Problem with authenticating WebPolicy Agent!

This topic has 1 reply, 1 voice, and was last updated 3 years, 9 months ago by Fehmi M’Barek.

  • Author
    Posts
  • #23386
     Fehmi M’Barek
    Participant

    Hi @ all,

    in my local dev in environment I am testing AM6 (V 6.0.0.4) and WPA (V 5.0.1.1). They are running on two different local VMs (VirtualBox).

    I’m protecting a ressource with the WPA under the subdomain https://poc.mydomain.local
    My AM6 is running under https://login.mydomain.local
    I’m using a subSubRealm (/customers/europe) for interactions with those Domains.

    Authenticating is working fine. As soon as I try to access https://poc.mydomain.local the WPA redirects me to https://login.mydomain.local and after a successful AuthN I’m getting redirected back to https://poc.mydomain.local but the protected website (a light weight WordPress site) is not showing up. Instead it is showing me a 403 forbidden.

    Just for your Information:
    A Policy Set has been set up and the URL Patterns are working. I have tested it with FR recommendations.

    What I found out is, that the WPA after successful loging in:

    {
      "realm": "/customers/europe",
      "transactionId": "c3c40a6a-bb53-4249-a92f-0e24b6dd74ee-15156",
      "component": "Authentication",
      "eventName": "AM-LOGIN-MODULE-COMPLETED",
      "result": "SUCCESSFUL",
      "entries": [
        {
          "moduleId": "Application",
          "info": {
            "authIndex": "module_instance",
            "authControlFlag": "REQUIRED",
            "moduleClass": "Application",
            "ipAddress": "127.0.0.1",
            "authLevel": "0"
          }
        }
      ],
      "principal": [
        "wpa_wordpress_01"
      ],
      "timestamp": "2018-10-07T10:51:12.373Z",
      "trackingIds": [
        "c3c40a6a-bb53-4249-a92f-0e24b6dd74ee-15157"
      ],
      "_id": "c3c40a6a-bb53-4249-a92f-0e24b6dd74ee-15159"
    }

    I tried it out with following request:

    curl -X POST \
      'https://login.mydomain.local/sso/json/authenticate?module=Application' \
      -H 'Accept-API-Version: resource=2.0, protocol=1.0' \
      -H 'Cache-Control: no-cache' \
      -H 'Content-Type: application/json' \
      -H 'X-OpenAM-Password: myPassw0rd' \
      -H 'X-OpenAM-Username: wpa_wordpress_01'

    The response to this request is:

    {
      "code": 401,
      "reason": "Unauthorized",
      "message": "Authentication Failed"
    }

    In the AM6 Logs I found this:

    {
      "realm": "/customers/europe",
      "transactionId": "c3c40a6a-bb53-4249-a92f-0e24b6dd74ee-19179",
      "component": "Authentication",
      "eventName": "AM-LOGIN-MODULE-COMPLETED",
      "result": "FAILED",
      "entries": [
        {
          "moduleId": "LDAP",
          "info": {
            "authControlFlag": "REQUIRED",
            "moduleClass": "LDAP",
            "failureReason": "USERID_NOT_FOUND",
            "ipAddress": "127.0.0.1",
            "authLevel": "0"
          }
        }
      ],
      "principal": [
        "wpa_wordpress_01"
      ],
      "timestamp": "2018-10-07T11:04:34.485Z",
      "trackingIds": [
        "c3c40a6a-bb53-4249-a92f-0e24b6dd74ee-19180"
      ],
      "_id": "c3c40a6a-bb53-4249-a92f-0e24b6dd74ee-19182"
    }

    While Investigating I found out that the Endpoint is speaking with the UserStore and that might be wrong, wright?

    Can anybody help me here?

    Thanks in advanced

    Fehmi

    • This topic was modified 3 years, 9 months ago by Fehmi M'Barek.
    #23388
     Fehmi M’Barek
    Participant

    Sorry folks,
    it was my fault. There where a TYPO in my config!!! arrrg

    So forget about this post

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?