Ive been installing IDM 4.5 i my lab. Only two servers and a fresh

- RHEL 6.6
- eDir
- IDM 4.5 engine
- iManager

- RHEL 6.6
- Postgresql and Tomcat via IDM 4.5 media
- OSP and SSPR via IDM 4.5 media
- User application via IDM 4.5 media

When using UA/Home via
everything works fine for admins and users, so OSP seems to work fine.

But when using SSPR via
I get an error, so OSP and SSPR doesnt seem to agree.

-An error using the OAuth authentication protocol has occurred. Please
try again later. { 5071 ERROR_OAUTH_ERROR
(oauth consumer reached, but oauth authentication has not yet been
initiated.) }-

From the SSPR log
- 2014-11-07T10:49:25Z, ERROR, servlet.OAuthConsumerServlet, oauth
consumer reached, but oauth authentication has not yet been initiated.
2014-11-07T10:49:25Z, INFO , event.AuditManager, audit event:
{"perpetratorID":"uaadmin","perpetratorDN":"cn\u00 3duaadmin,o\u003dacme","perpetratorLdapProfile":"d efault","targetID":"uaadmin","targetDN":"cn\u003du aadmin,o\u003dacme","targetLdapProfile":"default", "sourceAddress":"","sourceHost":"serv er2.acme.com","type":"USER","eventCode":"AUTHENTIC ATE","guid":"c1357deb-5742-4b91-9c7c-1d5733669b30","timestamp":"2014-11-07T10:49:25Z","message":"AUTHENTICATED"}
2014-11-07T10:49:25Z, INFO , ldap.UserAuthenticator, successful
plaintext authentication for UserIdentity:
{"userDN":"cn=uaadmin,o=acme","ldapProfile":"defau lt"} (89ms)
2014-11-07T10:49:04Z, INFO , event.AuditManager, audit event:
{"perpetratorID":"uaadmin","perpetratorDN":"cn\u00 3duaadmin,o\u003dACME","perpetratorLdapProfile":"d efault","targetID":"uaadmin","targetDN":"cn\u003du aadmin,o\u003dACME","targetLdapProfile":"default", "sourceAddress":"","sourceHost":"192.1 68.35.1","type":"USER","eventCode":"AUTHENTICATE", "guid":"39f2c869-c43b-461a-8cad-40b931b604ef","timestamp":"2014-11-07T10:49:04Z","message":"AUTH_WITHOUT_PASSWORD"}
2014-11-07T10:49:04Z, WARN , config.ChallengeProfile, invalid challenge
set configuration: too few challenges are required
2014-11-07T10:49:04Z, ERROR, ldap.UserAuthenticator, unable to retrieve
user password from ldap: error reading nmas password: error -1659

I can go on using the "Configuration password", but trying to lock the
Config I get:

-5004 ERROR_AUTHENTICATION_REQUIRED (You must be authenticated before
locking the configuration)-

If I look through all settings in the SSPR config they are correct like
in SSPR Admin guide, "Chapter 7- Integrating SSPR with Identity Manager"

What am I missing here?


josn's Profile: https://forums.netiq.com/member.php?userid=450
View this thread: https://forums.netiq.com/showthread.php?t=52131