Hi,

I'm testing IDM 4.5.5, OSP 6.0.0.5 and SSPR 4.1 integration and
something gone wrong.

Applications are working fine, but when I try to access SSPR I got the
following error:


Code:
--------------------

SSPR 5071


An error using the OAuth authentication protocol has occurred. Please try again later.

--------------------


Catalina.out says:

Code:
--------------------

2017-02-15T12:39:36Z, FATAL, servlet.AbstractPwmServlet, 5071 ERROR_OAUTH_ERROR (unexpected HTTP status code (400) during OAuth getattribute request to https://microfocusiga:8543/osp/a/idm/auth/oau
th2/authcoderesolve)
2017-02-15T12:39:36Z, ERROR, http.PwmResponse, {103} 5071 ERROR_OAUTH_ERROR (unexpected HTTP status code (400) during OAuth getattribute request to https://microfocusiga:8543/osp/a/idm/auth/oauth2/
authcoderesolve) [172.17.2.1]

--------------------


osp-idm.2017-02-15.log has nothing relevant.

SSPR Configutarion (SSO part):

Code:
--------------------

<setting key="pwm.selfURL" syntax="STRING" syntaxVersion="0" modifyTime="2017-02-15T14:00:57Z">
<label>Site URL</label>
<value><![CDATA[https://microfocusiga:8543/sspr]]></value>
</setting>
<setting key="pwm.securityKey" syntax="PASSWORD" syntaxVersion="0" modifyTime="2017-02-15T14:00:58Z">
<label>Security Key</label>
<!--Note: This value is encrypted and can not be edited directly.-->
<!--Please use the Configuration Manager GUI to modify this value.-->
<value>72QKEPON/P/gfE4AAQAl6Y2JOoQA2zKM2lT0PeAnj/oJf+BDeDPXu2BMpEjCztjGqmENOdmojFQxTvYFqm+73BcjUgot 119tDJsvy+aoWKfxe1N4AzT70smJMGUbgnudf8fUKxV/28Zc2i0K8c/2/5OfOWWD+HQG5/4GiSsyZO1+mdZMbOGXKibD
N3N7Jgf1tYuzr2M0frNEQwMEOdflm05u1YpY07CGHaGbKRVPLM 7XFObZBy3fCjT+YjlMCWSjD1Y/CeEox2N/NrgNUfy7kUzMLCP1LUMt8gnFFGL2TKxAqtVu5tdZEsSElHTJEd cU9VMFtcsROm7NTmYsalihRNYS+ViSNwMOO8I/nx0wg2Md/gJY8lRgpZaL4Po1w
84+JXxZCSvH7VkJa1ilpHSxPUaefftWyTtGhdya+u7zOK891FU C8s90e374jQMxQEa2pd4bvFCtpvIJ30GAAyb8vK3gza6hVqMH7 vogbPNnNdXxM+ygkCZwvrckJzQFfKAMQpRkVQa7rjpzBGmTI8i H8KpnjkbmtSHo4L/lVjm5f4cPTPNDFvwHyYNo2/KKSuyJJ+
4qQrL3udEsrhwIunR31HeNjPUuWHIHvBoN3GGeM4lro6ItuLry tjMemHEtpTEREbXNbPQurB0PhFkHtSDPMeVWephUt9muNpf1A0 TKjznFKdT8LRiJs/idoZzK9Or0RmppRth4zRsDehhrY7p0oS23kTfroz1WfGv2j/PebUkefaYPbrGwsCtu9MOy33abvsAso4v
kuVCFEANSvKDZ6dkF9xCVXDAW3VLC6CbXLaAeYOeI080ry921i jOkhAevVzBCZzRKvk1CclsZIchSxwuLSIYFZY5b6sBhi5FVSM2 fgn+mvyvxPFietdNwHU9uini2tB6W6rg8BvuTxIE/3VNSrk5QWlpVrA61mXyl1pw+vWtDTEem/1A/u+q2cLdSPk56eMbIKqiJ
10uUCHZf7iEi2vOZUlPe511ShjIIarjispJA1xaIrTtIO8NKuu 06wM8e1X3x2uWBGosyl9onhBEVRZim+uz5CfVYSDcENyOeEaFS aGGzq8Yhl+nhrmaeU7yR/tazd6TDVw2U5xEVnMEvoy+hXgmuYS/F6SO3/eht+k/X9g/QsDxTWApNJTiTMgQpJHA7c6s8uxKji
GIbMHFQjPKMLuN69HDkgTCGDuFOIciGCEva/7CcPtnwBFJhP6uptzNb5yLUTkmu1w5b64VnuxixxSF8NyoUdpq gXz6VrGCyS3UydLRGlLZ4yIixZ7NTbkIJfxTExmQ0W1HiuSuaZ DgDolmno6AI5SxdM0NeboXU/AbJkA29SW3EUK9wdpjpdOrmIu1lBzAEphwgQF
QyuWceM5DidEj5/RF5qL4=</value>
</setting>
<setting key="security.redirectUrl.whiteList" syntax="STRING_ARRAY" syntaxVersion="0" modifyTime="2017-02-15T14:03:41Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>Redirect Whitelist</label>
<value><![CDATA[https://microfocusiga:8543]]></value>
<value><![CDATA[https://172.17.2.132:8543]]></value>
<value><![CDATA[https://192.168.43.96:8543]]></value>
</setting>
<setting key="oauth.idserver.loginUrl" syntax="STRING" syntaxVersion="0" modifyTime="2017-02-15T14:10:45Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAuth Login URL</label>
<value><![CDATA[https://microfocusiga:8543/osp/a/idm/auth/oauth2/grant]]></value>
</setting>
<setting key="oauth.idserver.codeResolveUrl" syntax="STRING" syntaxVersion="0" modifyTime="2017-02-15T14:11:17Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAuth Code Resolve Service URL</label>
<value><![CDATA[https://microfocusiga:8543/osp/a/idm/auth/oauth2/authcoderesolve]]></value>
</setting>
<setting key="oauth.idserver.attributesUrl" syntax="STRING" syntaxVersion="0" modifyTime="2017-02-15T14:11:26Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAuth Profile Service URL</label>
<value><![CDATA[https://microfocusiga:8543/osp/a/idm/auth/oauth2/authcoderesolve]]></value>
</setting>
<setting key="oauth.idserver.serverCerts" syntax="X509CERT" syntaxVersion="0" modifyTime="2017-02-15T14:10:53Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAUTH Web Service Server Certificate</label>
<value>MIIDgzCCAmugAwIBAgIEa2O+LzANBgkqhkiG9w0BAQs FADByMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub 3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3d uMRAwDgYDVQQLEwdVbmtub3duMRYwFAYDVQQDEw1t
aWNyb2ZvY3VzaWdhMB4XDTE3MDIwMjAwMTQ0N1oXDTI3MDEzMT AwMTQ0N1owcjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMH VW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW 5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNb
Wljcm9mb2N1c2lnYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADC CAQoCggEBAMIxwSrNEo3qx5vweziuFtdQTgDF93oNDxZNzuUTu uVVnrWxPrbxrNxjGrp2VOFDj4LIZyMaZcFkkLZagQk8PqXSkQh 0nZyHcjFQml+ecR+q/nGc1ctZXrH2ANwIjdZQf7rJ1nuAsY
DitC5yMyI0YSJan3EnVAZJ0lnWGunxu6gNs3zYlRJuYhT6+Zuj lL2r5jqRMcc8glEiWd3/7JEopazkJyjq2XE2+GeHD2vYuR87BYCUzZXIXnlL6Wai9H9ZRN 2jLNOveTa+NZfaXEzNZpTJBs1BgwQ8BpaR96tkEMl/SwpD1EHBkMLdae0YWeTgOXUjnuB855o4Ybd
vqVbdVm8CAwEAAaMhMB8wHQYDVR0OBBYEFDWEZIn3A8cMVq9rJ lGjOAqy8pV9MA0GCSqGSIb3DQEBCwUAA4IBAQDAAgRhHN/S0ps7LYq9kb73QSHfJ9QWo9AsssqQ+tW2xGF02fq6bK84g2B+f i9VocdiT6t/FIGOhnthgpIeYjyQ0lDfDKkv9Rg4O78CYQFtGaLG
bC4aHfJSgW74Wc8k/wnlxHpCjQEC+Hrwohbio++fWW/inxXIlbz9tJuc4yHrU6ntT3cY7ALFa38TO3UzSXJOFcZInz3j1 529amrE7mvoOxphcnAGwEuBKO89UyzE4QW4AgQPAzoJJqZ+mZS Tg5vs/qoMoFcdIXkGnz29JOBE8jGYPj4u2ezNQFGv3YZVLDsQ9yha5
qod1/sPh0Ux4EcHXnmMZEsyFaJhQ1zxiOWs</value>
</setting>
<setting key="oauth.idserver.clientName" syntax="STRING" syntaxVersion="0" modifyTime="2017-02-15T14:11:38Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAuth Client ID</label>
<value><![CDATA[sspr]]></value>
</setting>
<setting key="oauth.idserver.secret" syntax="PASSWORD" syntaxVersion="0" modifyTime="2017-02-15T14:12:29Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAuth Shared Secret</label>
<!--Note: This value is encrypted and can not be edited directly.-->
<!--Please use the Configuration Manager GUI to modify this value.-->
<value>gVWyZEMnHXSURiUb7oZb2g==</value>
</setting>
<setting key="oauth.idserver.dnAttributeName" syntax="STRING" syntaxVersion="0" modifyTime="2017-02-15T14:12:41Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>OAuth User Name/DN Login Attribute</label>
<value><![CDATA[CN]]></value>
</setting>
<setting key="interface.theme" syntax="SELECT" syntaxVersion="0" modifyTime="2017-02-15T14:13:50Z" modifyUser="default|cn=0001,ou=users,o=data">
<label>Interface Theme</label>
<value><![CDATA[idm]]></value>
</setting>

--------------------


password match with configupdate.

Configupdate.properties:

Code:
--------------------

com.netiq.sspr.redirect.url=https\://microfocusiga\:8543/sspr/public/oauth
com.netiq.sspr.clientID=sspr

--------------------


Followed links bellow, but still not working.
https://www.novell.com/support/kb/doc.php?id=7016168
http://tinyurl.com/h588wc5

Any idea?


--
agorian
------------------------------------------------------------------------
agorian's Profile: https://forums.netiq.com/member.php?userid=1099
View this thread: https://forums.netiq.com/showthread.php?t=57372