Oauth Issue after 4.8 Upgrade
Upraded UA from 4.7.4 to 4.8.2, now we are getting this error when trying to login
2021-01-07 13:44:47,336 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8543-exec-24) [RBPM] An error occurred while attempting to contact the authentication service.
All certs have been validated. Also reset rbmp to auto in configupdate. One other thing to note is we can no longer reach the site via the normal url, instead we have to append it with /idmdash/#/landing
For example previously userapp.com would redirect to userapp.com:8543//idmdash/#/landing now if we just go to userapp.com it gives a 404 error. Dug through configupdate and coudn't find anything odd other than in the main authentication url it had added "userapp.com https" I removed this and now the app starts up and we can access it directly via a header modification but we can not access through osp.
I don't think it ever had a built in redirect to /idmdash/ as I have always had to create one.
You could check this url to see if it loads and has the right hostnames (that match the certs): https://idapps.example.com:8543/osp/a/idm/auth/oauth2/.well-known/openid-configuration
Does java trust the certificate tomcat is using (cacerts or custom truststore)?
On the keystore issue it is more than just cacerts or the 'keystore'. It is the idm.jks in tomcat\conf and the osp.jks in osp's directory.
As for URL's if the values @jrmhscht do not match what you are typing in, then it will not work. Should not have worked before either to be honest.
Two things at play that caused our issues:
2. The ism.configuration.properties file had a bunch of extra slashes added in many urls and had to be updated to remove those extra slashes. Just in case anyone else runs into this.