jaydeepmehta15 Frequent Contributor.
Frequent Contributor.
212 views

User Application throws error after login in with OSP

 
Hi Team,
 
I have set up NetIQ IDM in Windows Server 2016.
 
When I access Identity Applications, I am prompted for credentials by OSP and after authentication, I get redirected to Application, the application throws following error on Browser. On refreshing the application keeps on loading.
 
Error!
An error has occurred while processing your request. Please contact the administrator, or click the refresh button and try again
 
 
 
idapps.out file gives following error
2019-08-06 20:44:58,340 [ERROR] OAuthRestFilter [RBPM] An error occurred while attempting to contact the authentication service.
2019-08-06 20:44:58,353 [ERROR] OAuthRestFilter [RBPM] An error occurred while attempting to contact the authentication service.
 
 
Any help greatly appreciated.
 
Thanks,
Jaydeep Mehta
 
 
 
Labels (1)
0 Likes
3 Replies
pdeneu Super Contributor.
Super Contributor.

Re: User Application throws error after login in with OSP

Hello,

which version of OSP and Identity Applications are you using? 

To which port are the werbservices / tomcat configured?

Regards,

Philipp


--
https://www.lanworks.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: User Application throws error after login in with OSP

So has this ever worked?

If not, check for certificates.

OSP Cert - self signed

Tomcat Cert - usually publicallly signed

eDir tree CA Cert - usually not trusted.

NAM SAML Cert - usually self signed.

 

The osp keystore has the OSP private key.

The Tomcat keystore has the Tomcat private key.

OSP Keystore should tehn get added the public key of the signers/trusted roots of the Tomcat, eDir CA, and NAM certs.

Tomcat keystore should then get added the public key of the signers/trusted roots of the OSP, eDir CA and NAM certs.

Steve says there is a specific pattern that minimizes this, however I find this seems to guarentee everything is trusted.

 

Knowledge Partner
Knowledge Partner

Re: User Application throws error after login in with OSP

This sounds like a broken / not configured RBPM SAML authentication.

In the idapps.out log file, on startup, do you see something like:

2019-09-13 16:06:54,161 [ERROR] OAuthFilter [RBPM] Missing private key for SSO header signature.
2019-09-13 16:06:54,161 [ERROR] OAuthFilter [RBPM] Failed to initialize SSO Filter oauth due to configuration problem.
2019-09-13 16:06:54,164 [ERROR] OAuthRestFilter [RBPM] Missing private key for SSO header signature.
2019-09-13 16:06:54,164 [ERROR] OAuthRestFilter [RBPM] Failed to initialize SSO Filter oauth due to configuration problem.
2019-09-13 16:06:55,017 [WARN] AuthTokenGenerator [RBPM] Failed to initialize SSO: Missing or corrupted SSO filter settings.
2019-09-13 16:06:55,017 [INFO] AuthTokenGenerator [RBPM] SSO Framework is disabled.

If so, run configupdate.sh, enable advanced settings, switch to the SSO Clients tab, and find the RBPM to eDirectory SAML configuration option. Change it to "Auto" and save the change. It will (re)create the objects under the cn=Security container that allows RBPM to do SSO to eDirectory.

You should see something like:

2019-09-16 12:07:38,385 [INFO] OAuthFilter [RBPM] SSO Filter oauth is enabled.
2019-09-16 12:07:38,388 [INFO] OAuthRestFilter [RBPM] SSO Filter oauth is enabled.
2019-09-16 12:07:39,289 [INFO] AuthTokenGenerator [RBPM] SSO Framework is enabled.

if SSO is working.

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.