July 25, 2020 at 11:17 pm #28112
I am new to Forgerock OpenAM and making baby steps to learn the product on my own by doing PoC. I integrated Google OAuth2.0 as an authentication module. When I try to test the authentication module, I am redirected to google authentication page and after successful login at google side, The page redirects to openAM side with Authentication Error. Thereafter the page stays as loading and nothing happens next.
It would be helpful if I can get answers to below:
1. How to set up logging to debug this kind of issue? I explored Configuration->Logging and I get amSSO.access, Oauth2provider.access, Oauth2provider.error. These logs don’t have relevant messages.
2. What could be the issue? From the browser, I can see the error comes after it redirects to openAMJuly 26, 2020 at 12:21 am #28113
Just to add: The same happens with Facebook OAuth too. I am redirected to FB for auth and while redirecting back to openAM, I see Authentication Error!! and the page says loading and stays there forever.
Note: I used Config Social Authentication ->Configure Facebook authentication and just inputted app id and secret. I didn’t make any changes to the default configuration.July 27, 2020 at 4:49 pm #28120Jatinder SinghParticipant
In order to debug this, I suggest set the
Message. You can do this by putting
/Debug.jspendpoint in front of your AM context. E.g.
https://am.example.com/am/Debug.jsp. You don’t have to restart AM for this setting to take place. The debug logs will be available in your AM config directory and the debug folder.
Provided your redirect_uri is correct, authentication errors are also communicated in the redirect process via
error_descriptionparameters. Do you see any error being returned by Google or Facebook authorization servers?July 28, 2020 at 8:06 pm #28131
Hi Jatinder, Many thanks for your response. It really helped. I enabled the debug logs and I see below exception for both Facebook and Google OAuth.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am currently using self signed SSL certificate in my PoC environment. I also imported the self signed certificate to java/bin/security/cacerts. I still get the above exception and after this exception it throws Authentication Error!! both in UI and logs. I understand this is something related to the self signed certificate. It would really help if you can provide me your inputs on this exception(If you have faced this exception in any of your deployments).
Once again Thank you for your time and response.
VenkyJuly 28, 2020 at 10:03 pm #28132Jatinder SinghParticipant
It’s a Trust issue. Did you restart your container after loading that cert? And are you able to access AM console through your browser?July 29, 2020 at 6:48 pm #28139
Hi Jatinder, Yes, I tried restarting the container as well as the server where I have installed openam. Still, I get the same error. I am able to access the console through the browser without any SSL/TLS errors on the https port.
javax.security.auth.login.LoginException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I also noticed the sessionID error below in the logs.
Could not get SSOToken from context
com.iplanet.sso.SSOException: SessionID is empty
Thank you for your time and response.
You must be logged in to reply to this topic.