SLES 12.1
IDM45-apps-sp5
IDM45-osp60-HF5

Two servers:

SIMOSP.gov.org OSP, SSPR, Tomcat, jre
Exported osp.jks cert, imported into this servers jre cacerts with the
trustcacerts option

SIMUAPP.gov.org UserApp, Postgres, Tomcat, jre
Imported above osp.jks into this servers jre cacerts with the
trustcacerts option

Both servers have the same main SSO urls in config:

com.netiq.ualanding.redirect.url=http\://simuapp.gov.org\:8080/landing/com.netiq.ualanding.index/oauth.html
com.netiq.uadash.redirect.url=http\://simuapp.gov.org\:8080/dash/com.netiq.uadash.index/oauth.html
com.netiq.rbpm.redirect.url=http\://simuapp.gov.org\:8080/IDMProv/oauth.html
com.netiq.rpt.redirect.url=http\://simpuapp.gov.org\:8080/IDMRPT/oauth.html
com.netiq.rra.redirect.url=http\://simuapp.gov.org\:8080/rra/com.netiq.rra.index/oauth.html
com.netiq.sspr.redirect.url=http\://simosp.gov.org\:8080/sspr/public/oauth


Im Getting this error:
Error: The service may be disabled or an invalid request was made to an
active service. Please contact your system administrator. (An invalid
OAuth2 request was received.)

No errors in either catalina.out log files
Looks like successful authentication:
2017-01-06 14:07:28,856 [http-bio-8080-exec-7] INFO
com.novell.pwdmgt.util.PasswordHelper- [RBPM] [Login_Success]
cn=GHold,ou=ISS,ou=USERS,o=PBC successfully logged in.
2017-01-06 14:07:37,337 [http-bio-8080-exec-8] INFO
com.netiq.idm.auth.oauth.OAuthRestFilter- [RBPM] SSO Header issued by
SSO Filter oauth for User cn=GHold,ou=ISS,ou=USERS,o=PBC.
2017-01-06 14:07:37,458 [http-bio-8080-exec-8] INFO
com.novell.common.auth.saml.AuthTokenGenerator- [RBPM] SAML Token is
issued by the request from SSO filter oauth
2017-01-06 14:07:37,467 [http-bio-8080-exec-4] INFO
com.novell.pwdmgt.util.PasswordHelper- [RBPM] [Login_Success]
cn=GHold,ou=ISS,ou=USERS,o=PBC successfully logged in.

Sspr works fine and the rra screen shows. All others get the error
above

If I logout and go to:
http://simpuapp.gov.org:8080/landing/?0 the landing page does show, so
think the services are there.


Not sure if Im dealing with a cert, url or config issue.
Any suggestions?

Thank you,

Gary


--
gholdefe
------------------------------------------------------------------------
gholdefe's Profile: https://forums.netiq.com/member.php?userid=318
View this thread: https://forums.netiq.com/showthread.php?t=57161