September 26, 2016 at 7:07 pm #13290
I am quite new to OpenAM, so I am having some problem to integrate oAuth authentication with my Django project. Please help.
First I tried to authenticate with datastore by adding users in the subjects, and was able to authenticate the user by using REST APIs for the same.
But what I wanted to achieve was to authenticate using oAuth 2.0 (which I used in my Django project – reference). So I created a new module instance for oAuth 2 and filled the client id and secret and added authentication endpoint and access_token endpoint to the URL where Django server is hosted (i.e. localhost:8000/o/token/).
But this didn’t work as per what I expected. Can anyone please show me the correct way and help me solve the problem.
ThanksSeptember 27, 2016 at 2:05 pm #13293Rogerio RondiniParticipant
So.. Could you be more clear on what you expect, what did not work and if you got some error… etc… ?September 27, 2016 at 2:19 pm #13294
Thanks for replying. I have following queries:
1. While specifying Authentication Endpoint URL in my module instance, openam hits a get request. Can’t I directly hit a post request?
2. I somehow bypassed it by creating a url on my django project and by accepting user credentials on this page I hit the login API and redirect it to the redirect_uri specified in OpenAM module instance i.e. http://openam.example.com:8080/openam/oauth2c/OAuthProxy.jsp. But the page here shows “Request Not Valid”
And this gets logged into the logfile. I checked for answers related to this problem and found that there is no SampleAuth.xml. What can be the reason for this?
“2016-09-27 17:24:26” “Login Failed|module_instance|djangoauth” “Not Available” “Not Available” 127.0.0.1 INFO dc=example,dc=com “cn=dsameuser,ou=DSAME Users,dc=example,dc=com” AUTHENTICATION-268 djangoauth “Not Available” 127.0.0.1
ThanksSeptember 27, 2016 at 3:03 pm #13302Rogerio RondiniParticipant
AUTHENTICATION-268 error is documented as “Module is not registered/configured under realm or Incorrect/invalid credentials presented or User locked out/not active”. I think you should enable Debug log in OpenAM.September 27, 2016 at 9:04 pm #13314
I already checked this error here But I am not understanding why it is failing. I have configured module instance (with Create account if it does not exist as enabled) and also included in authentication chaining (below datastore with sufficient criteria) and the credentials provided for login are also correct. Regarding 3rd point, since the User is new (i.e. it does not exists in OpenAM datastore) I expect it to get save in the datastore. But this does not happen. Did I do anything wrong? Please help.
PS. I also changed the log mode to debug. But there is nothing, I could make out of it:
“2016-09-28 00:02:52” /usr/share/tomcat7/openam/openam/log/ “cn=dsameuser,ou=DSAME Users,dc=example,dc=com” 81c86a0fc24c94ef01 “Not Available” INFO dc=example,dc=com “cn=dsameuser,ou=DSAME Users,dc=example,dc=com” LOG-1 amAuthentication.error “Not Available” 127.0.1.1
“2016-09-28 00:02:52” “Login Failed|module_instance|djangoauth” “Not Available” “Not Available” 127.0.0.1 INFO dc=example,dc=com “cn=dsameuser,ou=DSAME Users,dc=example,dc=com” AUTHENTICATION-268 djangoauth “Not Available” 127.0.0.1
ThanksSeptember 28, 2016 at 9:56 am #13344
The main problem I am facing is that I am not able to understand functionality of the redirect proxy url http://openam.example.com:8080/openam/oauth2c/OAuthProxy.jsp.
What this file does and what are the parameters one needs to pass for this to work. Sometimes I get error “Request Not Valid” and other times it returns an HTML page of “Authentication failed”. Please explain.
ThanksOctober 1, 2016 at 12:19 am #13416
From my understanding, the OAuthProxy.jsp file is used to continue the authentication process when you are redirected from the IDP (your django server in your case).
I also encountered the “Request Not Valid” error. Make sure that the “Prompt for password setting and activation code” field is unchecked inside the OAuth2 / OpenID Connect authentication module (there is a bugster on this but I could not find it).
VincentOctober 3, 2016 at 9:18 am #13438
Thanks for replying Vincent,
I have already unchecked “Prompt for password setting and activation code” but it is still not working. What is “OpenID Connect authentication module” I am using only OpenAM and openDJ. Do I need to install OpenID for this to work?October 8, 2016 at 7:36 pm #13559Peter MajorModerator
The authentication module is called OAuth2 / OpenID Connect authentication module, it should allow authentication with both technologies. So what sort of error message are you getting now?October 12, 2016 at 9:48 am #13646
I am now working on OpenAM v13.0 and able to authenticate via Facebook, but for my third party login APIs I get Authentication Error when I try to hit http://openam.example.com:8080/openam/XUI/#login/&module=my-auth. And in the debug, I get this error:
Although I have properly configured my end point URLs.
amAuth:10/12/2016 01:14:02:099 PM IST: Thread[http-bio-8080-exec-2,5,main]: TransactionId[cbf91dac-c78f-4941-8702-a492e2cc0ff2-223]
ERROR: The crypto context value string, null is not in valid URL format: java.net.MalformedURLException
October 13, 2016 at 6:38 pm #13679
- This reply was modified 2 years, 8 months ago by manasvi.
Here is the error when I enabled debug.
Error while retrieving SSOToken for login failure: Authentication Error!!|auth_error_template.jsp
errorCod=’102′, resProperty=’Authentication Error!!|auth_error_template.jsp’
Error Message : Authentication Error!!October 14, 2016 at 9:49 am #13688
So, I was able to solve the above issue for my third party Authentication, but another hurdle comes.
When I get the login page of my third party Authentication, I enter my details and login. It runs successfully.
But then OpenAM runs internal APIs which is throwing 401 unauthenticated. Here are the things that is causing error:
1. http://openam.example.com:8080/openam/XUI/locales/en-US/translation.json?v=13.0.0 is 404 not found. What to do with this?
2. http://openam.example.com:8080/openam/json/authenticate?realm=/ is 401 Unauthorized. But when I hit the same API with same parameters through curl request I get proper response.
3. http://openam.example.com:8080/openam/json/serverinfo/version is 403 Forbidden
In logs, I get “errorCod=’107′, resProperty=’Authentication Failed|login_failed_template.jsp”
Please help.October 14, 2016 at 10:29 am #13689
There is an important point I missed from your previous message.
You want to use Facebook as your third party authentication. I am not sure, but I do not think that Facebook implements pure OAuth2/OpenID Connect protocol. I think you will need to use social login feature from OpenAM :
https://backstage.forgerock.com/#!/docs/openam/13/admin-guide#configure-social-authnOctober 14, 2016 at 10:39 am #13690
@vincent-mirzaiansolucom-fr this is not Facebook authentication but oAuth authentication with my Django project (which uses django-oauth2)October 14, 2016 at 11:01 am #13691
Oh sorry I misread your previous message when you mentioned Facebook authentication.
1. http://openam.example.com:8080/openam/XUI/locales/en-US/translation.json?v=13.0.0 is 404 not found : This is a just a file used for localizing the UI, there is no impact if this file is missing.
2. http://openam.example.com:8080/openam/json/authenticate?realm=/ is 401 Unauthorized: This is because the authentication process did not create a session cookie (iPlanetDirectoryPro cookie). Therefore /json/authenticate endpoint (which checks the validity of the OpenAM session cookie) return 401 Unauthorized.
After authenticating on your django server, to which openam url are you redirected to ? You should be redirected to the /OAuth2Proxy.jsp URI.
You must be logged in to reply to this topic.