Not Able To Authenticate Between IPad Mobile Security Workspace And Oracle Mobile Access Server (Doc ID 2180157.1)

Last updated on SEPTEMBER 14, 2016

Applies to:

Oracle Mobile Security Suite - Version 11.1.2.3.0 and later
Information in this document applies to any platform.
Not able to Authenticate between iPad Mobile Security workspace and Oracle Mobile Access server

Symptoms

The customer has configured Oracle Mobile Access Server is trying to authenticate to the OMSS server through through the Mobile Security workspace installed on an iPad.

The customer is trying to authenticate using the KINIT authentication mechanism against Active directory. They have followed the steps is mentioned in the following URL.

https://docs.oracle.com/cd/E52734_01/omss/AMSAS/msas-security-config.htm#BABFCCFI

When the customer tries to hit the configuration URL (https://1x.3x.1xx.4x:9xxx/bmax/bmconfig_kinit_kinit.json) from iPad the are getting the follow error on the Access server.

[2016-05-12T14:29:48.962+10:00] [glassfish] [TRACE] [] [org.glassfish.grizzly.filterchain.DefaultFilterChain] [host: dev-my1-a-0.abcd.xyz.gov.au] [nwaddr: 1x.3x.1xx.4x] [tid: 39] [userId: oracle] [ecid: 0000LIZE_6iF^675rJh8iY1ND0JG000008,0] [SRC_CLASS: org.glassfish.grizzly.filterchain.DefaultFilterChain] [SRC_METHOD: execute] GRIZZLY0013: Exception during FilterChain execution[[
java.io.EOFException
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.read(TCPNIOTransport.java:652)
at org.glassfish.grizzly.nio.transport.TCPNIOTransportFilter.handleRead(TCPNIOTransportFilter.java:75)
at org.glassfish.grizzly.filterchain.TransportFilter.handleRead(TransportFilter.java:173)

Architecture of Oracle components in ABC customer environment :-
Machine 1:- OAM , Weblogic , OUD , OMSS
Machine 2 :- OMSAS ( Oracle Mobile Security Access Server)

Changes

 The customer indicated that they got further when they tried using the obrareq.cgi URL without the port.

In the logs we can see that MSAS is matching the policy against the URL without the port, and at the time that the logs were generated there was no passthrough proxy app matching the URL without the port, so the default "oracle/multi_token_client_policy” was applied, resulting in the error  “OAMMSTokenData is not available in the SToken”.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms