My Oracle Support Banner

How to solve HTTP/1.1 401 when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent ? (Doc ID 2109494.1)

Last updated on NOVEMBER 01, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

Customer have configured oauth application to work with OAM using default IAMSuiteAgent

- After customer reconfigure webgate to protect oauth service following: 53.5 Configuring a WebGate to Protect OAuth Services

oauth application fail with HTTP/1.1 401 when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent

- Verifying http header trace we find OAMAuthnCookie_host:port successfully set.

- Verified authentication and authorization policies and looks ok.

Webgate logs show:

2016/02/12@12:07:03.63141 19463 19518 WEB DEBUG3 0x00000201 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/ecid.cpp:63 ecid^<ECID> rid^0 "ECID Information" ECID_WrappedString^<ECID> RID^0  Function^OBWebGate_Err StartTime^2016/02/12@12:07:03.63139   URI^/ms_oauth/oauth2/ui/oauthservice/showconsent
 
2016/02/12@12:07:03.63302 19463 19519 ACCESS_GATE TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/web_gate.cpp:1953 ecid^<ECID> "Function exited" _TraceName^WebGate::StripObSSOCookie _TraceDuration^0.007468
 
2016/02/12@12:07:03.63474 19463 19518 WEB TRACE 0x00000203 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:940 ecid^<ECID> "Function entered" _TraceName^OBWebGate_Err _TraceAddress^<TRACE_ID>

RequestReq^GET /ms_oauth/oauth2/ui/oauthservice/showconsent?response****************************************rect_uri=http://<HOST.DOMAIN>:<PORT>/Rest_Web/CustomerInfo&scope=Customer.Info+UserProfile.me&state=<state> &oracle_client_name=customerClient HTTP/1.1 RequestProto^HTTP/1.1

RequestHost^<HOST.DOMAIN> RequestStatLine^ RequestStatus^200 RequestRawUri^/ms_oauth/oauth2/ui/oauthservice/showconsent?response****************************************rect_uri=http://<HOST.DOMAIN>:<PORT>/Rest_Web/CustomerInfo&scope=Customer.Info+UserProfile.me&state=<state>&oracle_client_name=customerClient RequestUri^/ms_oauth/oauth2/ui/oauthservice/showconsent

RequestFilename^/ms_oauth/oauth2/ui/oauthservice/showconsent RequestPath^ RequestArgs^response****************************************rect_uri=http://<HOST.DOMAIN>:<PORT>/Rest_Web/CustomerInfo&scope=Customer.Info+UserProfile.me&state=<state>&oracle_client_name=customerClient

2016/02/12@12:07:03.63670 19463 19519 ACCESS_GATE TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/web_gate.cpp:703 ecid^<ECID> "Function exited" _TraceName^WebGate::ProcessRequest _TraceDuration^0.523926

2016/02/12@12:07:03.63849 19463 19518 WEB TRACE 0x00000203 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:1007 "Function entered" _TraceName^OBWebGate_Response

2016/02/12@12:07:03.64023 19463 19519 WEB TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:828 ecid^<ECID> "Function exited" _TraceName^OBWebGate_AuthnAndAuthz _TraceAddress^<TRACE_ID> _TraceDuration^0.583444 return^404

we see here return^404 but in header trace we have HTTP/1.1 401

- OAM managed server logs show:

[2016-02-16T10:28:25.943+02:00] [<OAM_SERVER>] [TRACE] [OAMSSA-06013] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid:<ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.common.policy.runtime.provider.common.RulesEvaluator] [SRC_METHOD: evaluate] PolicyRuntime :: paramName="result", paramDetail="ALLOW".
 
 [2016-02-16T10:28:25.945+02:00] [<OAM_SERVER>] [TRACE] [OAMSSA-14001] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [SRC_METHOD: isAuthorized] Authorization Engine :: paramName="AccessResult", paramValue="{ Result: true, Context: {authorization_failure_eval_conditions=[], resource_pattern=HTTP::SERVER_NAME::/ms_oauth/oauth2/ui/**::, authorization_policy_id=<POLICY_ID>, authorization_policy_name=POLICY_NAME>, application_domain=<APPDOMAIN>, authorization_success_eval_conditions=[TRUE]} }".
 ....
[2016-02-16T10:28:25.945+02:00] [<OAM_SERVER>] [TRACE:16] [] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [SRC_METHOD: isAuthorized] RETURN { Result: true, Context: {authorization_failure_eval_conditions=[], resource_pattern=HTTP::SERVER_NAME::/ms_oauth/oauth2/ui/**::, authorization_policy_id=<POLICY_ID>, authorization_policy_name=<POLICY_NAME>, application_domain=<APPDOMAIN>, authorization_success_eval_conditions=[TRUE]}
....
[2016-02-16T10:28:25.974+02:00] [<OAM_SERVER>] [TRACE] [] [oracle.oam.controler] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [SRC_CLASS: oracle.security.am.engines.enginecontroller.AuthzEngineController] [SRC_METHOD: authorize] Is Authorized: true

...
[2016-02-16T10:28:25.974+02:00] [<OAM_SERVER>] [TRACE:32] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: <ECID>] [APP: oam_server#111200] [SRC_CLASS: oracle.security.am.common.policy.util.URLUtils] [SRC_METHOD: decodeURL] Original url: /ms_oauth/oauth2/ui/oauthservice/showconsent

> we see Is Authorized: true

How to solve HTTP/1.1 401 when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent ?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.