IBM Connections is throwing a 500 error during OAuth2 authorization. ([OAuth20ClientAuthnFilter]: filter is unavailable)

StackOverflow https://stackoverflow.com/questions/19281016

  •  30-06-2022
  •  | 
  •  

Question

I'm currently working on an OAuth2 consumer for IBM Connections 4.0 (If it helps I'm using the social business quickstart image on smartcloud)

I believe I have everything setup correctly (App is Registered and the Callback URL is running HTTPS), but I'm hitting a 500 error part way thought the oauth process.

Basically, the user is sent to this URL to get the AuthorizationCode:

/oauth2/endpoint/connectionsProvider/authorize?response_type=code&client_id={appID}&callback_uri={URL}

This returns a login page. After logging in the user is suppose to be redirected to the callback url with the AuthorizationCode as a url parameter.

But what is actually happening is that after logging in, but before the page redirection IBM Connections is throwing a 500 error with this message:

Error 500: javax.servlet.ServletException: Filter [OAuth20ClientAuthnFilter]: filter is unavailable.

If the user was logged in before hitting the "/oauth2/endpoint/connectionsProvider/authorize" link then the 500 error is display instantly instead of connections doing the whole page redirection thing.

So I'm pretty sure this has nothing to do with users logging in... It is probably something related to the authorization code generation or the redirection back to my app.

I'm not exactly sure where to go from here. Does anyone have any knowledge of IBM Connections that would help point me in the right direction of what is going wrong? Or even better yet has anyone seen this before and knows what I've done wrong?

Update:

Here's the exception and what I believe is the relavant part of the stack trace from the SystemOut.log

10/11/13 12:10:43:585 EDT] 00000064 servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: Uncaught exception created in one of the service methods of the servlet OAuth20EndpointServlet in application WebSphereOauth20SP. Exception created : javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
        at com.ibm.jsse2.o.a(o.java:15)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:460)
        at com.ibm.jsse2.kb.a(kb.java:294)
        at com.ibm.jsse2.kb.a(kb.java:533)
        at com.ibm.jsse2.lb.a(lb.java:55)
        at com.ibm.jsse2.lb.a(lb.java:581)
        at com.ibm.jsse2.kb.s(kb.java:11)
        at com.ibm.jsse2.kb.a(kb.java:394)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:44)
        at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:496)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:528)
        at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:505)
        at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:83)
        at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:31)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1184)
        at com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:40)
        at com.ibm.ws.security.oauth20.util.TemplateRetriever.getTemplateFromRemote(TemplateRetriever.java:102)
        at com.ibm.ws.security.oauth20.util.TemplateRetriever.getTemplate(TemplateRetriever.java:72)
        at com.ibm.ws.security.oauth20.form.FormRenderer.renderForm(FormRenderer.java:67)
        at com.ibm.ws.security.oauth20.web.OAuth20EndpointServlet.renderConsentForm(OAuth20EndpointServlet.java:557)
        at com.ibm.ws.security.oauth20.web.OAuth20EndpointServlet.processAuthorizationRequest(OAuth20EndpointServlet.java:214)
        at com.ibm.ws.security.oauth20.web.OAuth20EndpointServlet.doPost(OAuth20EndpointServlet.java:139)
        at com.ibm.ws.security.oauth20.web.OAuth20EndpointServlet.doGet(OAuth20EndpointServlet.java:110)
Was it helpful?

Solution

Open you WebSphere Console

Go to Security

Click SSL certificate and key management

Click Key stores and certificates

Click CellDefaultTrustStore

Click Signer Certificates

Click Retrieve From Port

Enter the HOSTNAME of your Connections Server, and the port which is hosting your OAUTH dance, if it's 443, use 443

Click Ok

Click Save / Close

Then Sync the Nodes (you can do it under environment. Then restart the Connections Server (you might not have to do this step)

Retry your oAuth dance. if that fails, paste a snippet of your SystemOut.log

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top