• State Suggested Answer
  • Replies 27 replies
  • Answers 1 answer
  • Subscribers 97 subscribers
  • Views 16589 views
  • Users 0 members are here
Options
Related

Authentication failed with OpenID connect

pprathapgirija
over 4 years ago

Hello All, 

We have integrated One Identity Manger with Forgerock AM . Once we enter the URL of the Web portal it redirects back to AM for authentication, after authentication it redirect back to the portal with the below error

The authentication process could not be completed. Contact your system administrator if the problem persists.

Failed to authenticate user.

Cannot find the requested object.

 

Got the below error message in the job queue

Login failed (Module: OAuth 2.0 / OpenID Connect (role based), Properties: , Identity: -, Client Machine: 10.11.46.133, Errors: [System.Security.Cryptography.CryptographicException] Cannot find the requested object.

 If anybody have any idea, please let us know.

Thanks,

Pranav

Parents Reply Children
  • 0 over 4 years ago in reply to Markus Weiss-Ehlers
    This below is the latest error
    Failed to authenticate user using OAuth2/Open ID Connect. System.FormatException: Input string was not in a correct format.
       at System.Text.StringBuilder.FormatError()
       at System.Text.StringBuilder.AppendFormatHelper(IFormatProvider provider, String format, ParamsArray args)
       at System.String.FormatHelper(IFormatProvider provider, String format, ParamsArray args)
       at System.String.Format(IFormatProvider provider, String format, Object[] args)
       at Microsoft.IdentityModel.Logging.IdentityModelEventSource.PrepareMessage(EventLevel level, String message, Object[] args)
  • 0 over 4 years ago in reply to pprathapgirija

    And what did you change? Just seeing the error is not really helpful.

  • 0 over 4 years ago in reply to Markus Weiss-Ehlers

    we enabled the configuration parameter  "QBM\DebugMode\OAuth2\LogPersonalInfoOnException

     

    : Failed to authenticate user using OAuth2/Open ID Connect. System.FormatException: Input string was not in a correct format.
       at System.Text.StringBuilder.FormatError()
       at System.Text.StringBuilder.AppendFormatHelper(IFormatProvider provider, String format, ParamsArray args)
       at System.String.FormatHelper(IFormatProvider provider, String format, ParamsArray args)
       at System.String.Format(IFormatProvider provider, String format, Object[] args)
       at Microsoft.IdentityModel.Logging.IdentityModelEventSource.PrepareMessage(EventLevel level, String message, Object[] args)
       at Microsoft.IdentityModel.Logging.IdentityModelEventSource.WriteError(String message)
       at Microsoft.IdentityModel.Logging.IdentityModelEventSource.WriteError(String message, Object[] args)
       at Microsoft.IdentityModel.Logging.LogHelper.LogExceptionMessage(EventLevel eventLevel, Exception exception)
       at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
       at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
       at QER.OAuthAuthentifier.OAuth._ValidateToken(String token, String issuerName, String clientId, String nonce, Boolean openid, IEnumerable`1 signingKeys, Boolean showPiiInLog)
       at QER.OAuthAuthentifier.OAuth.<GetClaimsAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  • 0 over 4 years ago in reply to pprathapgirija

    I quote myself here:

    Markus Weiss-Ehlers said:
    Without seeing the complete configuration, it is hard to guess what exactly is going wrong so I suggest contacting support to be able to share these confidential configuration items.

    So, either you are able to share your settings, especially the ones regarding the signing certificate, or you contact support.

  • 0 over 4 years ago in reply to Markus Weiss-Ehlers

    Thanks Markus, Contacted the support team and waiting for there response, Can you please tell us if OIM  support the HS256 algorithm to validate an OpenID Connect ID token

  • 0 over 4 years ago in reply to pprathapgirija

    HS256 should be supported as far as I know.

  • 0 over 4 years ago in reply to pprathapgirija

    Hello , The login issue has been resolved, Thank you for all your suuport

    the config param is set to off

    QBM\DebugMode\OAuth2\LogPersonalInfoOnException

    and we removed all the references of certificates since we are using the JSON end points

    Suuport team provided the below information

    if you want to use JSON end points, then values for tab certificate (certificate endpoint, certificate subject, thumbprint) and tab application (certificate endpoint, certificate subject, thumbprint) have to be cleared.

    But now we are getting the below error while log out any ideas

    {"error_description":"The endSession endpoint requires an id_token_hint parameter","error":"bad_request"}
    URL is .../connect/endSession?client_id=xxxxxxxxxxxxxx
  • 0 over 4 years ago in reply to pprathapgirija

    Sorry, but I do not have an idea about the logout. Please contact support, as you might already have.