Identity Platform 7 error when logging to IDM

This topic has 1 reply, 2 voices, and was last updated 3 weeks, 6 days ago by Jatinder Singh.

  • Author
    Posts
  • #28296
     aortiz
    Participant

    Hi All

    I’m installing the new Identity Platform version 7 (Deployment One – Separate Identity Stores – https://backstage.forgerock.com/docs/platform/7/platform-setup-guide/#deployment1), the steps i followed are resumedly this ones:

    -Installed DS Configuration Store
    -Installed DS Identity Store
    -Installed Forgerock AM
    -Installed Forgerock IDM with repo MySQL
    -Installed the UIs in a different virtual machine with Docker

    Just to clarify, both DSs are in one virtual machine while AM and IDM were installed in separated virtual machines each.

    Issue:

    When i try to enter IDM admin UI [http://idm.example.com:8080/admin], redirect to AM login and login with amadmin credentials, i get the following error in the network console:

    WWW-Authenticate: Bearer realm=”IDM”,error_description=”The access token provided is expired, revoked, malformed, or invalid for other reasons.”,error=”invalid_token”

    Thing is that i validated the access token received through postman to the tokeninfo endpoint and it says it’s correct.

    Request
    curl –location –request GET ‘http://am.example.com:8080/openam/oauth2/tokeninfo’ \
    –header ‘Authorization: Bearer bme-EPbH4-zqPeyJqULwsUsGnq4’

    Response
    {
    “access_token”: “bme-EPbH4-zqPeyJqULwsUsGnq4”,
    “grant_type”: “authorization_code”,
    “auth_level”: 0,
    “auditTrackingId”: “88cf4847-48c4-471a-8e12-d9d85fdb6b50-10073”,
    “openid”: “”,
    “scope”: [
    “openid”
    ],
    “realm”: “/”,
    “token_type”: “Bearer”,
    “expires_in”: 227,
    “authGrantId”: “u-nKARXzejT6LFR2MKfc79qCOus”,
    “client_id”: “idm-admin-ui”
    }
    I found an entry in forgerock’s JIRA referring to the same error i’m receiving but was not able to see much information further.

    https://bugster.forgerock.org/jira/browse/OPENIDM-15471

    Does anyone had this error before and was able to solve it?
    I understand that the product is very recent and the is not much information about errors out there.
    Thank you all.

    #28306
     Jatinder Singh
    Participant

    Can you provide the below values from your configuration files?

    * Value of tokenIntrospectUrl in authentication.json;
    * Value of scopes in authentication.json;
    * Value of platformSettings in ui-configuration.json;
    * Value of responseHeaders in ui.context-admin.json;

    P.S the problem is not around access_token but your configuration. The “Platform Setup Guide” documentation IMHO needs another revision as some parts around “self service ui” login are missing.

    Thanks,

    Jatinder Singh
    ForgeRock Architect/Developer
    Sqoop Data

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?