Hi I am trying to set up our ELM server running 7.0.2 with sql server to use our Azure SSO. I was previously trying to get it to connect to our on premisis LDAPS but it was going nowhere so I have since already created the sql server database configs for the JAS, exported the jas xml file and imported the idp xml from Azure, and started running the sso migration scripts specified in:
https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.2?topic=management-enabling-jazz-security-architecture-sso-after-upgrade
However when i try to login (with the ADMIN for the local registry file) at https://hostname:9643/oidc/endpoint/jazzop/registration
I get
CWOAU0073E: An authentication error occurred. Try closing the web browser and authenticating again, or contact the site administrator if the problem persists.
Also at this step of the sso migration i get
repotools-jts -migrateToJsaSso authServerURL=https://{servername}:9643/oidc/endpoint/jazzop/.well-known/openid-configuration authServerUserId=X authServerPassword=X
CRJAZ2105I Checking for a running server...
<o:p>
</o:p>
CRJSA0004E The specified URL for the authorization server is not valid: https://hostname:9643/oidc/endpoint/jazzop/.well-known/openid-configuration
<o:p>
</o:p>
Explanation: The URL that was specified for the authorization server might be syntactically incorrect or might point to the wrong server.
<o:p>
</o:p>
User Action: Ensure that the URL points to a valid, running authorization server.
<o:p>
</o:p>
CRJSA0004E The specified URL for the authorization server is not valid:
<o:p>
</o:p>
status 502, code "_invalid_auth_server_url": The authorization discovery url is not returning an expected response. It has error code null and description "null"
<o:p>
</o:p>
CRJAZ2872E The URL is not a valid Jazz Authorization Server URL.
<o:p>
</o:p>
CRJAZ2867I The application has not been migrated to Jazz Security Architecture single sign-on.
I found the fix for this online to upgrate to Liberty 23.0.0.6, BUT when I try to download the jar for the fix I get
Some selected fixes encountered errors for this order.
<o:p>
</o:p>
No applicable IBM support agreement found for one or more of the products you selected.
<o:p>
</o:p>
Some help would be appreciated thanks!
Here is my log from when i try to log in:
[10/12/23 16:33:51:946 JST] 00000c41 com.ibm.ws.webcontainer.util.ApplicationErrorUtils E SRVE0777E: Exception thrown by application class 'com.ibm.ws.security.oauth20.web.RegistrationEndpointServices.processHeadOrGetAllClients:178'
java.lang.NullPointerException
at com.ibm.ws.security.oauth20.web.RegistrationEndpointServices.processHeadOrGetAllClients(RegistrationEndpointServices.java:178)
at com.ibm.ws.security.oauth20.web.RegistrationEndpointServices.processHeadOrGet(RegistrationEndpointServices.java:127)
at com.ibm.ws.security.oauth20.web.RegistrationEndpointServices.handleEndpointRequest(RegistrationEndpointServices.java:100)
at com.ibm.ws.security.oauth20.web.OAuth20EndpointServices.handleEndpointRequest(OAuth20EndpointServices.java:276)
at com.ibm.ws.security.openidconnect.web.OidcEndpointServices.handleOidcRequest(OidcEndpointServices.java:275)
at com.ibm.ws.security.openidconnect.web.OidcEndpointServlet.doPost(OidcEndpointServlet.java:55)
at com.ibm.ws.security.openidconnect.web.OidcEndpointServlet.doGet(OidcEndpointServlet.java:49)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:729)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:426)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:182)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
at com.ibm.ws.security.openidconnect.web.OidcRequestFilter.setEndpointRequest(OidcRequestFilter.java:41)
at com.ibm.ws.security.oauth20.web.OAuth20RequestFilter.doFilter(OAuth20RequestFilter.java:93)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at com.ibm.ws.app.manager.wab.internal.OsgiDirectoryProtectionFilter.doFilter(OsgiDirectoryProtectionFilter.java:90)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1001)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1139)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1010)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:75)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:938)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:279)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1134)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:415)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:374)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:546)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:480)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:345)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(HttpInboundLink.java:316)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1100)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:757)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:427)
at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:953)
at com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:85)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:958)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:239)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:822)
Comments
John Servo
Oct 12 '23, 3:52 a.m.I'm also getting this when i try to go into https://hostname:9643/oidc/endpoint/jazzop/authorize
CWOAU0033E: A required runtime parameter was missing: client_id