jaydeepmehta15 Frequent Contributor.
Frequent Contributor.
366 views

The requested OAuth2 application was not recognized.

Jump to solution

I installed NetIQ Common Applications ( tomcat, postgre, osp, sspr)  in Windows Server 2016  environment. 

I am getting below error in SSPR

 

Error: The requested service may have been disabled or not configured properly. Please contact your system administrator. (The requested OAuth2 application was not recognized.)

 

I guess I need to run configupdate.bat to configure Oauth Settings. I am not sure from which location to run same. I find it in sspr bin as well osp bin. And, please explain differences in utility located in this location.

 

C:\NetIQ\idm\apps\sspr\bin

C:\NetIQ\idm\apps\osp\bin

Request your help here

 

Also please help with the settings to be filled in there.

Is it

Client ID : sspr 

Client secret user friendly secret

Redirect URL :: Please help 

Running the util gives File Not Found before prompting for GUI configuration console, Am I missing something or can ignore same.

 

Also, it does not allow to save settings, without filling all details for other Identity Applications. So please provide those as well.

 

Please explain what to enter in settings of other applications. Specifically Redirect URLs 

 

 

 

 

 

 

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Knowledge Partner
Knowledge Partner

Re: The requested OAuth2 application was not recognized.

Jump to solution

I think you posted about User App not loading and this makes me think the answer there is the answer here as well.

 

1) Make sure the URL defined in ism-configuration.properties file matches exactly what is in your URL. If using 443, then in configupdate.sh enter 443, then edit the file after youo save and remove the :443 from the lines with it.

2) Enable osp logging. Edit /opt/netiq/idm/apps/tomcat/bin/setenv.sh last line has a log level set to WARN and set it to ALL for now. (It will slow it down and eat disk space so turn back to WARN when done).

 

View solution in original post

5 Replies
jaydeepmehta15 Frequent Contributor.
Frequent Contributor.

Re: The requested OAuth2 application was not recognized.

Jump to solution
0 Likes
Knowledge Partner
Knowledge Partner

Re: The requested OAuth2 application was not recognized.

Jump to solution

I think you posted about User App not loading and this makes me think the answer there is the answer here as well.

 

1) Make sure the URL defined in ism-configuration.properties file matches exactly what is in your URL. If using 443, then in configupdate.sh enter 443, then edit the file after youo save and remove the :443 from the lines with it.

2) Enable osp logging. Edit /opt/netiq/idm/apps/tomcat/bin/setenv.sh last line has a log level set to WARN and set it to ALL for now. (It will slow it down and eat disk space so turn back to WARN when done).

 

View solution in original post

jaydeepmehta15 Frequent Contributor.
Frequent Contributor.

Re: The requested OAuth2 application was not recognized.

Jump to solution

Thank you for update.

 

This is my ism-configuration.properties file

 

com.netiq.idm.osp.ldap.admin-dn = cn=admin,o=org
com.netiq.idm.osp.ldap.admin-pwd._attr_obscurity = ENCRYPT
com.netiq.idm.osp.ldap.admin-pwd = HET3SdlXGy0Y+uPw8s3LQw==:AT9yD/t3Z2gB8hIkYuFN3g==:2q9nn8Ia3mWF7L/wBDkxBA==
com.netiq.idm.osp.ldap.use-ssl = true
com.netiq.idm.osp.ldap.host = localhost
com.netiq.idm.osp.ldap.port = 636
com.netiq.idm.osp.as.users-container-dn = ou=people,o=org
com.netiq.idm.osp.as.admins-container-dn = ou=admin,cn=people,o=org
com.netiq.idm.osp.as.naming-attr = cn
com.netiq.idm.osp.oauth-key-alias = osp
com.netiq.idm.osp.oauth-key.pwd._attr_obscurity = ENCRYPT
com.netiq.idm.osp.oauth-key.pwd = HTZW5Q8RnDfjIHfrvoqiRg==:k5EcsCa5ksV9RIt1XG16ew==:ZCwkByLsZDK9P9FYxWZRqg==
com.netiq.idm.osp.oauth.accessTokenTTL = 120
com.netiq.idm.osp.oauth.refreshTokenTTL = 2592000
com.netiq.idm.session-timeout = 1200
com.netiq.idm.osp.auth.pwd.expire.show = true
com.netiq.idm.osp.auth.pwd.expire.url =
com.netiq.idm.osp.ssl-keystore.file = C:\\\\netiq\\\\idm\\\\apps\\\\osp\\\\osp.jks
com.netiq.idm.osp.ssl-keystore.pwd._attr_obscurity = ENCRYPT
com.netiq.idm.osp.ssl-keystore.pwd = z4T/rGS4szpbK4uRYdbSpA==:Hvvv6dbiokM5A6lGA7y2Vg==:9Ia3629KYy4pHFTGpPjbJg==
com.netiq.idm.osp.oauth-keystore.file = C:\\\\netiq\\\\idm\\\\apps\\\\osp\\\\osp.jks
com.netiq.idm.osp.oauth-keystore.pwd._attr_obscurity = ENCRYPT
com.netiq.idm.osp.oauth-keystore.pwd = BxMrueeTBZECxggdP4609g==:WaPCBI/uOMWj4dUz+tUH0Q==:/Racq+UL+YbtT4ckHJXdKQ==
com.netiq.idm.osp.url.host = https://localhost:8543
com.netiq.client.authserver.url.authorize = ${com.netiq.idm.osp.url.host}/osp/a/idm/auth/oauth2/grant
com.netiq.client.authserver.url.logout = ${com.netiq.idm.osp.url.host}/osp/a/idm/auth/app/logout
com.netiq.client.authserver.url.token = ${com.netiq.idm.osp.url.host}/osp/a/idm/auth/oauth2/getattributes
com.netiq.idm.osp.localhost-auto-add = true
# Default properties file

 

-----EOF----------

 

 

I guess missing Oauth client settings. Can you please hep with same.

 

Oauth Request by SSPR

 

https://localhost:8543/sspr 

 

https://localhost:8543/osp/a/idm/auth/oauth2/grant?client_id=sspr&response_type=code&state=H4sIAAAAAAAAAAGgAF__UFdNLkdDTTEQv8tztok-qLXT48ImaQW7AZQfEw3B3T3RbEDMFEnbtsXu_ihce744QByG7zv2igEycYILcJUvCKfRPbOqNiJ0Caa6f5nZz_IWOR8QVBPF46o1NNr5tXZtEpM7NELKwlJX51hD0GgwtL8o8Nc2_2tJOZSI9P3KDMl9xeaJsA4-J_zCXHzCwPstUJMFOfQunEj0Xp8fF9yesqC7DzqgAAAA&redirect_uri=https%3A%2F%2Flocalhost%3A8543%2Fsspr%2Fpublic%2Foa...

 

Error: The requested service may have been disabled or not configured properly. Please contact your system administrator. (The requested OAuth2 application was not recognized.)

 

THanks,

Jaydeep Mehta

 

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: The requested OAuth2 application was not recognized.

Jump to solution

Couple of problems I see.

1) You should use a real DNS name, not localhost. 

2) This is because the SSL Certificate needs to have a subject name and Subject Alternate Name that is teh same as the DNS name you use.

3) The public key that signs your SSL certificate (be it all of the CA, Intermediate CA if using a public cert, or the Public key is simply self signed) needs to be in a couple of keystores.

There is an idm.jks in 4.7.x that should have:

  • eDir CA's public key
  • Tomcat certs' public key (Or CA and intermediate CA's that sign it)
  • OSP's public key (Since usually self signed)
  • NAM's Public key (or CA's signing it) if using SAML

For safety I import all these public keys also into the osp.jks and tomcat.jks.  In later OSP versions they are goofing around with this a bit. (IDG and OSP 6.3.3 split the OSP keystore into 4 or so keystores, I am torn if this is a great idea or not yet).

 

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: The requested OAuth2 application was not recognized.

Jump to solution
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.