proper URL?Â* Does that work?
>
>

Greetings,
If you have switched from http to https you have to update the
redirect and server information in both configutil and configupdate. ID
Gov has to know and so does OSP.

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus



I not switch http to https..., just only installed with certificate https 8443

I cant open configutil in idrpt, is in \idrpt\bin\configutil.cmd -password 'dbpassword'
0 Likes
sosix Trusted Contributor.
Trusted Contributor.

Re: OSP error

Detail error when enter IG reporting,


http://prntscr.com/n3qxb9
0 Likes
Knowledge Partner
Knowledge Partner

Re: OSP error

On 3/27/2019 1:26 PM, sosix wrote:
>
> Detail error when enter IG reporting,
>
>
> http://prntscr.com/n3qxb9


Screen shot is ALMOST helpful, but you would need to show us the URL bar
to see specifically what URL you are trying to reach.

I.e. Are you connecting on http and 8080 or https and 8443?


0 Likes
sosix Trusted Contributor.
Trusted Contributor.

Re: OSP error

geoffc;2497456 wrote:
On 3/27/2019 1:26 PM, sosix wrote:
>
> Detail error when enter IG reporting,
>
>
> http://prntscr.com/n3qxb9


Screen shot is ALMOST helpful, but you would need to show us the URL bar
to see specifically what URL you are trying to reach.

I.e. Are you connecting on http and 8080 or https and 8443?


first, login in IG with https://w16qavidgsrv01.ad.gi.cl:8443/#/landing

then, enter in identity reporting module (button in IG -right upper corner-) and re-direct to https://w16qavidrsrv01.ad.gi.cl:8443/IDMRPT/

and after accepting the certificate, shows the following error: http://prntscr.com/n3qxb9

rgs,
0 Likes
Knowledge Partner
Knowledge Partner

Re: OSP error

On 3/27/2019 3:04 PM, sosix wrote:
>
> geoffc;2497456 Wrote:
>> On 3/27/2019 1:26 PM, sosix wrote:
>>>
>>> Detail error when enter IG reporting,
>>>
>>>
>>> http://prntscr.com/n3qxb9

>>
>> Screen shot is ALMOST helpful, but you would need to show us the URL bar
>> to see specifically what URL you are trying to reach.
>>
>> I.e. Are you connecting on http and 8080 or https and 8443?

>
> first, login in IG with https://w16qavidgsrv01.ad.gi.cl:8443/#/landing
>
> then, enter in identity reporting module (button in IG -right upper
> corner-) and re-direct to https://w16qavidrsrv01.ad.gi.cl:8443/IDMRPT/
>
> and after accepting the certificate, shows the following error:
> http://prntscr.com/n3qxb9


Ok, your naming of servers is tricky.

OSP is on server:
w16qavidgsrv01

Reporting is on server:
w16qavidrsrv01 (with an extra r in there, I assume for Reporting!)

So now you are handing off.

On the server with reporting, how does the ism-configuration.properties
compare to the server with OSP?

0 Likes
Knowledge Partner
Knowledge Partner

Re: OSP error


>>>>> Is it exactly:
>>>>> http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?
>>>>
>>>>
>>>> Is not the same...
>>>>
>>>> Detail ism.configuration.properties:
>>>>> com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443


Ok, so your install is configured to use HTTPS on port 8443.


> I not switch http to https..., just only installed with certificate
> https 8443


Ok. So you installed to 8443, over SSL.

Why then were you trying to connect over HTTP (no SSL/TLS) on 8080 then,
which was your original question.

> I cant open configutil in idrpt, is in \idrpt\bin\configutil.cmd
> -password 'dbpassword'


Edit the configutil.cmd file. Look at the _db_user and _db_url and make
sure they point at proper values.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OSP error

On 3/27/19 1:24 PM, sosix wrote:
>
> stevewdj;2497447 Wrote:
>> On 3/27/19 10:48 AM, Geoffrey Carman wrote:
>>> On 3/27/2019 10:44 AM, sosix wrote:
>>>>
>>>>> OSP is super duper picky about the URL in the browser bar, matching

>> the
>>>>> value in the config. It is annoying, but apparently part of teh
>>>>> standard, so operating correctly.
>>>>>
>>>>> In the ism-configuration.properties (in your Tomcat/conf dir) what

>> value
>>>>> do you have for the osp url? I forget the property name, but they

>> should
>>>>> all be basically the same in the file.
>>>>>
>>>>> Is it exactly:
>>>>> http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?
>>>>
>>>>
>>>> Is not the same...
>>>>
>>>> Detail ism.configuration.properties:
>>>>
>>>>>
>>>>> com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443
>>>
>>> So, one of these things is not like the other, one of these things,
>>> doesn't belong, can you tell me which one of these is not like the
>>> other, before I finish this song?�* (Hat tip to Sesame Street).
>>>
>>> So... You MUST access services authenticated by OSP via the

>> configured
>>> URL. Period.
>>>
>>> So, have you tried the proper URL?�* Does that work?
>>>
>>>

>> Greetings,
>> If you have switched from http to https you have to update the
>> redirect and server information in both configutil and configupdate.
>> ID
>> Gov has to know and so does OSP.
>>
>> --
>> Sincerely,
>> Steven Williams
>> Principal Enterprise Architect
>> Micro Focus

>
>
> I not switch http to https..., just only installed with certificate
> https 8443
>
> I cant open configutil in idrpt, is in \idrpt\bin\configutil.cmd
> -password 'dbpassword'
>
>

Greetings,
The configutil that is under the Reporting Home folder is NOT the
correct one to use. That is only used during install time. Also,
configutil is only used to configure ID Gov, not ID Reporting (post
install) or OSP.

Since your "issue" is with Reporting Redirect then the value has to
match what OSP has for the redirect URL and what you actually have.

Therefore, you will only use configupdate on the OSP server and the
Reporting Server to make them match. You also have to make sure that
the URL you put in Administration of the ID Gov (so you get the icon in
the header) has the correct URL for Reporting

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OSP error

On 3/27/19 1:24 PM, sosix wrote:
>
> stevewdj;2497447 Wrote:
>> On 3/27/19 10:48 AM, Geoffrey Carman wrote:
>>> On 3/27/2019 10:44 AM, sosix wrote:
>>>>
>>>>> OSP is super duper picky about the URL in the browser bar, matching

>> the
>>>>> value in the config. It is annoying, but apparently part of teh
>>>>> standard, so operating correctly.
>>>>>
>>>>> In the ism-configuration.properties (in your Tomcat/conf dir) what

>> value
>>>>> do you have for the osp url? I forget the property name, but they

>> should
>>>>> all be basically the same in the file.
>>>>>
>>>>> Is it exactly:
>>>>> http://w16qavidgsrv01.ad.gi.cl:8080/ at its base?
>>>>
>>>>
>>>> Is not the same...
>>>>
>>>> Detail ism.configuration.properties:
>>>>
>>>>>
>>>>> com.netiq.idm.osp.url.host = https://w16qavidgsrv01.ad.gi.cl:8443
>>>
>>> So, one of these things is not like the other, one of these things,
>>> doesn't belong, can you tell me which one of these is not like the
>>> other, before I finish this song?�* (Hat tip to Sesame Street).
>>>
>>> So... You MUST access services authenticated by OSP via the

>> configured
>>> URL. Period.
>>>
>>> So, have you tried the proper URL?�* Does that work?
>>>
>>>

>> Greetings,
>> If you have switched from http to https you have to update the
>> redirect and server information in both configutil and configupdate.
>> ID
>> Gov has to know and so does OSP.
>>
>> --
>> Sincerely,
>> Steven Williams
>> Principal Enterprise Architect
>> Micro Focus

>
>
> I not switch http to https..., just only installed with certificate
> https 8443
>
> I cant open configutil in idrpt, is in \idrpt\bin\configutil.cmd
> -password 'dbpassword'
>
>

Greetings,
The configutil that is under the Reporting Home folder is NOT the
correct one to use. That is only used during install time. Also,
configutil is only used to configure ID Gov, not ID Reporting (post
install) or OSP.

Since your "issue" is with Reporting Redirect then the value has to
match what OSP has for the redirect URL and what you actually have.

Therefore, you will only use configupdate on the OSP server and the
Reporting Server to make them match. You also have to make sure that
the URL you put in Administration of the ID Gov (so you get the icon in
the header) has the correct URL for Reporting


--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
sosix Trusted Contributor.
Trusted Contributor.

Re: OSP error

problem solved!

two corrections in configutil:
1.OAuth client secret it was empty
2. OAuth redirect URl it was incomplete

I was sure that after the installation, these fields were completed from ism-configuration.properties, but nop 😞

Thanks stevendj and geoffc :cool:
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OSP error

On 3/28/19 2:34 PM, sosix wrote:
>
> problem solved!
>
> two corrections in configutil:
> 1.OAuth client secret it was empty
> 2. OAuth redirect URl it was incomplete
>
> I was sure that after the installation, these fields were completed from
> ism-configuration.properties, but nop 😞
>
> Thanks stevendj and geoffc :cool:
>
>

Greetings,
I do believe you outlined the incorrect tool. configutil is not
used to configure the redirect URLs for ID Reporting. Configupdate is
used to configure it for the Reporting and then you have to run it on
the remote OSP server.

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.