Tagged: Identity platform
September 24, 2020 at 9:58 pm #28296aortizParticipant
I’m installing the new Identity Platform version 7 (Deployment One – Separate Identity Stores – https://backstage.forgerock.com/docs/platform/7/platform-setup-guide/#deployment1), the steps i followed are resumedly this ones:
-Installed DS Configuration Store
-Installed DS Identity Store
-Installed Forgerock AM
-Installed Forgerock IDM with repo MySQL
-Installed the UIs in a different virtual machine with Docker
Just to clarify, both DSs are in one virtual machine while AM and IDM were installed in separated virtual machines each.
When i try to enter IDM admin UI [http://idm.example.com:8080/admin], redirect to AM login and login with amadmin credentials, i get the following error in the network console:
WWW-Authenticate: Bearer realm=”IDM”,error_description=”The access token provided is expired, revoked, malformed, or invalid for other reasons.”,error=”invalid_token”
Thing is that i validated the access token received through postman to the tokeninfo endpoint and it says it’s correct.
curl –location –request GET ‘http://am.example.com:8080/openam/oauth2/tokeninfo’ \
–header ‘Authorization: Bearer bme-EPbH4-zqPeyJqULwsUsGnq4’
I found an entry in forgerock’s JIRA referring to the same error i’m receiving but was not able to see much information further.
Does anyone had this error before and was able to solve it?
I understand that the product is very recent and the is not much information about errors out there.
Thank you all.September 28, 2020 at 3:38 pm #28306Jatinder SinghParticipant
Can you provide the below values from your configuration files?
* Value of tokenIntrospectUrl in authentication.json;
* Value of scopes in authentication.json;
* Value of platformSettings in ui-configuration.json;
* Value of responseHeaders in ui.context-admin.json;
P.S the problem is not around access_token but your configuration. The “Platform Setup Guide” documentation IMHO needs another revision as some parts around “self service ui” login are missing.
You must be logged in to reply to this topic.