Symantec Siteminder integrated with Google Social Media . After signing-in to Google, the redirect to /Affwebservices fails with an HTTP 500 Error:
In Federation Trace log, I can see the follow error message, but I am not sure what is wrong in my configuration.
12/02/2021][19:43:35][18640][140300370945792][42afbafd-618b1136-de44563c-a0c97b47-cfd72c32-d0][MessageDispatcher.java][dispatchMessage][Dispatcher object thrown an exception while processing the message. SrcaException Message: HTTP status line was not returned: Possible cause is timeout before response received from remote service.
Message contents =
[Headers:{}]
[Cookies:{}]
[Message: ].]
[12/02/2021][19:43:35][18640][140300370945792][42afbafd-618b1136-de44563c-a0c97b47-cfd72c32-d0][MessageDispatcher.java][dispatchMessage][Exception:
com.netegrity.srca.SrcaException: HTTP status line was not returned: Possible cause is timeout before response received from remote service.
Message contents =
[Headers:{}]
[Cookies:{}]
SiteMinder 12.8.x
Access Gateway 12.8.x
Google Root CA certificate not properly added to Symantec Access Gateway.
Access Gateway does not validate "code" in google apiserver.
1) To get access token using Authorization code using API https://developers.google.com/nest/device-access/reference/errors/authorization#3-access-token
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?client_id=83876948441-iaufrd2cpqpde6hr78k6rph9qh5ddjo3.apps.googleusercontent.com&client_secret=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&redirect_uri=https%3A%2F%2Fsso01.security.demo-broadcom.com%2Faffwebservices%2Fpublic%2Foauthtokenconsumer%2Fgoogle83876948441iaufrd2cpqpde6hr78k6rph9qh5ddjo3appsgoogleusercontentcom' \
--data grant_type=authorization_code \
--data 'code=4/0AX4XfWi84GXbTH0RKe4FJauClmg7fcyyr2uATWW4GKjLO0ubGqc66spFiSvhOAIuf-Zbfw' \
--verbose --silent
In Access Gateway, it is working fine. There is no issue in authorization code itself.
2) Capture network traffic in Access Gateway (Linux environment) -- reproduce the error in browser.
There is a certificate error in TCP packet
This means that Access Gateway is not connecting to 74.125.142.84, which is the Google API server.
1) Go to https://www.googleapis.com/ and get the root certificate.
2) Import certificate into Access Gateway and restart Access Gateway.
3) Validate Google Social Media integration.