OAUTH Partnership Error Dispatcher object thrown unknown exception while processing the message

book

Article ID: 37355

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue: 

We have configured OAuth Federation Partnership But failing with below error while sending an OAuth message/Request token to the Google IDP.

1. We hit the below URL.

https://www.abcca.com/affwebservices/public/oauthtokenconsumer/google186515880172?AuthzServerID=Google

2. After verifying the Authorization Server Info, It redirects to Google Login page.

3. User enters the credentials

4. After Successful Authentication from Google, Request redirects to Siteminder along with State Data Cookie values

5. The Siteminder/federation system verifies the authentication response, during the process of Authentication/Authorization, It is sending the OAuth message/request token to Google IDP but the request is failing with below and it is not reaching google.

[12/09/2015][04:19:42][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuthUtils.java][traceSensitiveMessage][Access token request:  grant_type=authorization_code&code=4/Rwg2bOTLiODyBSiVcuHcIKSdo7cdinekDblGoOXO1hc&redirect_uri=https%3A%2F%2Fwww.abcca.com%2Faffwebservices%2Fpublic%2Foauthtokenconsumer%2Fgoogle186515880172&client_id=186515880172-vsivla06sm86hk0praglnmhaknlb3svf.apps.googleusercontent.com&client_secret=<Value not shown>]

[12/09/2015][04:19:42][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20Utils][sendClientMessage][ENTER]

[12/09/2015][04:19:42][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][MessageDispatcher.java][acquireDispatcher][Value being used as key to the dispatcher map: Google|||google186515880172POST]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][MessageDispatcher.java][dispatchMessage][Dispatcher object thrown unknown exception while processing the message. Message: Connection timed out: connect.]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][MessageDispatcher.java][dispatchMessage][Exception:

java.net.ConnectException: Connection timed out: connect

                at java.net.DualStackPlainSocketImpl.connect0(Native Method)

                at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)

.

.

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20Utils][sendClientMessage][Exception occured while sending an OAuth message:  Exception occurred while message dispatcher (srca) object trying to send SOAP request message to the SAML producer.]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20Utils][sendClientMessage][EXIT]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20TokenConsumerHandler][sendAccessTokenRequest][No response returned from the authorization server.]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20TokenConsumerHandler][sendAccessTokenRequest][EXIT]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20TokenConsumerHandler][executeOAuthFlow][Failure during access token request]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuth20TokenConsumerHandler][executeOAuthFlow][EXIT]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][TokenConsumer.java][processOAuthLogin][Done processing.  Continuing on to redirect or error handling.]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][TokenConsumer.java][setupFailureDefault][Ending OAuth service request processing with HTTP error 500]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][OAuthUtils.java][removeStateDataCookie][Removing the state data cookie]

[12/09/2015][04:21:48][11412][8300][79c78d5a-c1e3fecd-1a3369c8-962cd16e-9a377c14-f7][TokenConsumer.java][processRequest][Sending an error.]

Environment:  

Policy Server: R12.52 SP01 CR01

SPS: R12.52 SP01 CR01

Cause: 

1. Proxy config is prohibiting the connection to Google IDP

2. Lack of Default CA certs in CDS (this is need for ALL OAuth setups but, even though it is documented, it is a commonly forgotten step)

Workaround:

1. Allow NAT or internet connection between SPS/WAOP and Google (In this case it is google)

2. Please make sure to import All default CA certs into CDS

Run one of the following commands to Import all default trusted Certificate Authority certificates to the certificate data store.

(Windows) smkeytool.bat -importDefaultCACerts 

(UNIX) smkeytool.sh -importDefaultCACerts

importDefaultCACerts - this option to import all default trusted Certificate Authority certificates that are included with CA SiteMinder to the certificate data store.

 

Environment

Release:
Component: SMFED