Authentication fail with Proxy

Home Forums ForgeRock Products Access Management Authentication fail with Proxy

Learn more about our upcoming Identity Summits

Tagged: , , , ,

This topic has 1 reply, 2 voices, and was last updated 5 years, 6 months ago by bthalmayr.

  • Author
    Posts
  • February 2, 2017 at 3:41 pm #15655
     Dafugh
    Participant

    Hello,

    I have a Problem with my Installation on a Oracle VM. It runs with CentOS 7 on localhost.
    I installed OpenDJ as external store successfully and OpenAm on Tomcat 7 with the address openam.example.com. I configured tomcat to use a Proxy Server by putting the command JAVA_OPTS="-DproxySet=true -DproxyHost=***.***.*** -DproxyPort=*** -DnonProxyHosts='*.example.com' $JAVA_OPTS"
    in setenv.sh . I thought that was all to to because in many Websites they say so but it doesn’t seems that way.

    If i set the debug level for Authentication in Debug.jsp at the highest level I get this:
    http://pastebin.com/EJbS5Wx8 (really long)

    Sorry that there are some lines in German. My System is in English and my entire configuration but it keeps being in German.

    The Message

    com.sun.identity.authentication.spi.AuthLoginException: Authentication failed with an Input/Output exception while trying to get content
    graph.facebook.com

    tells me that something is wrong with my Proxy settings am i right?

    I have set the same Proxy in System Settings and in Firefox. I don’t know anymore what to do because i tried nearly everything that i found on the internet by searching this error.

    Thanks in advance for your help and a good day,

    Jonathan.

    • This topic was modified 5 years, 6 months ago by Dafugh.
    February 7, 2017 at 8:58 am #15684
     bthalmayr
    Participant

    Hi Jonathan, have you seen the root cause?

    Caused by: java.net.UnknownHostException: graph.facebook.com
    at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
    at sun.net.NetworkClient.doConnect(Unknown Source)
    at sun.net.www.http.HttpClient.openServer(Unknown Source)
    at sun.net.www.http.HttpClient.openServer(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
    at org.forgerock.openam.authentication.modules.oauth2.OAuth.getContentStreamByGET(OAuth.java:690)
    ... 88 more

    You can also spot sun.net.www.protocol.https.HttpsClient this means the configured HTTP forward-proxy is not used, see https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html (referencing latest JDK docs, but it’s the same for JDK 7) , section 2.2. HTTPS

    -Dhttps.proxyHost=.... -Dhttps.proxyPort

    When the target URL has scheme ‘https’, the client must use the ‘connect’-protocol to use an HTTP forward-proxy.

    -Bernhard

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?