Symantec Access Management

  • 1.  OAuth is not working

    Posted Jan 19, 2017 09:50 PM

    I tried OAUTH with CA Siteminder R12.52 SP01 CR05 but I am getting HTTP 500 error message. I am using web agent and option pack R12.52 SP01. 



  • 2.  Re: OAuth is not working

    Posted Jan 19, 2017 10:28 PM

    Hi Naresh,

     

    Please try to provide as much information as applicable as possible.

    • Was this working before ? 
    • Did it fail recently after the upgrade ?
    • What do you see in the affwebservice and FWSTrace.log corresponding to the failed transaction.
    • Anything on the agent trace log.

     

    Regards,

    Ujwol 



  • 3.  Re: OAuth is not working

    Posted Jan 20, 2017 07:59 AM

    Hi Ujwol,

    Thanks for your response. This is the 1st time I am working on this request. I had NAT issues from WAOP server. I have fixed those too. Now I am able to connect wget --spider https://accounts.google.com from my WAOP server. I didn't see any error in affwebservices and FWSTrace.log file too. 

    27942/3703826176][Fri Jan 20 2017 00:40:57][FWSBase.java][INFO][sm-FedClient-00340] FWS Base Service Initialization ()
    [27942/3703826176][Fri Jan 20 2017 00:40:57][TokenConsumer.java][INFO][sm-FedClient-01520] SAML2 OAuth Authorization and Single Sign-on Service has been successfully initialized.

    ---

    [Headers:{Cache-Control=no-cache, no-store, max-age=0, must-revalidate, Accept-Ranges=none, Alt-Svc=quic=":443"; ma=2592000; v="35,34", X-Frame-Options=SAMEORIGIN, Server=ESF, Date=Fri, 20 Jan 2017 00:41:10 GMT, Pragma=no-cache, Vary=Accept-Encoding, X-XSS-Protection=1; mode=block, Expires=Mon, 01 Jan 1990 00:00:00 GMT, Content-Disposition=attachment; filename="json.txt"; filename*=UTF-8''json.txt, Content-Type=application/json; charset=utf-8, Connection=close, X-Content-Type-Options=nosniff}]
    [Cookies:{}]
    [Message: {
    "access_token" : "ya29.GlzYAwmRPLW5MI7koe3wJiwAOjtox3S44uSdOtnVh3ZuBz5AAkxh0v-LCJFjD5yzAgiMekWsN5fbNBC63iVeDsypdNv0M3g4KM9vtO4CN2eZYmpNX15Abjep70wE6g",
    "expires_in" : 3595,
    "id_token" : "eyJhbGciOiJSUzI1NiIsImtpZCI6IjZlYzMwOTBlZjgyM2YxMWFhN2VhNDE0N2FlZWM1Zjk0YmViNWZkMDMifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiaWF0IjoxNDg0ODcyODcwLCJleHAiOjE0ODQ4NzY0NzAsImF0X2hhc2giOiJDbzczS1J1M0VoU0Q5MXhPVG1yT2JnIiwiYXVkIjoiMTU4NzM1MDUxMTI4LTVtdWpmZzk1ZWRtbHQ3cG5iOW5pN3E4czFrMGR0OGFwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTExNzM2MDg2NDUzMTg3ODg0NTA2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF6cCI6IjE1ODczNTA1MTEyOC01bXVqZmc5NWVkbWx0N3BuYjluaTdxOHMxazBkdDhhcC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImVtYWlsIjoibmFyZXNoLmdhcmdAZ21haWwuY29tIn0.BF0zWZ2QDvQLzEcHw2DVhLQ8x1o-z-5S5uawIqkMTSgQ7bcBOHXPNVaov23XZpLGpIDudrST6Hv-EGANsQ2mb0Jlnup2Z4DchUXflsKxCrF4_ZeKQcYj_jkR4SEklZLF6gVVnsGvEm4m2ix7E-lNaKG6DOOdNcN8IvkbNno2cyN8PbcC5f2MRMd8ETRjtzmGZJmN2J7lsmXUmbv9T1fxgCmfj_wyKSHQ6slS1hCiaDRMLICpPIm1s88vBXBjIZajHriiJAcPv8FLW3ZkB_W6jEkfHNwGgTYBuidMSaTYNSZpv6i8kT5dnSmQXiPzcvs7TVZ69Og8u9ePsXuSjtDLgQ",
    "token_type" : "Bearer"
    }]]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuthUtils.java][parseResponse][Message to parse: [Status Line: HTTP/1.1 200 OK
    ]
    [Headers:{Cache-Control=no-cache, no-store, max-age=0, must-revalidate, Accept-Ranges=none, Alt-Svc=quic=":443"; ma=2592000; v="35,34", X-Frame-Options=SAMEORIGIN, Server=ESF, Date=Fri, 20 Jan 2017 00:41:10 GMT, Pragma=no-cache, Vary=Accept-Encoding, X-XSS-Protection=1; mode=block, Expires=Mon, 01 Jan 1990 00:00:00 GMT, Content-Disposition=attachment; filename="json.txt"; filename*=UTF-8''json.txt, Content-Type=application/json; charset=utf-8, Connection=close, X-Content-Type-Options=nosniff}]
    [Cookies:{}]
    [Message: {
    "access_token" : "ya29.GlzYAwmRPLW5MI7koe3wJiwAOjtox3S44uSdOtnVh3ZuBz5AAkxh0v-LCJFjD5yzAgiMekWsN5fbNBC63iVeDsypdNv0M3g4KM9vtO4CN2eZYmpNX15Abjep70wE6g",
    "expires_in" : 3595,
    "id_token" : "eyJhbGciOiJSUzI1NiIsImtpZCI6IjZlYzMwOTBlZjgyM2YxMWFhN2VhNDE0N2FlZWM1Zjk0YmViNWZkMDMifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiaWF0IjoxNDg0ODcyODcwLCJleHAiOjE0ODQ4NzY0NzAsImF0X2hhc2giOiJDbzczS1J1M0VoU0Q5MXhPVG1yT2JnIiwiYXVkIjoiMTU4NzM1MDUxMTI4LTVtdWpmZzk1ZWRtbHQ3cG5iOW5pN3E4czFrMGR0OGFwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTExNzM2MDg2NDUzMTg3ODg0NTA2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF6cCI6IjE1ODczNTA1MTEyOC01bXVqZmc5NWVkbWx0N3BuYjluaTdxOHMxazBkdDhhcC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImVtYWlsIjoibmFyZXNoLmdhcmdAZ21haWwuY29tIn0.BF0zWZ2QDvQLzEcHw2DVhLQ8x1o-z-5S5uawIqkMTSgQ7bcBOHXPNVaov23XZpLGpIDudrST6Hv-EGANsQ2mb0Jlnup2Z4DchUXflsKxCrF4_ZeKQcYj_jkR4SEklZLF6gVVnsGvEm4m2ix7E-lNaKG6DOOdNcN8IvkbNno2cyN8PbcC5f2MRMd8ETRjtzmGZJmN2J7lsmXUmbv9T1fxgCmfj_wyKSHQ6slS1hCiaDRMLICpPIm1s88vBXBjIZajHriiJAcPv8FLW3ZkB_W6jEkfHNwGgTYBuidMSaTYNSZpv6i8kT5dnSmQXiPzcvs7TVZ69Og8u9ePsXuSjtDLgQ",
    "token_type" : "Bearer"
    }]]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuthUtils.java][parseResponse][Returned message is in JSON format.]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][sendAccessTokenRequest][Successfully parsed access token response.]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][sendAccessTokenRequest][Have an access token.]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][validateAccessToken][ENTER]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][validateAccessToken][Validate access token type not enabled]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][validateAccessToken][EXIT]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][sendAccessTokenRequest][Access token is valid.]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][sendAccessTokenRequest][EXIT]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][executeOAuthFlow][Successful access token response.]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][executeOAuthFlow][Retrieving user information.]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20TokenConsumerHandler][sendUserInformationRequest][ENTER]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20Utils][buildUserInformationRequest][ENTER]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20Utils][buildUserInformationRequest][EXIT]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][OAuth20Utils][sendClientMessage][ENTER]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][MessageDispatcher.java][acquireDispatcher][Value being used as key to the dispatcher map: Google|||google158735051128-5mujfg95edmlt7pnb9ni7q8s1k0dt8ap.apps.googleusercontent.comGET]
    [01/20/2017][00:41:10][27942][3703826176][b883d0ad-475a6a67-a43cdc6a-3dfee2c4-709f406b-e][MessageDispatcher.java][dispatchMessage][Sending the following message to the remote entity:
    [Message: /oauth2/v1/userinfo?access_token=ya29.GlzYAwmRPLW5MI7koe3wJiwAOjtox3S44uSdOtnVh3ZuBz5AAkxh0v-LCJFjD5yzAgiMekWsN5fbNBC63iVeDsypdNv0M3g4KM9vtO4CN2eZYmpNX15Abjep70wE6g].]
    [01/20/2017][00:41:15][27942][1786365696][][agentcommon][][The Configuration Management thread is calling doManagement()]
    [01/20/2017][00:41:15][27942][1786365696][][agentcommon][][There are doManagement messages]
    [01/20/2017][00:41:39][27942][1786099456][][CustomPostPageCache][performUpdate][Checking for updates]
    [01/20/2017][00:41:39][27942][1786099456][][CustomPostPageCache][performUpdate][No custom pages cached.]
    [01/20/2017][00:41:45][27942][1786365696][][agentcommon][][The Configuration Management thread is calling doManagement()]



  • 4.  Re: OAuth is not working

    Posted Jan 20, 2017 08:13 AM


  • 5.  Re: OAuth is not working

    Posted Jan 20, 2017 08:46 AM

    Yes. I followed the same link to create partnership and Google console. Even I used this link to fix NAT issues. 

    https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1584113.html 



  • 6.  Re: OAuth is not working
    Best Answer

    Posted Feb 02, 2017 07:57 AM

    Worked with Naresh on this issue.

     

    Issue resolved after opening NAT connection and required ports to below URL from Web agent option pack machine.

    accounts.google.com and www.googleapis.com

     

    Thanks,

    Sharan