problems about OpenIG ,401 Authorization Required

This topic has 15 replies, 4 voices, and was last updated 6 years, 4 months ago by raghukanakala.

  • Author
    Posts
  • #8726
     raghukanakala
    Participant

    We are using full stack of ForgeRock tools (OpenDJ, OpenAM, OpenIDM and OpenIG). Our application is running on IBM HTTP server and IBM WebSphere server. Security is enabled in WebSphere also. I had already integrated with OpenDJ and OpenAM with our servers (OpenDJ and OpenAM). It is working as expected.

    Now i am trying to integrate with reverse proxy functionality with OpenIG. As Rejesh shared on video https://forgerock.org/2015/08/forgerock-openig-getting-credentials-from-forgerock-openam/ as well followed the seteps mentioned on https://backstage.forgerock.com/#!/docs/openig/3.1.0/gateway-guide/chap-password-capture-replay-tutorial#capture-replay-try-it-out.

    When i am trying to access http://openam.test.com:7080/replay , it is redirecting to OpenAM (http:openam.test.com:8085/openam) for authentication after that it showing one more dialogue from windows below:

    The server openam.text.com is asking for your user name and password. The server reports that it is from Default Realm.

    Warning: your user name and password will be sent using basic authentication on a connection that isn’t secure

    Looks like OpenAM and OpenIG credentials are not handshaking well. Is there any configuration i am missing. Below logger from OpenIG:

    ------------------------------
    FRI MAR 18 19:06:55 IST 2016 (INFO) @Capture[{Router}/handler]
    
    <--- (response) exchange:5180099 ---
    
    HTTP/1.1 401 Unauthorized
    Server: IBM_HTTP_Server
    WWW-Authenticate: Basic realm="Default Realm"
    Content-Length: 0
    Date: Fri, 18 Mar 2016 13:36:55 GMT
    Content-Language: en-US
    X-Powered-By: Servlet/3.0
    
    ------------------------------
    

    The following are details:
    OpenAM 12.0.0 deployed in tomcat and running on 8085 port
    OpenIG 3.1.0 deployed in tomcat and running on 7080 port
    OpenDJ : 2.6.0
    IBM HTTP server : V8.0 :8083 port
    IBM WebSphere : 8.0.5 : Security enabled and integrated with OpenDJ

    Other Configuration details :
    1. config.json :

    {
        "handler": {
            "type": "Router",
            "audit": "global",
            "capture": "all"
        },
        "heap": [
            {
                "name": "LogSink",
                "type": "ConsoleLogSink",
                "config": {
                    "level": "DEBUG"
                }
            },
            {
                "name": "JwtSession",
                "type": "JwtSession"
            },
            {
                "name": "ClientHandler",
                "type": "ClientHandler"
            },
            {
                "name": "capture",
                "type": "CaptureDecorator",
                "config": {
                    "captureEntity": true,
                    "_captureExchange": true
                }
            }
        ],
        "baseURI": "http://openam.test.com:8083/policyadmin/index.seam"
    }
    

    2. Common 99-default.json:

    {
    	"handler": "ClientHandler"
    }
    

    3. replay.json

    {
        "handler": {
            "type": "Chain",
            "config": {
                "filters": [
                    {
                        "type": "CryptoHeaderFilter",
                        "config": {
                            "messageType": "REQUEST",
                            "operation": "DECRYPT",
                            "algorithm": "DES/ECB/NoPadding",
                            "key": "0JKAki/7hnw=",
                            "keyType": "DES",
                            "charSet": "utf-8",
                            "headers": [
                                "password"
                            ]
                        }
                    },
                    {
                        "type": "StaticRequestFilter",
                        "config": {
                            "method": "POST",
                            "uri": "http://openam.test.com:8083/policyadmin/index.seam",
                            "form": {
                                "username": [
                                    "${exchange.request.headers['username'][0]}"
                                ],
                                "password": [
                                    "${exchange.request.headers['password'][0]}"
                                ]
                            }
                        }
                    },
                    {
                        "type": "HeaderFilter",
                        "config": {
                            "messageType": "REQUEST",
                            "remove": [
                                "password",
                                "username"
                            ]
                        }
                    }
                ],
                "handler": "ClientHandler"
            }
        },
        "condition": "${matches(exchange.request.uri.path, '^/replay')}"
    }
    

    Please help on this issue. Thank you in advance for your help on this issue.
    If you need any information then let know i will provide you.

Viewing 16 post (of 16 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?