Forum Replies Created

Viewing 15 posts - 1 through 15 (of 19 total)
  • Author
    Posts
  • #13724
     manasvi
    Participant

    Yes it redirects to login page and after successful login I redirect it to OAuth2Proxy.jsp with params ‘state'(containing state sent by openam) and ‘code'(containing access token) which redirects to http://openam.example.com:8080/openam/json/authenticate?realm=/ . In the response I get {“code”:500,”reason”:”Internal Server Error”,”message”:”Authentication Error!!”}. Also, iPlanetDirectoryPro is not set in cookies but JSessionId and NTID are set in the cookie.

    • This reply was modified 6 years, 1 month ago by manasvi.
    #13722
     manasvi
    Participant

    After successful login from my app, openam redirects to /OAuth2Proxy.jsp which redirects to http://openam.example.com:8080/openam/json/authenticate?realm=/ with following parameters:
    {
    “authId”: “eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAiYXV0aEluZGV4VmFsdWUiO”,
    “authIndexType”: “module”,
    “authIndexValue”: “django-auth”,
    “code”: “VOZhiY6jmtJu998VjKvrDJiA4qPwHD”,
    “realm”: “/”,
    “state”:”t3q4sut98k45k387b2eu8y0dcwvboo7″,
    “sessionUpgradeSSOTokenId”: “AQIC5wM2LY4SfczjQdDzQUo21Ima..*”
    }
    And in the response I get {“code”:500,”reason”:”Internal Server Error”,”message”:”Authentication Error!!”}

    Also, iPlanetDirectoryPro is not set in cookies but JSessionId and NTID are set in the cookie.

    #13720
     manasvi
    Participant

    @jang2212 @tejansh any help?

    #13711
     manasvi
    Participant

    Thanks, that was helpful.
    @jang2212 @tejansh

    Please help me with my case.

    I have my app which uses internal oAuth module to grant access_token on successful login.

    Now I create an openam module with endpoints of my app to access its oAuth, and if account details are matched proxy oAuthProxy.jsp hits /json/authenticate/ to authenticate but this gives a 401 error.

    Now, when I try to use openam rest API(json/authenticate?authIndexType=module&authIndexValue=mymodule) from my app to authenticate the user, it always gives a response even when the user does not exist in OpenAM directory:
    {‘stage’: ‘OAuth2’, ‘callbacks’: [{‘output’: [{‘name’: ‘redirectUrl’, ‘value’: ‘http://localhost/login?client_id=1sdXXXXkx&scope=email&redirect_uri=http://openam.example.com:8080/openam/oauth2c/OAuthProxy.jsp&response_type=code&state=41XXXX2rt0j’}, {‘name’: ‘redirectMethod’, ‘value’: ‘GET’}, {‘name’: ‘trackingCookie’, ‘value’: True}], ‘type’: ‘RedirectCallback’}], ‘authId’: ‘eyAiXXX5w62Jd6o4U’, ‘header’: ‘Authentication’, ‘template’: ”}

    Am I doing anything wrong? If not how shall I proceed. Please help

    • This reply was modified 6 years, 1 month ago by manasvi.
    #13700
     manasvi
    Participant

    @jang2212 I could not get your point, do I need to set it on my oAuth service provider app or on OpenAM side. And if it is openAM side, there is no option in module settings to set the cookie.

    #13699
     manasvi
    Participant

    @vincent-mirzaiansolucom-fr the user does not exists in OpenAM repository. But I have enabled “Create account if it does not exist” in module settings.

    Also, I tried the two processes you told me and it’s still not working.

    #13694
     manasvi
    Participant

    @jang2212 were you able to solve this issue?

    I am stuck at the same point as you are (ERROR: OAuth.process(): Authorization call-back failed because there was no state parameter).

    And also I get 401 Unauthenticated when I am redirected to http://openam.example.com:8080/openam/json/authenticate?realm=/ after login URL success. But when I hit this URL with curl request and same parameters I get proper response.

    Can you please help.

    #13692
     manasvi
    Participant

    Thanks for replying.

    These are the settings I have made:

    Authentication End Point: http://djangoserver.com/login (Get request to open login window)
    Access Token Endpoint URL: http://djangoserver.com/login (POST request which returns code= access_token from django server)
    User Profile Service URL: http://djangoserver.com/get-profile (which will fetch user details based on code)
    Scope: email
    OAuth2 Access Token Profile Service Parameter name: access_token

    Proxy URL: http://openam.example.com:8080/openam/oauth2c/OAuthProxy.jsp

    Account Provider: org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider
    Account Mapper Configuration: email=mail

    #13690
     manasvi
    Participant

    @vincent-mirzaiansolucom-fr this is not Facebook authentication but oAuth authentication with my Django project (which uses django-oauth2)

    #13688
     manasvi
    Participant

    Hi,

    So, I was able to solve the above issue for my third party Authentication, but another hurdle comes.

    When I get the login page of my third party Authentication, I enter my details and login. It runs successfully.

    But then OpenAM runs internal APIs which is throwing 401 unauthenticated. Here are the things that is causing error:

    1. http://openam.example.com:8080/openam/XUI/locales/en-US/translation.json?v=13.0.0 is 404 not found. What to do with this?

    2. http://openam.example.com:8080/openam/json/authenticate?realm=/ is 401 Unauthorized. But when I hit the same API with same parameters through curl request I get proper response.

    3. http://openam.example.com:8080/openam/json/serverinfo/version is 403 Forbidden

    In logs, I get “errorCod=’107′, resProperty=’Authentication Failed|login_failed_template.jsp”

    Please help.

    #13679
     manasvi
    Participant

    Here is the error when I enabled debug.

    Error while retrieving SSOToken for login failure: Authentication Error!!|auth_error_template.jsp

    errorCod=’102′, resProperty=’Authentication Error!!|auth_error_template.jsp’

    Error Message : Authentication Error!!

    @peter-major @rarondini @vincent-mirzaiansolucom-fr any help would be appreciated.

    #13646
     manasvi
    Participant

    @peter-major

    I am now working on OpenAM v13.0 and able to authenticate via Facebook, but for my third party login APIs I get Authentication Error when I try to hit http://openam.example.com:8080/openam/XUI/#login/&module=my-auth. And in the debug, I get this error:

    Although I have properly configured my end point URLs.

    amAuth:10/12/2016 01:14:02:099 PM IST: Thread[http-bio-8080-exec-2,5,main]: TransactionId[cbf91dac-c78f-4941-8702-a492e2cc0ff2-223]
    ERROR: The crypto context value string, null is not in valid URL format: java.net.MalformedURLException
    java.net.MalformedURLException

    Thanks

    • This reply was modified 6 years, 1 month ago by manasvi.
    #13511
     manasvi
    Participant

    @Bill now that thing is working fine. I re-installed OpenDJ (because I wrote few commands to create an ou which might have caused some issues).

    Thanks for your valuable time and your help.

    #13503
     manasvi
    Participant

    @Bill the issue still persists. the suffix was created successfully, but still getting error suffix does not exists

    #13468
     manasvi
    Participant

    Hi Bill,

    Thanks for replying.

    As of now my database in OpenDJ is empty with base-dn=”dc=example,dc=com” and it doesn’t have any child nodes. When I was working on OpenAM 10, I didn’t get that error. Also, I don’t have much idea about how this works so can you please share any link where I can learn to add container beneath this.
    Here is the log of OpenDJ:

    [04/Oct/2016:18:36:09 +0530] SEARCH REQ conn=4 op=2589 msgID=2590 base=”ou=people,dc=example,dc=com” scope=sub filter=”(&(|(uid=facebook-11XXXXXXXXXXXX20))(&(uid=*)(objectclass=inetorgperson)))” attrs=”uid”
    [04/Oct/2016:18:36:09 +0530] SEARCH RES conn=4 op=2589 msgID=2590 result=32 message=”The entry ou=people,dc=hdfc,dc=com specified as the search base does not exist in the Directory Server” nentries=0 etime=0
    [04/Oct/2016:18:36:09 +0530] ADD REQ conn=4 op=2590 msgID=2591 dn=”uid=facebook-11XXXXXXXXXXXX20,ou=people,dc=example,dc=com”
    [04/Oct/2016:18:36:09 +0530] ADD RES conn=4 op=2590 msgID=2591 result=32 message=”The provided entry uid=facebook-11XXXXXXXXXXXX20,ou=people,dc=example,dc=com cannot be added because its suffix is not defined as one of the suffixes within the Directory Server” etime=0

    Thanks

Viewing 15 posts - 1 through 15 (of 19 total)