Push Notification Failure Due to Connection Timeout with Google FCM APIs

search cancel

Push Notification Failure Due to Connection Timeout with Google FCM APIs

book

Article ID: 378146

calendar_today

Updated On:

Products

CA Strong Authentication

Issue/Introduction

Customers may encounter the following error when attempting to send push notifications via the Symantec Advanced Authentication Push Notification Service(ArcotAFM Application):

Error Message:

ERROR: aa.pns.PushNotificationService : Failed to notify device.
com.google.auth.oauth2.GoogleAuthException: Error getting access token for service account: connect timed out, iss: firebase-adminsdk-c983n@catechnologiesadvancedauth.iam.gserviceaccount.com

This error indicates that the Symantec Advanced Authentication is unable to communicate with Google’s Firebase Cloud Messaging (FCM) servers due to connectivity issues, commonly caused by proxy server settings or firewall restrictions.

Environment

Symantec Advanced Authentication with Push Notifications
versions 9.1, 9.1.01, 9.1.02, 9.1.03, 9.1.04, and 9.1.5

Cause

The failure occurs when the Symantec Advanced Authentication or other network components (e.g., firewalls, proxy servers) block access to required Google FCM API URLs. Without proper access, the Symantec Advanced Authentication cannot retrieve authentication tokens or send notifications through the Google FCM platform.

Resolution

If your organization uses a proxy server or firewall to restrict external connections, you need to whitelist specific Google FCM URLs to allow the Symantec Advanced Authentication to connect and authenticate.

Steps to Whitelist URLs:

Contact your network administrator to whitelist the following URLs for outbound traffic:
- https://accounts.google.com/
- https://oauth2.googleapis.com
- https://www.googleapis.com/
Ensure these URLs can be accessed without restrictions by the Symantec Advanced Authentication server.
Once the URLs have been whitelisted, restart the Symantec Advanced Authentication Push Notification Service( ArcotAFM component) and test push notifications to ensure they are functioning properly.

Additional debug steps:

Ensure that the proxy server allows SSL/TLS connections to the aforementioned Google URLs.
If the issue persists after whitelisting the URLs, verify network connectivity and ensure that no additional firewalls or security solutions are blocking access to Google FCM.

Additional Information

Please refer critical AFM/Adapter patch: https://knowledge.broadcom.com/external/article/281453/symantec-advanced-authentication-critica.html

Feedback

thumb_up Yes

thumb_down No