Single Sign-On for an Application Fails with 500 Internal Server Error and "Uh oh. Something went amiss."
search cancel

Single Sign-On for an Application Fails with 500 Internal Server Error and "Uh oh. Something went amiss."

book

Article ID: 432275

calendar_today

Updated On:

Products

VMware Tanzu Application Service

Issue/Introduction

The following symptoms are seen when users try to log into an app bound to an SSO service

  • They see "Uh oh. Something went amiss." after trying to log in
  • The HTTP request in the browser shows "500 Internal Server Error" for https://<YOUR_LOGIN_DOMAIN>/oauth/authorize
  • The UAA logs show the following error:
    • java.lang.IllegalArgumentException: A granted authority textual representation is required

Environment

Elastic Application Runtime with the Single Sign-On Tile

Cause

This can be caused by an invalid scope name. You can check the scopes with the following steps:

  1. Get your app ID from the SSO Developer Dashboard -> Your App Name -> Credentials -> App ID
  2. Log into UAA with the UAA CLI. See Managing Clients with UAAC
  3. Get the client with uaac curl /oauth/clients/<APP_ID_FROM_STEP_1>
    • In this example, the invalid scope is "\n"
    • RESPONSE BODY:
{
  "scope": [
    "openid",
    "\n",
    "cloud_controller.read"
  ],
  "client_id": "<APP_ID>",

Resolution

Remove the invalid scope:

uaac client update <APP_ID> --scope <YOUR_SCOPES>

Using the above example, the following command will update the scopes to get rid of the invalid "\n" scope:

uaac client update <APP_ID> --scope openid,cloud_controller.read

Powered by Wolken Software