I've been kicking a wall since my head is too sore to keep banging. I've been going in circles with CA Support on this issue. We are trying to setup an OAuth with a remote Auth Provider. When the user returns to us with the state&code, I understand we should be connecting to that auth provider directly (not through browser). The browser GETs this url:
I'm seeing this in our affwebserv.log file:
[1920/3564][Thu Jul 23 2015 15:39:48][MessageDispatcher.java][ERROR][sm-FedClient-01010] Dispatcher object thrown unknown exception while processing the request message. Message: Connection timed out: connect.
[1920/3564][Thu Jul 23 2015 15:39:48][TokenConsumer.java][ERROR][sm-FedClient-02900] "Failure during transaction. ID: e8ac3f99-c6a25a23-39535ab8-91c3ca17-d3174989-82.. (, , , )
[1920/3564][Thu Jul 23 2015 15:39:48][OAuthServiceBase][ERROR][sm-FedClient-02900] "Failure during transaction. ID: e8ac3f99-c6a25a23-39535ab8-91c3ca17-d3174989-82.. (, , , )
Our web agent option pack (we call federation web server) sits behind a reverse proxy. Affwebservices is handled by Tomcat 7. In the control manager for Tomcat, I'm putting this at the bottom:
I then add this to the system variables:
Variable name: JAVA_OPTS
Variable value: $JAVA_OPTS -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=8080
Still fails with same log entries.
You mentioned that the WAOP is behind reverse proxy. Does the WAOP able to reach out to the auth provider directly?
Please refer below KB article to resolve the issue.