OpenAM, amazon cloud and Social Authentication

This topic has 3 replies, 3 voices, and was last updated 6 years, 3 months ago by Peter Major.

  • Author
    Posts
  • #11064
     mariaculman
    Participant

    Hi all, I am working with an OpenAM server running on amazon EC2 virtual machine. I have configured the Social Authentication Modules for Facebook and Google, and I am getting the same “Request not valid !”. The problem appears with http://54.xxx.xxx.xxx:8080/openam/oauth2c/OAuthProxy.jsp.

    I am using a public IP and I am not using DNS CNAME.

    I would appreciate greatly your guidance on this problem.

    #11086
     Scott Heger
    Participant

    Did you add your OAuthProxy.jsp URL into your Facebook and Google developer accounts as a valid URL? Also, are you saying that you have OpenAM configured to answer up via an IP address and not a FQDN? Or are you just specifying the OAuthProxy.jsp URL using the IP? In both cases you really should use an FQDN.

    #11337
     mariaculman
    Participant

    Hi Scott. First of all, I configured the OpenAM server using the IP address of the amazon EC2 virtual machine (a public IP address). I do not have a domain (DNS) to use on my site so I decided to use the IP Address.

    I did add the OAuthProxy.jsp URL into Facebook and Google apps:

    For Facebook I used the exact URL that the social module on OpenAM showed me as: http://54.xxx.xxx.xxx:8080/openam/oauth2c/OAuthProxy.jsp (with the IP address)

    But for Google I used the FQDN version of the URL as:
    ec2-54-xxx-xxx-xxx.compute-1.amazonaws.com:8080/openam/oauth2c/OAuthProxy.jsp

    If the IP Address is the source of the error, how can I change the configuration on the OpenAM to work with the FQDN that Amazon AWS also provides?

    Thanks a lot for your help.

    #11367
     Peter Major
    Moderator

    Your issues are coming from cookies and cookie domains. You should have a look at the cookie domain setting (Configuration > System > Platform) and make sure that whatever is you have set is going to match the cookie domain of ec2-54-xxx-xxx-xxx.compute-1.amazonaws.com (which would be *exactly* ec2-54-xxx-xxx-xxx.compute-1.amazonaws.com, since anything less would be a TLD).

    After that you just need to access the login interface on the ec2-54-xxx-xxx-xxx.compute-1.amazonaws.com domain and you should be good to go.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?