VIP Authentication Hub Provider creation fails with Proxy in AdminUI
search cancel

VIP Authentication Hub Provider creation fails with Proxy in AdminUI

book

Article ID: 262903

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running AdminUI, and trying to create an AuthHub Provider, clicking on the test the connection button, if the AuthHub is configured to access through a Proxy, then the connection fails:

Error: Connection timed out.

Provider Name: myprovider
Issuer URL: https://myvipauthhub.mydomain.com/myapp
Administrative Client ID: 1112333555-11551115-555441
Administrative Client Secret: ************************
Disable SSL Certificate Validation unchecked
Enable Proxy checked
Proxy Host: 192.168.1.102
Proxy Port: 9099

server.log:

2023-03-17 15:29:18,783 ERROR [stderr] (default task-3)         at java.lang.Thread.run(Thread.java:748)
2023-03-17 15:29:18,784 [ERROR] com.ca.federation.adminui.backingbean.federation.ahconfig.CreateAHConnectionBean [] - **ERROR** com.ca.sso.smssl.SMSSLException during UI operation.
com.ca.sso.smssl.SMSSLException: Exception while creating sslSocket
        at com.ca.sso.smssl.socket.SMSSLSocketImpl.<init>(SMSSLSocketImpl.java:111) ~[smssl.jar:14.0]

The grep command line to find the Proxy host 192.168.1.102 from the strace command doesn't return any line:

  | Type                      |            IP |
  |---------------------------+---------------|
  | Proxy                     | 192.168.1.102 |
  | myvipauthhub.mydomain.com | 10.0.0.1      |

  # strace -o run.dump -t -ff /{path_to_the_adminui}/adminui/bin/standalone.sh > run-output.txt 2>&1
  # grep -ri 192.168.1.102 *
  #

The AdminUI doesn't even try to reach the Proxy.
  
But from the AdminUI machine, when using curl command line, then the connection is successful:

  # curl https://myvipauthhub.mydomain.com/myapp --proxy http://192.168.1.102:9099 --insecure -vvv
  < HTTP/1.1 200 Connection established
  SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

 

Resolution

 

Upgrade AdminUI, Policy Server, and Policy Store data to 12.8SP7 to fix this issue.

Once upgraded, then the following result can be seen:

Provider Name: myprovider
Issuer URL: https://myvipauthhub.mydomain.com/myapp
Administrative Client ID: 1112333555-11551115-555441
Administrative Client Secret: dasdasdlasdlasdas
Disable SSL Certificate Validation unchecked
Enable Proxy checked
Proxy Host: 192.168.1.102
Proxy Port: 9099

# strace -o run.dump -t -ff /{path_to_the_adminui}/adminui/bin/standalone.sh > run-output.txt 2>&1
# grep -ri 192.168.1.102 *
run.dump.72138:10:18:51 connect(1219, {sa_family=AF_INET, sin_port=htons(9099), sin_addr=inet_addr("192.168.1.102")}, 16) = 0
# grep -ri 10.0.0.1 *
#

and no error is observed from the AdminUI server.log.

 

Powered by Wolken Software