OAuth manager services are not working Error: "The request failed due to some unknown reason"
search cancel

OAuth manager services are not working Error: "The request failed due to some unknown reason"

book

Article ID: 282514

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Migrated Gateway & OTK toolkit from Gateway 10.1 to Gateway 11. Dual Gateway Scenario with Instance Modifier and FIP Authentication for Dual Gateways

Login to OAuth manager is failing web browser error:

SSG log messages and error

2024-04-15T10:30:56.620-0400 INFO    681 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7105: Value of type String cannot be converted to Integer

2024-04-15T10:30:56.620-0400 WARNING 681 com.l7tech.server.policy.assertion.composite.ServerHandleErrorsAssertion: 11000: Policy processing caught an exception: RaiseErrorAssertion is stopping execution.

2024-04-15T10:30:56.620-0400 INFO    681 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: error.code: '000', error.msg: {

  "error":"invalid_request",

  "error_description":"The request failed due to some unknown reason"

}

2024-04-15T10:30:56.621-0400 INFO    681 com.l7tech.server.MessageProcessor: 3017: Policy evaluation for service oauth/manager [00a7eb329fb6805060d23c96d0eec56c] resulted in status 600 (Assertion Falsified)

2024-04-15T10:30:56.621-0400 WARNING 681 com.l7tech.server.message: Message was not processed: Assertion Falsified (600)

 

Environment

Gateway 10.x 11.x  OTK 4.6.1

Cause

Failure with Federated Identity Provider (FIP) AuthN of the DMZ gateway to the internal gateway 

This is a generic massage that means AuthN failed (ssg log)

com.l7tech.server.policy.assertion.ServerSslAssertion: 4114: Found client certificate for <FQDN_DMX_Gateway>

com.l7tech.server.policy.assertion.identity.ServerAuthenticationAssertion: 4208: Authentication failed for identity provider ID <ID GUID>

Compared the default gateway certificate from the DMZ with the FIP user for the DMZ on the internal gateway.  The certificate did not match 

Resolution

Exported the default certificate from the DMZ gateway 

Modified the user on the internal gateway for the DMZ gateway by deleting the certified then imported the certificate from the first step 

 

Powered by Wolken Software