Knowledge Partner
Knowledge Partner
1044 views

SSPR and IDM 4.5.3

Hello,

All IDM applications work fine after upgrading to 4.5.3 / OSP 6.0.0.2 /
configupdate 4.5.0.2 and the NetIQ Access login page looks modern. Very
nice!

But I must have missed something when it comes to SSPR, when accessing
it I get the following error after logging in:

5071 ERROR_OAUTH_ERROR (unexpected HTTP status code (401))

v3.3.0.2 was installed but I also tried to upgrade to 3.3.1 and I get
the same error as soon as I configure OAuth in SSPR.

From the SSPR.log:

2016-02-01T23:58:13Z, FATAL, servlet.PwmServlet, 5071 ERROR_OAUTH_ERROR
(unexpected HTTP status code (401))
2016-02-01T23:58:13Z, ERROR, http.PwmRequest, {3} 5071 ERROR_OAUTH_ERROR
(unexpected HTTP status code (401)) [192.168.0.18]

Any troubleshooting tips?

Thanks.
0 Likes
6 Replies
tschloesser Outstanding Contributor.
Outstanding Contributor.

Re: SSPR and IDM 4.5.3


+1
just the same here. I was guessing that somehow the configuration of
sspr got compromized, but it seams I do not have any chance to get to
the configuration manager 😞


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55292

0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR and IDM 4.5.3

No, I don't think the SSPR got compromised, the timestamp on the
SSPRConfiguration.xml didn't change before I started troubleshooting.

To get to the config manager just move the SSPRConfiguration.xml from
the tomcat/webapps/sspr/WEB-INF directory to another location and then
you can run the configuration from scratch. In my case it works fine
until I enable OAuth.

I get an interesting error in the OSP log that indicates that the shared
secret is not OK, so I've tried to reset the secret for sspr in both
configupdate and in SSPR to no avail (and I restarted Tomcat after each
attempt):

[OIDP] 2016-02-02T12:31:33.618+0100
Level: TRACE
Code: com.netiq.oidpp.oauth2.handler.RequestHandler.setJsonError() [301]
thread=http-bio-443-exec-4
Message: Err: invalid_request, Sub: invcreds, Desc: Shared secret
mismatch., Code: 401


On 2016-02-02 18:54, tschloesser wrote:
>
> +1
> just the same here. I was guessing that somehow the configuration of
> sspr got compromized, but it seams I do not have any chance to get to
> the configuration manager 😞
>
>

0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: SSPR and IDM 4.5.3


Multiple reports of this:

http://tinyurl.com/jpavvgh


--
-"Also now available in 'G+'
(http://plus.google.com/+BenWalter-Kiwi) and 'Website'
(https://www.isam.kiwi/) format".- 😉
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=55292


Visit my Website for links to Cool Solution articles.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR and IDM 4.5.3

On 2/2/16 6:04 PM, ScorpionSting wrote:
>
> Multiple reports of this:
>
> http://tinyurl.com/jpavvgh
>
>

Greetings Everyone,

OSP 6.0.0.3 has been released

https://dl.netiq.com/Download?buildid=O5ptOLoXiDY~

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR and IDM 4.5.3

That was quick! Will try tomorrow!

-alekz

On 2016-02-04 20:15, Steven Williams wrote:
> On 2/2/16 6:04 PM, ScorpionSting wrote:
>>
>> Multiple reports of this:
>>
>> http://tinyurl.com/jpavvgh
>>
>>

> Greetings Everyone,
>
> OSP 6.0.0.3 has been released
>
> https://dl.netiq.com/Download?buildid=O5ptOLoXiDY~
>

0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR and IDM 4.5.3

Steven Williams wrote:

> OSP 6.0.0.3 has been released
>
> https://dl.netiq.com/Download?buildid=O5ptOLoXiDY~


And fixes SSPR/OSP for me. Great to see such a quick response and fix, Steve!

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.