How to solve HTTP/1.1 401 when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent ?
(Doc ID 2109494.1)
Last updated on MAY 18, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Goal
Customer have configured oauth application to work with OAM using default IAMSuiteAgent
- After customer reconfigure webgate to protect oauth service following: 53.5 Configuring a WebGate to Protect OAuth Services
oauth application fail with HTTP/1.1 401 when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent
- Verifying http header trace we find OAMAuthnCookie_host:port successfully set.
- Verified authentication and authorization policies and looks ok.
Webgate logs show:
2016/02/12@12:07:03.63141 19463 19518 WEB DEBUG3 0x00000201 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/ecid.cpp:63 ecid^<ECID> rid^0 "ECID Information" ECID_WrappedString^<ECID> RID^0 Function^OBWebGate_Err StartTime^2016/02/12@12:07:03.63139 URI^/ms_oauth/oauth2/ui/oauthservice/showconsent
2016/02/12@12:07:03.63302 19463 19519 ACCESS_GATE TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/web_gate.cpp:1953 ecid^<ECID> "Function exited" _TraceName^WebGate::StripObSSOCookie _TraceDuration^0.007468
2016/02/12@12:07:03.63474 19463 19518 WEB TRACE 0x00000203 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:940 ecid^<ECID> "Function entered" _TraceName^OBWebGate_Err _TraceAddress^<TRACE_ID>
RequestReq^GET /ms_oauth/oauth2/ui/oauthservice/showconsent?response****************************************rect_uri=http://<HOST.DOMAIN>:<PORT>/Rest_Web/CustomerInfo&scope=Customer.Info+UserProfile.me&state=<state> &oracle_client_name=customerClient HTTP/1.1 RequestProto^HTTP/1.1
RequestHost^<HOST.DOMAIN> RequestStatLine^ RequestStatus^200 RequestRawUri^/ms_oauth/oauth2/ui/oauthservice/showconsent?response****************************************rect_uri=http://<HOST.DOMAIN>:<PORT>/Rest_Web/CustomerInfo&scope=Customer.Info+UserProfile.me&state=<state>&oracle_client_name=customerClient RequestUri^/ms_oauth/oauth2/ui/oauthservice/showconsent
RequestFilename^/ms_oauth/oauth2/ui/oauthservice/showconsent RequestPath^ RequestArgs^response****************************************rect_uri=http://<HOST.DOMAIN>:<PORT>/Rest_Web/CustomerInfo&scope=Customer.Info+UserProfile.me&state=<state>&oracle_client_name=customerClient
2016/02/12@12:07:03.63670 19463 19519 ACCESS_GATE TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/web_gate.cpp:703 ecid^<ECID> "Function exited" _TraceName^WebGate::ProcessRequest _TraceDuration^0.523926
2016/02/12@12:07:03.63849 19463 19518 WEB TRACE 0x00000203 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:1007 "Function entered" _TraceName^OBWebGate_Response
2016/02/12@12:07:03.64023 19463 19519 WEB TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:828 ecid^<ECID> "Function exited" _TraceName^OBWebGate_AuthnAndAuthz _TraceAddress^<TRACE_ID> _TraceDuration^0.583444 return^404
we see here return^404 but in header trace we have HTTP/1.1 401
- OAM managed server logs show:
[2016-02-16T10:28:25.943+02:00] [<OAM_SERVER>] [TRACE] [OAMSSA-06013] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid:<ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.common.policy.runtime.provider.common.RulesEvaluator] [SRC_METHOD: evaluate] PolicyRuntime :: paramName="result", paramDetail="ALLOW".
[2016-02-16T10:28:25.945+02:00] [<OAM_SERVER>] [TRACE] [OAMSSA-14001] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [SRC_METHOD: isAuthorized] Authorization Engine :: paramName="AccessResult", paramValue="{ Result: true, Context: {authorization_failure_eval_conditions=[], resource_pattern=HTTP::SERVER_NAME::/ms_oauth/oauth2/ui/**::, authorization_policy_id=<POLICY_ID>, authorization_policy_name=POLICY_NAME>, application_domain=<APPDOMAIN>, authorization_success_eval_conditions=[TRUE]} }".
....
[2016-02-16T10:28:25.945+02:00] [<OAM_SERVER>] [TRACE:16] [] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [SRC_METHOD: isAuthorized] RETURN { Result: true, Context: {authorization_failure_eval_conditions=[], resource_pattern=HTTP::SERVER_NAME::/ms_oauth/oauth2/ui/**::, authorization_policy_id=<POLICY_ID>, authorization_policy_name=<POLICY_NAME>, application_domain=<APPDOMAIN>, authorization_success_eval_conditions=[TRUE]}
....
[2016-02-16T10:28:25.974+02:00] [<OAM_SERVER>] [TRACE] [] [oracle.oam.controler] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [SRC_CLASS: oracle.security.am.engines.enginecontroller.AuthzEngineController] [SRC_METHOD: authorize] Is Authorized: true
...
[2016-02-16T10:28:25.974+02:00] [<OAM_SERVER>] [TRACE:32] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.common.policy.util.URLUtils] [SRC_METHOD: decodeURL] Original url: /ms_oauth/oauth2/ui/oauthservice/showconsent
> we see Is Authorized: true
How to solve HTTP/1.1 401 when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent ?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |