Symantec Access Management

Expand all | Collapse all

OAuth (Social Login) fails: affwebserv cannot connect to auth provider

Jump to Best Answer
  • 1.  OAuth (Social Login) fails: affwebserv cannot connect to auth provider

    Posted 07-23-2015 12:20 PM

    Hello,

    I've been kicking a wall since my head is too sore to keep banging. I've been going in circles with CA Support on this issue. We are trying to setup an OAuth with a remote Auth Provider. When the user returns to us with the state&code, I understand we should be connecting to that auth provider directly (not through browser).  The browser GETs this url:

     

    https: //example.com/affwebservices/public/oauthtokenconsumer/oauthprovider1?state=105977e9-f0f2b73e-37c8bf17-ce2eeacd-18c4a9c1-cd&code=4/dXnglq5hBzPvG7WjxB4MW7BaJnNxUC63FgawOk4qHe0

     

    I'm seeing this in our affwebserv.log file:

     

    [1920/3564][Thu Jul 23 2015 15:39:48][MessageDispatcher.java][ERROR][sm-FedClient-01010] Dispatcher object thrown unknown exception while processing the request message. Message: Connection timed out: connect.

    [1920/3564][Thu Jul 23 2015 15:39:48][TokenConsumer.java][ERROR][sm-FedClient-02900] "Failure during transaction.  ID:  e8ac3f99-c6a25a23-39535ab8-91c3ca17-d3174989-82.. (, , , )

    [1920/3564][Thu Jul 23 2015 15:39:48][OAuthServiceBase][ERROR][sm-FedClient-02900] "Failure during transaction.  ID:  e8ac3f99-c6a25a23-39535ab8-91c3ca17-d3174989-82.. (, , , )

     

    Our web agent option pack (we call federation web server) sits behind a reverse proxy. Affwebservices is handled by Tomcat 7. In the control manager for Tomcat, I'm putting this at the bottom:

    -Dhttp.proxyHost=proxy.example.com

    -Dhttp.proxyPort=8181

     

    Still failed.

     

    I then add this to the system variables:

    Variable name: JAVA_OPTS

    Variable value: $JAVA_OPTS -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=8080

     

    Rebooted.

     

    Still fails with same log entries.

     

    Any suggestions?

     

    -Bandaged



  • 2.  Re: OAuth (Social Login) fails: affwebserv cannot connect to auth provider

    Posted 07-25-2015 11:54 PM

    Hi Mitch,

     

    You mentioned that the WAOP is behind reverse proxy. Does the WAOP able to reach out to the auth provider directly?

     

    Best regards,

    Kelly



  • 3.  Re: OAuth (Social Login) fails: affwebserv cannot connect to auth provider
    Best Answer

    Posted 05-12-2016 03:34 PM

    Hi Mitch,

     

    Please refer below KB article to resolve the issue.

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1584113.aspx

     

    Thanks,

    Sharan