This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
jburns80
Commodore
Commodore
‎2021-01-07 18:50
304 views

Oauth Issue after 4.8 Upgrade

Upraded UA from 4.7.4 to 4.8.2, now we are getting this error when trying to login

 

2021-01-07 13:44:47,336 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (https-jsse-nio-8543-exec-24) [RBPM] An error occurred while attempting to contact the authentication service.

 

All certs have been validated.  Also reset rbmp to auto in configupdate.  One other thing to note is we can no longer reach the site via the normal url, instead we have to append it with /idmdash/#/landing

 

For example previously userapp.com would redirect to userapp.com:8543//idmdash/#/landing  now if we just go to userapp.com it gives a 404 error. Dug through configupdate and coudn't find anything odd other than in the main authentication url it had added "userapp.com https"  I removed this and now the app starts up and we can access it directly via a header modification but we can not access through osp.

Labels (1)
Labels
Reply
Report Inappropriate Content
5 Replies
jrmhscht
Vice Admiral
Vice Admiral
‎2021-01-07 20:20

I don't think it ever had a built in redirect to /idmdash/ as I have always had to create one.

You could check this url to see if it loads and has the right hostnames (that match the certs): https://idapps.example.com:8543/osp/a/idm/auth/oauth2/.well-known/openid-configuration

Does java trust the certificate tomcat is using (cacerts or custom truststore)?

 

Reply
Report Inappropriate Content
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2021-01-07 20:25

On the keystore issue it is more than just cacerts or the 'keystore'.  It is the idm.jks in tomcat\conf and the osp.jks in osp's directory.

 

As for URL's if the values @jrmhscht do not match what you are typing in, then it will not work. Should not have worked before either to be honest.

 

Reply
Report Inappropriate Content
jburns80
Commodore
Commodore
‎2021-01-08 18:23

I've verified all certs, osp kicks off just fine and doesn't throw the error, its almost as if the session is no good once the idp returns the valid login

0 Likes
Reply
Report Inappropriate Content
jburns80
Commodore
Commodore
‎2021-01-08 18:22

This is true, and I forgot about it, but I fixed that.  Been so long since I created that redirect I had forgotten

0 Likes
Reply
Report Inappropriate Content
jburns80
Commodore
Commodore
‎2021-01-08 20:38

Two things at play that caused our issues:

1.  Can be found here https://www.netiq.com/documentation/identity-manager-48/identity_apps_admin/data/general-issues-troubleshooting.html#t4aq2qin70e0

2.  The ism.configuration.properties file had a bunch of extra slashes added in many urls and had to be updated to remove those extra slashes.  Just in case anyone else runs into this.

Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.