Layer7 API Management

Expand all | Collapse all

OAuth Authorization Server - missing or duplicate parameters

Jump to Best Answer
  • 1.  OAuth Authorization Server - missing or duplicate parameters

    Posted 09-19-2016 10:50 AM

    Disclaimer: Have been using this all of 2.5 days...so as newb as can be .

     

    The OTK 3.5 was installed and I can get to the manager, create clients + keys etc. Resource owner password creds, client credentials, and SAML bearer test client all work.

     

    However, the "authorization code" flow does not function. It always errors out with the message below after a POST to the ../login. In this case I'm just trying the provided test client at /oauth/v2/client/authcode...tried creating others as well and they all fail with same error.

     

    Steps:

    - I go to https://mytestgateway:8443/oauth/v2/client/authcode

    - I choose the "Authorization Code" option

    - I click "Initiate" under Initiate new OAuth handshake

    - I enter my username + password

    - I am display error message invalid_request

     

    ------------------------------

    POST https://mytestgateway:8443/auth/oauth/v2/authorize/login HTTP/1.1

    HTTP/?.? 400 Bad RequestServer: Apache-Coyote/1.1x-ca-err: 3001103Cache-Control: no-store

    OAuth 2.0 Authorization Server

    error: invalid_request
    error_description: Missing or duplicate parameters

     

    Logs show this:

    WARNING 609 com.l7tech.server.policy.assertion.composite.ServerHandleErrorsAssertion: 11000: Policy processing caught an exception: RaiseErrorAssertion is stopping execution.

    ------------------------------

     

    Been trying to dig through the docs but nothing stands out for me as to where to go for troubleshooting this. Any pointers would be greatly appreciated...kind of stuck in terms of what to even look for in all this OTK stuff for this problem. 



  • 2.  Re: OAuth Authorization Server - missing or duplicate parameters

    Posted 09-19-2016 11:21 AM

    Hello,

     

    This could be any number of things. To start off with after installing the OTK did you perform the post-install configurations steps this is required for the OTK to function properly?

    Post-Installation Tasks - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 



  • 3.  Re: OAuth Authorization Server - missing or duplicate parameters
    Best Answer

    Posted 09-20-2016 08:54 AM

    Hi CBertagnolli,

     

    I agree with Barry and in particular I would take note of the below statement as it seems to be the most frequent cause of this error with new installs:

     

    "The online uuidgenerator.net tool creates a hyphenated UUID value of 36 characters such as: 7b050d4c-3e81-4cfe-894c-e08a49d1fc22. With the hyphens, this UUID is more than 256 bits. Remove the hyphens to create a valid 32 character value for the otk_session_secret_encryption parameter."

     

    Regards,

    Joe



  • 4.  Re: OAuth Authorization Server - missing or duplicate parameters

    Posted 09-20-2016 09:12 AM

    Thanks for the replies dasjo02 and barry. We worked with a CA engineer yesterday afternoon and turned out it was indeed the 256-bit issue. It has the hyphens and wasn't exactly 256.



  • 5.  Re: OAuth Authorization Server - missing or duplicate parameters

    Posted 02-22-2017 04:19 AM

    Hi there,

     

    I am facing similar issue with OTK 3.5, could you please let me know how it can be fixed.

     

    Thanks,

    Ankush



  • 6.  Re: OAuth Authorization Server - missing or duplicate parameters

    Posted 02-22-2017 11:56 AM

    Hi Ankush,

     

    Can you confirm you have followed the post install steps? The issue here was the value of otk_session_secret_encryption had to be exactly 256-bit / 32 characters.

     

    Post-Installation Tasks - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 

     

    Regards,

    Joe



  • 7.  Re: OAuth Authorization Server - missing or duplicate parameters

    Posted 02-24-2017 04:09 AM

    Hi Joe,

     

    Yes I have performed steps :--

     

    *************

    A client with the following properties is seeking access to resources:

    Client Name:OAuth2Client
    SCOPE (permissions):oob

    Please grant or deny the request

    *************

     

    On clicking, getting below error :--

    ******************************

    2017-02-24T14:37:49.769+0530 INFO 1836 com.l7tech.server.message: Processing request for service: OAuth 2.0 Client - authorization_code [/oauth/v2/client/authcode*]
    2017-02-24T14:37:49.771+0530 INFO 1836 com.l7tech.server.policy.assertion.credential.http.ServerCookieCredentialSourceAssertion: 4100: Authentication required
    2017-02-24T14:37:49.772+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${dbsystem} is equal to cassandra
    2017-02-24T14:37:49.773+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${cacheKey} is not empty
    2017-02-24T14:37:49.774+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${clearSessionForm} is not empty (case sensitive)
    2017-02-24T14:37:49.776+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${action} is equal to refresh (case sensitive)
    2017-02-24T14:37:49.777+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${action} is equal to callapi (case sensitive)
    2017-02-24T14:37:49.778+0530 WARNING 1836 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to https://api92.gateway.com:8443/auth/oauth/v2/token. Error msg: Unable to obtain HTTP response from https://api92.gateway.com:8443/auth/oauth/v2/token: No route to host
    2017-02-24T14:37:49.784+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${action} is equal to clearSession (case sensitive)
    2017-02-24T14:37:49.793+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7103: At least one comparison value was null
    2017-02-24T14:37:49.795+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7103: At least one comparison value was null
    2017-02-24T14:37:49.798+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7103: At least one comparison value was null
    2017-02-24T14:37:49.803+0530 WARNING 1836 com.l7tech.server.message: Message processed successfully

    ******************************

    does scope have to be  " oob " ?

     

    Kindly advise.

     

    Thanks,

    Ankush



  • 8.  Re: OAuth Authorization Server - missing or duplicate parameters

    Posted 02-26-2017 06:49 PM

    Hello Ankush,

    "No route to host" is another problem, and it should be a network problem.

    Is api92.gateway.com the hostname of current gateway? Is it external name or internal name? Can you ping api92.gateway.com from the current gateway?

     

    Regards,

    Mark