My Oracle Support Banner

How to solve HTTP/1.1 401 Unauthorized when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent ? (Doc ID 2109494.1)

Last updated on AUGUST 09, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

Customer have configured oauth application to work with OAM using default IAMSuiteAgent

- After customer reconfigure webgate to protect oauth service
following:
http://docs.oracle.com/cd/E52734_01/oam/AIAAG/oicconfigoauth.htm#AIAAG89815
53.5 Configuring a WebGate to Protect OAuth Services

oauth application fail with HTTP/1.1 401 Unauthorized when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent

- Verifying http header trace we find OAMAuthnCookie_host:port successfully set.

- Verified authentication and authorization policies and looks ok.

Webgate logs show:

2016/02/12@12:07:03.63141 19463 19518 WEB DEBUG3 0x00000201 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/ecid.cpp:63
 ecid^005At61EUWa4ykW_Px^Ayd0004jt0000Rh rid^0 "DMS ECID Information" ECID_WrappedString^1.005At61EUWa4ykW_Px%5eAyd0004jt0000Rh;k%5ejE ECID^005At61EUWa4ykW_Px%5eAyd0004jt0000Rh RID^0
 Function^OBWebGate_Err StartTime^2016/02/12@12:07:03.63139
 
 URI^/ms_oauth/oauth2/ui/oauthservice/showconsent
 
2016/02/12@12:07:03.63302 19463 19519 ACCESS_GATE TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/web_gate.cpp:1953
 ecid^005At61J1Vv4ykW_Px^Ayd0004jt0000Ri rid^0 "Function exited" _TraceName^WebGate::StripObSSOCookie _TraceDuration^0.007468
 
2016/02/12@12:07:03.63474 19463 19518 WEB TRACE 0x00000203 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:940 ecid^005At61EUWa4ykW_Px^Ayd0004jt0000Rh rid^0
"Function entered" _TraceName^OBWebGate_Err _TraceAddress^0x7FCA71A36164
RequestReq^GET /ms_oauth/oauth2/ui/oauthservice/showconsent?response****************************************rect_uri=http%253A%252F%252F10.10.10.100%253A10805%252FRest_Web%252FCustomerInfo&scope=Customer.Info+UserProfile.me&state=abc&oracle_client_name=customerClient HTTP/1.1 RequestProto^HTTP/1.1 RequestHost^server123.company.com RequestStatLine^ RequestStatus^200

RequestRawUri^/ms_oauth/oauth2/ui/oauthservice/showconsent?response****************************************rect_uri=http%253A%252F%252F10.10.10.100%253A10805%252FRest_Web%252FCustomerInfo&scope=Customer.Info+UserProfile.me&state=abc&oracle_client_name=customerClient RequestUri^/ms_oauth/oauth2/ui/oauthservice/showconsent

RequestFilename^/ms_oauth/oauth2/ui/oauthservice/showconsent RequestPath^ RequestArgs^response****************************************rect_uri=http%253A%252F%252F10.10.10.100%253A10805%252FRest_Web%252FCustomerInfo&scope=Customer.Info+UserProfile.me&state=abc&oracle_client_name=customerClient

2016/02/12@12:07:03.63670 19463 19519 ACCESS_GATE TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/web_gate.cpp:703 ecid^005At61J1Vv4ykW_Px^Ayd0004jt0000Ri rid^0 "Function exited" _TraceName^WebGate::ProcessRequest _TraceDuration^0.523926

2016/02/12@12:07:03.63849 19463 19518 WEB TRACE 0x00000203 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:1007 "Function entered" _TraceName^OBWebGate_Response

2016/02/12@12:07:03.64023 19463 19519 WEB TRACE 0x00000204 /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:828 ecid^005At61J1Vv4ykW_Px^Ayd0004jt0000Ri rid^0 "Function exited" _TraceName^OBWebGate_AuthnAndAuthz _TraceAddress^0x7FCA71A2D1D2 _TraceDuration^0.583444 return^404

we see here return^404 but in header trace we have HTTP/1.1 401

- OAM managed server logs show:

[2016-02-16T10:28:25.943+02:00] [oam_server1] [TRACE] [OAMSSA-06013] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005AxvelhQf4ykW_Px^Ayd0000zX00001J,1:29909] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.common.policy.runtime.provider.common.RulesEvaluator] [SRC_METHOD: evaluate] PolicyRuntime :: paramName="result", paramDetail="ALLOW".
 
 [2016-02-16T10:28:25.945+02:00] [oam_server1] [TRACE] [OAMSSA-14001] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005AxvelhQf4ykW_Px^Ayd0000zX00001J,1:29909] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [SRC_METHOD: isAuthorized] Authorization Engine :: paramName="AccessResult", paramValue="{ Result: true, Context: {authorization_failure_eval_conditions=[], resource_pattern=HTTP::SERVER_NAME::/ms_oauth/oauth2/ui/**::, authorization_policy_id=225aef67-9f60-47a1-9e60-4a60de2bdd0f, authorization_policy_name=WGS AUTHZ, application_domain=Custom WGS, authorization_success_eval_conditions=[TRUE]} }".
 ....
[2016-02-16T10:28:25.945+02:00] [oam_server1] [TRACE:16] [] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005AxvelhQf4ykW_Px^Ayd0000zX00001J,1:29909] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [SRC_METHOD: isAuthorized] RETURN { Result: true, Context: {authorization_failure_eval_conditions=[], resource_pattern=HTTP::SERVER_NAME::/ms_oauth/oauth2/ui/**::, authorization_policy_id=225aef67-9f60-47a1-9e60-4a60de2bdd0f, authorization_policy_name=WGS AUTHZ, application_domain=Custom WGS, authorization_success_eval_conditions=[TRUE]}
....
[2016-02-16T10:28:25.974+02:00] [oam_server1] [TRACE] [] [oracle.oam.controler] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005AxvelhQf4ykW_Px^Ayd0000zX00001J,1:29909] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.AuthzEngineController] [SRC_METHOD: authorize] Is Authorized: true
[2016-02-16T10:28:25.974+02:00] [oam_server1] [TRACE:32] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005AxvelhQf4ykW_Px^Ayd0000zX00001J,1:29909] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.common.policy.util.URLUtils] [SRC_METHOD: decodeURL] Original url: %2Fms_oauth%2Foauth2%2Fui%2Foauthservice%2Fshowconsent

> we see Is Authorized: true

How to solve HTTP/1.1 401 Unauthorized when try to get URI /ms_oauth/oauth2/ui/oauthservice/showconsent ?

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.