jdipietrantonio Absent Member.
Absent Member.
1849 views

Timeout message on first UserApplication login

Hello everyone

I'm having an issue with the UserApplication (4.6.2), when i try to login i get this message:

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Fault>
<Code>
<Value>Sender</Value>
<Subcode>
<Value>Expired</Value>
</Subcode>
</Code>
<Reason>
<Text>
Login session has timed out. Log in to the application again.
</Text>
</Reason>
</Fault>


But, when we enter again to http://MYPORTALIP:8080/IDMProv this error dissapears

Also, on the catalina.out we can see the following errors:

  7017:2018-01-18 09:41:49,591 [ERROR] OAuthServlet [RBPM] Login session has timed out. Log in to the application again.
7018:com.novell.common.auth.ValidationException
7019: at com.netiq.idm.auth.oauth.OAuthServlet.handleAuthorizationResponse(OAuthServlet.java:176)
7020: at com.netiq.idm.auth.oauth.OAuthServlet.doGet(OAuthServlet.java:70)
7021: at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
7022: at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
7023: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
7024: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7025: at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
7026: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
7027: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7028: at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)
7029: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
7030: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7031: at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)
7032: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
7033: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7034: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
7035: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
7036: at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
7037: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
7038: at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
7039: at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
7040: at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
7041: at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
7042: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
7043: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
7044: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
7045: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
7046: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
7047: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
7048: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
7049: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
7050: at java.lang.Thread.run(Thread.java:748)


The portal is an Identity Applications 4.6.2, Tomcat 8.5.23, Java 1.8 Update 152 connected to a Identity Manager 4.6.2 Server with eDirectory 9.0.4

Someone knows what is wrong? Could it be an OAuth issue or bug?

Thanks in advance.
Labels (1)
0 Likes
14 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Timeout message on first UserApplication login

Jdipietrantonio,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Knowledge Partner
Knowledge Partner

Re: Timeout message on first UserApplication login

jdipietrantonio;2473797 wrote:
Hello everyone

I'm having an issue with the UserApplication (4.6.2), when i try to login i get this message:

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Fault>
<Code>
<Value>Sender</Value>
<Subcode>
<Value>Expired</Value>
</Subcode>
</Code>
<Reason>
<Text>
Login session has timed out. Log in to the application again.
</Text>
</Reason>
</Fault>


But, when we enter again to http://MYPORTALIP:8080/IDMProv this error dissapears

Also, on the catalina.out we can see the following errors:

  7017:2018-01-18 09:41:49,591 [ERROR] OAuthServlet [RBPM] Login session has timed out. Log in to the application again.
7018:com.novell.common.auth.ValidationException
7019: at com.netiq.idm.auth.oauth.OAuthServlet.handleAuthorizationResponse(OAuthServlet.java:176)
7020: at com.netiq.idm.auth.oauth.OAuthServlet.doGet(OAuthServlet.java:70)
7021: at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
7022: at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
7023: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
7024: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7025: at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
7026: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
7027: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7028: at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)
7029: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
7030: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7031: at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)
7032: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
7033: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
7034: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
7035: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
7036: at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
7037: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
7038: at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
7039: at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
7040: at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
7041: at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
7042: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
7043: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
7044: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
7045: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
7046: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
7047: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
7048: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
7049: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
7050: at java.lang.Thread.run(Thread.java:748)


The portal is an Identity Applications 4.6.2, Tomcat 8.5.23, Java 1.8 Update 152 connected to a Identity Manager 4.6.2 Server with eDirectory 9.0.4

Someone knows what is wrong? Could it be an OAuth issue or bug?

Thanks in advance.


You get this particular error if you're using IE as the web browser (Firefox and Chrome you get a different error) and if the redirect URLs in configupdate.sh are missing the port. So if you have https://login.foo.com/idmdash/oauth.html in there, it should be https://login.foo.com:443/idmdash/oauth.html (you must include the port number).

But only with IE. Why IE presents an entirely different error message, both to the user, and in catalina.out, I don't know.

Found this question while looking for this very same error, and saw it wasn't answered, so even though it's old, at least this way anybody searching for this will find the answer next time.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Timeout message on first UserApplication login

Thanks for the update.
Good info.
0 Likes
c-pkalla Absent Member.
Absent Member.

Re: Timeout message on first UserApplication login

0 Likes
Knowledge Partner
Knowledge Partner

Re: Timeout message on first UserApplication login

On 12/18/2018 10:26 AM, c-pkalla wrote:
>
> Below URL's changed in configupdate-> outh redirect Urls. Should I
> change all of them or only few?
>
> https://www.localhost:443/landing/com.netiq.ualanding.index/oauth.html
> https://www.localhost:443/dash/com.netiq.uadash.index/oauth.html
> https://www.localhost:443/idmdash/oauth.html
> https://www.localhost:443/IDMProv/oauth
> https://www.localhost:443/IDMRPT/oauth.html
> https://www.localhost:443/rra/com.netiq.rra.index/oauth.html
> https://www.localhost:443/sspr/public/oauth
>
> Still having an issue. How do you resolve this issue. IDM 4.6.3, OSP
> 6.2.1,


Hey KP
Short answer - your issue is that OSP is following the standard that is
super duper sensitive to EXACTLY what the browsers URL bar says.

So https://host:443/ is NOT the same as https://host/ even though HTTPS
is always on 443, and worst, all browsers, if you type https://host:443/
it will rewrite it against your will to https://host/ cuz the browser
knows!

Ok, so no problem, then in configupdate.sh you think you can just simply
put https://host/ and be done right?

Except it validates and says, YOU NEED A PORT! And you cannot save
without a port value.

So what we usually do is define it as 443, and then save, and then edit
the file and remove the :443 and then restart and it works.

But next time you open configupdate.sh it will complain till you put 443
back in.


0 Likes
gtejo1 Absent Member.
Absent Member.

Re: Timeout message on first UserApplication login

I recently updated the IDM to the 4.7 version. When i try to open a running task in the UserApplication i get exactly the same error. Im using OSP in the port 8543. I tried the solution that geoffc proposed, i removed from the ism-configuration-properties file the port from all the "OSP Oauth redirect url" field. Now no url have the the port, but when i try to access to the UserApplication in the IE browser cant load the page. In Chrome is working fine, like nothing happend. Can i anyome give a hand?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Timeout message on first UserApplication login

On 4/9/2019 12:14 PM, gtejo wrote:
>
> I recently updated the IDM to the 4.7 version. When i try to open a
> running task in the UserApplication i get exactly the same error. Im
> using OSP in the port 8543. I tried the solution that geoffc proposed, i
> removed from the ism-configuration-properties file the port from all the
> "OSP Oauth redirect url" field. Now no url have the the port, but when i
> try to access to the UserApplication in the IE browser cant load the
> page. In Chrome is working fine, like nothing happend. Can i anyome give
> a hand?


So be clear, I only said that in the 443 case do you need to remove port
references. For 8543 you MUST have the port references in the
ism-configuration.properties file.

Could you clarify, since your post above seems to contradict itself.

0 Likes
gtejo1 Absent Member.
Absent Member.

Re: Timeout message on first UserApplication login

Yes, the OSP port im using is the 8543. In the configupdate this port is set in the Authentication tab, in the property "OAuth server TCP port" and in all the url of the property "OSP Oauth redirect url" in the SSO client. With this configurations, im having the same error as mentioned above. In chrome work's fine, but in IE im getting this error.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Timeout message on first UserApplication login

On 4/9/2019 1:14 PM, gtejo wrote:
>
> Yes, the OSP port im using is the 8543. In the configupdate this port is
> set in the Authentication tab, in the property "OAuth server TCP port"
> and in all the url of the property "OSP Oauth redirect url" in the SSO
> client. With this configurations, im having the same error as mentioned
> above. In chrome work's fine, but in IE im getting this error.


Get a tool like SAML Tracer, or something that will show each HTTP
request in sequence, and decode them (Different than apacket trace) for
IE, and then lets see where it is 'going and doing' and then do the same
in Chrome and compare.

0 Likes
gtejo1 Absent Member.
Absent Member.

Re: Timeout message on first UserApplication login

IE Explorer is not doing any kind of traffic when i try to access the task, on the contrary, chrome does it
0 Likes
Knowledge Partner
Knowledge Partner

Re: Timeout message on first UserApplication login

On 4/9/2019 2:34 PM, gtejo wrote:
>
> IE Explorer is not doing any kind of traffic when i try to access the
> task, on the contrary, chrome does it


How do you tell? Have you ever watched alogin in something like SAML
Tracer?

I highly recommend it as you can see how you hit one URL, then get
redirected, reirected, SMAL assert, SAML response, redirect to Oauth,
redirect, redirect, and finally hit the IDApps page you started trying
to get to.

(SAML Tracer happens to do SAML nicely but also shows everything else of
interest. I find Fiddler harder to use.)


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.