Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
kzarate Contributor.
Contributor.
2319 views

Unable to log onto UserApp after updating to 4.7.2

I just performed the update from 4.7.1 to 4.7.2 on SLES 12 SP3

Now, immediately after login the following message is displayed on idmdash/#/landing


Error!

An error has occurred while processing your request. Please contact the administrator, or click the refresh button and try again

catalina.out shows the following...

2019-02-01 09:38:04,621 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-7) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,626 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-5) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,671 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-1) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,697 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-3) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,733 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-10) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,759 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-2) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:05,651 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-6) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:05,721 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-9) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:05,745 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-4) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:06,655 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-1) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,653 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-3) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,679 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-8) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,700 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-7) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,719 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-6) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,744 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-9) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,768 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-10) [RBPM] An error occurred while attempting to authenticate.

I verified the CA is in the osp.jsk store.
Labels (1)
0 Likes
18 Replies
Knowledge Partner
Knowledge Partner

Re: Unable to log onto UserApp after updating to 4.7.2

kzarate;2494697 wrote:
I just performed the update from 4.7.1 to 4.7.2 on SLES 12 SP3

Now, immediately after login the following message is displayed on idmdash/#/landing


Error!

An error has occurred while processing your request. Please contact the administrator, or click the refresh button and try again

catalina.out shows the following...

2019-02-01 09:38:04,621 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-7) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,626 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-5) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,671 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-1) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,697 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-3) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,733 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-10) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:04,759 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-2) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:05,651 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-6) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:05,721 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-9) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:05,745 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-4) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:06,655 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-1) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,653 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-3) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,679 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-8) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,700 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-7) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,719 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-6) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,744 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-9) [RBPM] An error occurred while attempting to authenticate.
2019-02-01 09:38:07,768 ERROR [com.netiq.idm.auth.oauth.OAuthRestFilter] (ajp-nio-8009-exec-10) [RBPM] An error occurred while attempting to authenticate.

I verified the CA is in the osp.jsk store.


Check all of your certs in all of the various keystores, not just the osp.jsk one. They all need to be correct.

Also check to see if you're getting LDAP errors (ndstrace +time +tags +ldap), which may help indicate which thing is b0rked here.
0 Likes
Nihii Respected Contributor.
Respected Contributor.

Re: Unable to log onto UserApp after updating to 4.7.2

We have the same problem with 4.7.2 version, but when you authenticate session through IDMProv, Following page will redirect to IDMDash when you click the link

The page cannot be found.

The User Application interface is discontinued. Click this link to access the new user interface.



Thanks
Nihith
0 Likes
tomgreene Contributor.
Contributor.

Re: Unable to log onto UserApp after updating to 4.7.2

/IDMProv is no longer a Web UI endpoint. It's only for API access now. You need to go to /idmdash now.
0 Likes
kzarate Contributor.
Contributor.

Re: Unable to log onto UserApp after updating to 4.7.2

Hi dgersic, Thank you for the reply!

I tried re-importing the certs for
Identity Vault /opt/netiq/idm/apps/tomcat/conf/idm.jks and /opt/netiq/idm/apps/osp/osp.jks
Is there another one I am forgetting?

Also, this is the result for ndstrace

13:26:38 5E60D700 LDAP: (xxx.xx.xxx.118:37194)(0x0002:0x63) nds_back_search: Search Control OID 2.16.840.1.113730.3.4.2
13:26:38 5E60D700 LDAP: (xxx.xx.xxx.118:37194)(0x0002:0x63) Sending search result entry "cn=uaadmin,o=vault" to connection 0x11c9b500
13:26:38 5E60D700 LDAP: (1xxx.xx.xxx.118:37194)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x11c9b500
13:26:38 3A9E8700 LDAP: (xxx.xx.xxx.118:37194)(0x0003:0x63) DoSearch on connection 0x11c9b500
13:26:38 3A9E8700 LDAP: (xxx.xx.xxx.118:37194)(0x0003:0x63) Search request:
base: "o=services"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectClass=User)(|(cn=uaadmin)(mail=uaadmin)))"
attribute: "cn"
attribute: "fullName"
attribute: "givenName"
attribute: "GUID"
attribute: "initials"
attribute: "loginIntruderAttempts"
attribute: "mail"
attribute: "mobile"
attribute: "nrfMemberOf"
attribute: "objectClass"
attribute: "sn"
attribute: "srvprvPreferredLocale"
13:26:38 3A9E8700 LDAP: (xxx.xx.xxx.118:37194)(0x0003:0x63) nds_back_search: Search Control OID 2.16.840.1.113730.3.4.2
13:26:38 3A9E8700 LDAP: (xxx.xx.xxx.118:37194)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x11c9b500
13:26:38 9CFEB700 LDAP: New TLS connection 0x1f7af180 from xxx.xx.xxx.118:37196, monitor = 0x9dffb700, index = 2
13:26:38 9DFFB700 LDAP: Monitor 0x9dffb700 initiating TLS handshake on connection 0x1f7af180
13:26:38 5E80F700 LDAP: (xxx.xx.xxx.118:37196)(0x0000:0x00) DoTLSHandshake on connection 0x1f7af180
13:26:38 5E80F700 LDAP: BIO ctrl called with unknown cmd 7
13:26:38 5E80F700 LDAP: (xxx.xx.xxx..118:37196)(0x0000:0x00) Completed TLS handshake on connection 0x1f7af180
13:26:38 58300700 LDAP: (xxx.xx.xxx.118:37196)(0x0001:0x60) DoBind on connection 0x1f7af180
13:26:38 58300700 LDAP: (xxx.xx.xxx.118:37196)(0x0001:0x60) Bind name:cn=uaadmin,o=vault, version:3, authentication:simple
13:26:38 58300700 LDAP: (xxx.xx.xxx.118:37196)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x1f7af180
13:26:38 9CFEB700 LDAP: New TLS connection 0x1f7aee00 from xxx.xx.xxx.8:48684, monitor = 0x9dffb700, index = 3
13:26:38 9DFFB700 LDAP: Monitor 0x9dffb700 initiating TLS handshake on connection 0x1f7aee00
13:26:38 58300700 LDAP: (xxx.xx.xxx.8:48684)(0x0000:0x00) DoTLSHandshake on connection 0x1f7aee00
13:26:38 58300700 LDAP: BIO ctrl called with unknown cmd 7
13:26:38 58300700 LDAP: (xxx.xx.xxx.8:48684)(0x0000:0x00) Completed TLS handshake on connection 0x1f7aee00
0 Likes
mprikril
Visitor.

Re: Unable to log onto UserApp after updating to 4.7.2

Hi,
same problem here, must be a SP2 UserApp bug. I think the problem is that (i got that error only if i go to the IDMProv Page):

2019-01-30 17:53:28,256 ERROR [com.netiq.idm.auth.oauth.OAuthServlet] (https-jsse-nio-8543-exec-5) [RBPM] An error occurred while attempting to contact the authentication service.
com.novell.common.auth.ValidationException: internal.atlaslite.jcce.oauth2.discovery.WrongIssuerException: Invalid issuer. Expected: 'https://idm-app.xxx.at:443/osp/a/idm/auth/oauth2; actual: 'https://lvidgcisp02.xxx.at/osp/a/idm/auth/oauth2'.
at com.netiq.idm.auth.oauth.OAuthServlet.handleAuthorizationResponse(OAuthServlet.java:187)

If i change the configuration from "idm-app" to hostname "lvidgcisp02" the UserApp works again. Before SP2 the UserApp answers with the correct configured name "idm-app". I will open an SR.

Regards Martin
0 Likes
tomgreene Contributor.
Contributor.

Re: Unable to log onto UserApp after updating to 4.7.2

mprikril;2494759 wrote:
Hi,
same problem here, must be a SP2 UserApp bug. I think the problem is that (i got that error only if i go to the IDMProv Page):

2019-01-30 17:53:28,256 ERROR [com.netiq.idm.auth.oauth.OAuthServlet] (https-jsse-nio-8543-exec-5) [RBPM] An error occurred while attempting to contact the authentication service.
com.novell.common.auth.ValidationException: internal.atlaslite.jcce.oauth2.discovery.WrongIssuerException: Invalid issuer. Expected: 'https://idm-app.xxx.at:443/osp/a/idm/auth/oauth2; actual: 'https://lvidgcisp02.xxx.at/osp/a/idm/auth/oauth2'.
at com.netiq.idm.auth.oauth.OAuthServlet.handleAuthorizationResponse(OAuthServlet.java:187)

If i change the configuration from "idm-app" to hostname "lvidgcisp02" the UserApp works again. Before SP2 the UserApp answers with the correct configured name "idm-app". I will open an SR.

Regards Martin


This is actually a change in java. You must have the certificate match the URL you are using. It's probably best to add an entry and make the certificate to a SAN certificate. You can disable checking on this but you are just "hiding" the underlying issue more or less.

You'd add this to the setenv.sh file in /tomcat/bin/

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
Micro Focus Expert
Micro Focus Expert

Re: Unable to log onto UserApp after updating to 4.7.2

On 2019-02-04 08:36, mprikril wrote:
> Invalid
> issuer. Expected: 'https://idm-app.xxx.at:443/osp/a/idm/auth/oauth2;
> actual: 'https://lvidgcisp02.xxx.at/osp/a/idm/auth/oauth2'.


Which oauth URLs (*.url properties) have you configured in
ism-configuration.properties? Do they all have idm-app.xxx.at in them?
Also be sure to remove the 443 port number.

--
Norbert
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Unable to log onto UserApp after updating to 4.7.2

Here is some further information on this issue.
This issue only happens when you are using Apache.

In IDM 4.7.2 there was a code change that compares the OSP metata issuer URL with the OSP configuration in the ism-configuration.properties file.
If those are different then the resulting login, as described in this discussion, occurs.

The original creator of this thread had a port difference. The OSP metadata issuer URL showed no port (443) and the ism-configuration.properties file had a port of 443.
Remove the port from the properties file and we are able to login.

The configupdate utility can not be used in this case because the port number is not configurable. During installation the OSP Issuer URL and port are configured and not changeable through the utility. You will need to update the ism-configuration.properties file directly.

ism-configuration properties file by default is located in the /opt/netiq/idm/apps/tomcat/conf directory.
The line in the file is: com.netiq.idm.osp.url.host
You can look at the OSP meta data by using a browser and point the URL to: https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration
0 Likes
pieperen Absent Member.
Absent Member.

Re: Unable to log onto UserApp after updating to 4.7.2

We encountered the same issue after upgrade to 4.7.2
In our case the problem was we used a certificate with valid certificate chain where in debugging we noticed the error: Could not determine revocation status.

After searching some bugs on OpenJDK I found the option : -Dcom.sun.security.enableCRLDP=true
This option is not enable by default.

We added this option to setenv.sh in de CATALINA_OPTS.
After restarting, we could login.

I hope this is the same issue you are having.

Kind Regards

Peter van Ieperen
jrmhscht Super Contributor.
Super Contributor.

Re: Unable to log onto UserApp after updating to 4.7.2

I had this same issue with a digicert certificate on our load balancer when upgrading to SP2. -Dcom.sun.security.enableCRLDP=true worked for me as well. Thanks!
0 Likes
mjuricek1 Absent Member.
Absent Member.

Re: Unable to log onto UserApp after updating to 4.7.2

Hello,

I have the same issue at my customer. We have no problem in test environment but from any reason, the https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration is showing Issuer URL with the server name and not with DNS name.
We do not have this issue in test. In production yes and I am not able to find out why.

Can you help me?

Regards,
Milan

mlabit;2495047 wrote:
Here is some further information on this issue.
This issue only happens when you are using Apache.

In IDM 4.7.2 there was a code change that compares the OSP metata issuer URL with the OSP configuration in the ism-configuration.properties file.
If those are different then the resulting login, as described in this discussion, occurs.

The original creator of this thread had a port difference. The OSP metadata issuer URL showed no port (443) and the ism-configuration.properties file had a port of 443.
Remove the port from the properties file and we are able to login.

The configupdate utility can not be used in this case because the port number is not configurable. During installation the OSP Issuer URL and port are configured and not changeable through the utility. You will need to update the ism-configuration.properties file directly.

ism-configuration properties file by default is located in the /opt/netiq/idm/apps/tomcat/conf directory.
The line in the file is: com.netiq.idm.osp.url.host
You can look at the OSP meta data by using a browser and point the URL to: https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Unable to log onto UserApp after updating to 4.7.2

On 3/7/19 10:24 AM, mjuricek wrote:
>
> Hello,
>
> I have the same issue at my customer. We have no problem in test
> environment but from any reason, the
> https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration
> is showing Issuer URL with the server name and not with DNS name.
> We do not have this issue in test. In production yes and I am not able
> to find out why.
>
> Can you help me?
>
> Regards,
> Milan
>
> mlabit;2495047 Wrote:
>> Here is some further information on this issue.
>> This issue only happens when you are using Apache.
>>
>> In IDM 4.7.2 there was a code change that compares the OSP metata issuer
>> URL with the OSP configuration in the ism-configuration.properties
>> file.
>> If those are different then the resulting login, as described in this
>> discussion, occurs.
>>
>> The original creator of this thread had a port difference. The OSP
>> metadata issuer URL showed no port (443) and the
>> ism-configuration.properties file had a port of 443.
>> Remove the port from the properties file and we are able to login.
>>
>> The configupdate utility can not be used in this case because the port
>> number is not configurable. During installation the OSP Issuer URL and
>> port are configured and not changeable through the utility. You will
>> need to update the ism-configuration.properties file directly.
>>
>> ism-configuration properties file by default is located in the
>> /opt/netiq/idm/apps/tomcat/conf directory.
>> The line in the file is: com.netiq.idm.osp.url.host
>> You can look at the OSP meta data by using a browser and point the URL
>> to:
>> https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration

>
>

Greetings,
This is happening as result of the some of the frameworks that are
being utilized within OSP. They are resolving the IP and finding a DNS
name that appears to not match what you have set. You can generally
add host entries or fix the entries in DNS.

mprikril updated this thread earlier today that they added hosts entries
to resolve this.



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
mjuricek1 Absent Member.
Absent Member.

Re: Unable to log onto UserApp after updating to 4.7.2

Hello,
Not really, I set everything properly. Our DNS name is set as alias. Hostname of the windows server is name of the machine and it is, of course, different than DNS name. I think, we just discovered a bug in OSP.

This is an answer from Micro Focus support:

"
We believe that the issue occurs because OSP uses the longer dnsname it resolves.
In your case the server name is longer than the alias name.
We have also confirmed that authentication using OSP 6.22 and Identity Apps 4.7.1 works if the “wrong” issuer is returned / used, however after the upgrade to OSP 6.3.1 and Identity Apps 4.7.2 authentication starts to fail.


"

This also explains why all is working in test environment. The alias is userapp-test.xxx.yyy which is few characters longer than the server name. In the production, the server name is one character longer.

stevewdj;2496485 wrote:
On 3/7/19 10:24 AM, mjuricek wrote:
>
> Hello,
>
> I have the same issue at my customer. We have no problem in test
> environment but from any reason, the
> https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration
> is showing Issuer URL with the server name and not with DNS name.
> We do not have this issue in test. In production yes and I am not able
> to find out why.
>
> Can you help me?
>
> Regards,
> Milan
>
> mlabit;2495047 Wrote:
>> Here is some further information on this issue.
>> This issue only happens when you are using Apache.
>>
>> In IDM 4.7.2 there was a code change that compares the OSP metata issuer
>> URL with the OSP configuration in the ism-configuration.properties
>> file.
>> If those are different then the resulting login, as described in this
>> discussion, occurs.
>>
>> The original creator of this thread had a port difference. The OSP
>> metadata issuer URL showed no port (443) and the
>> ism-configuration.properties file had a port of 443.
>> Remove the port from the properties file and we are able to login.
>>
>> The configupdate utility can not be used in this case because the port
>> number is not configurable. During installation the OSP Issuer URL and
>> port are configured and not changeable through the utility. You will
>> need to update the ism-configuration.properties file directly.
>>
>> ism-configuration properties file by default is located in the
>> /opt/netiq/idm/apps/tomcat/conf directory.
>> The line in the file is: com.netiq.idm.osp.url.host
>> You can look at the OSP meta data by using a browser and point the URL
>> to:
>> https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration

>
>

Greetings,
This is happening as result of the some of the frameworks that are
being utilized within OSP. They are resolving the IP and finding a DNS
name that appears to not match what you have set. You can generally
add host entries or fix the entries in DNS.

mprikril updated this thread earlier today that they added hosts entries
to resolve this.



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Unable to log onto UserApp after updating to 4.7.2

On 3/18/19 4:34 AM, mjuricek wrote:
>
> Hello,
> Not really, I set everything properly. Our DNS name is set as alias.
> Hostname of the windows server is name of the machine and it is, of
> course, different than DNS name. I think, we just discovered a bug in
> OSP.
>
> This is an answer from Micro Focus support:
>
> "
> -We believe that the issue occurs because OSP uses the longer dnsname it
> resolves.
> In your case the server name is longer than the alias name.
> We have also confirmed that authentication using OSP 6.22 and Identity
> Apps 4.7.1 works if the �wrong� issuer is returned / used, however after
> the upgrade to OSP 6.3.1 and Identity Apps 4.7.2 authentication starts
> to fail.-
>
> "
>
> This also explains why all is working in test environment. The alias is
> userapp-test.xxx.yyy which is few characters longer than the server
> name. In the production, the server name is one character longer.
>
> stevewdj;2496485 Wrote:
>> On 3/7/19 10:24 AM, mjuricek wrote:
>>>
>>> Hello,
>>>
>>> I have the same issue at my customer. We have no problem in test
>>> environment but from any reason, the
>>>

>> https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration
>>> is showing Issuer URL with the server name and not with DNS name.
>>> We do not have this issue in test. In production yes and I am not

>> able
>>> to find out why.
>>>
>>> Can you help me?
>>>
>>> Regards,
>>> Milan
>>>
>>> mlabit;2495047 Wrote:
>>>> Here is some further information on this issue.
>>>> This issue only happens when you are using Apache.
>>>>
>>>> In IDM 4.7.2 there was a code change that compares the OSP metata

>> issuer
>>>> URL with the OSP configuration in the ism-configuration.properties
>>>> file.
>>>> If those are different then the resulting login, as described in

>> this
>>>> discussion, occurs.
>>>>
>>>> The original creator of this thread had a port difference. The OSP
>>>> metadata issuer URL showed no port (443) and the
>>>> ism-configuration.properties file had a port of 443.
>>>> Remove the port from the properties file and we are able to login.
>>>>
>>>> The configupdate utility can not be used in this case because the

>> port
>>>> number is not configurable. During installation the OSP Issuer URL

>> and
>>>> port are configured and not changeable through the utility. You

>> will
>>>> need to update the ism-configuration.properties file directly.
>>>>
>>>> ism-configuration properties file by default is located in the
>>>> /opt/netiq/idm/apps/tomcat/conf directory.
>>>> The line in the file is: com.netiq.idm.osp.url.host
>>>> You can look at the OSP meta data by using a browser and point the

>> URL
>>>> to:
>>>>

>> https://<hostOrIP>:<OSP_PORT/osp/a/idm/auth/oauth2/.well-known/openid-configuration
>>>
>>>

>> Greetings,
>> This is happening as result of the some of the frameworks that are
>> being utilized within OSP. They are resolving the IP and finding a DNS
>> name that appears to not match what you have set. You can generally
>> add host entries or fix the entries in DNS.
>>
>> mprikril updated this thread earlier today that they added hosts
>> entries
>> to resolve this.
>>
>>
>>
>> --
>> Sincerely,
>> Steven Williams
>> Principal Enterprise Architect
>> Micro Focus

>
>

Greetings,
Yes, I am working with Support. There are a couple of factors at
play as I outlined in my last post.

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.