Skip to main content

Unable to get authorization code from PingFederate

Problem

I am using PingFederate as key manager for my API Manager. While requesting authorization code for an existing client and resource owner, it was showing the following error message



"Server.log" shows the following message

2016-12-13 11:34:03,363 tid:AOf2aORr5j9_X_PHbCTZu-toxwA DEBUG [org.sourceid.websso.servlet.IntegrationControllerServlet] POST: https:<IP>/as/yVKcc/resume/as/authorization.ping
2016-12-13 11:34:03,363 tid:AOf2aORr5j9_X_PHbCTZu-toxwA INFO  [org.sourceid.websso.servlet.IntegrationControllerServlet] org.sourceid.websso.servlet.RenderPageException: Unable to resume processing because saved state was not found for key: BR6msnwXdx33oQX3imDRni_yVKcc - rendering state.not.found.error.page.template.html

Background 

1. I have following two OAuth clients configured in PingFederate 



2. OAuth client "2" was created with the following configuration


3. Using the following url, authorization code was requested 

https://localhost:9031/as/authorization.oauth2?client_id=2&response_type=code&redirect_uri=http://localhost/test

4. PingFederate was showing login screen.


5. Even if the user credentials are valid, PingFederate shows the following error message




Solution

In my "Server Settings >> Federation Info" configuration, "IP" address was configured in "BASE URL" field but I was using "localhost" to request authorization url.

Configuration Steps

Check the "Server Configuration >> Server Settings >> Federation Info>> BASE URL"

You need to use the value configured in "BASE URL" field to request "Authorization Code".

If you configure "localhost" then Authorization code request URL should contain "localhost".

Ex:

https://localhost:9031/as/authorization.oauth2?client_id=2&response_type=code&redirect_uri=http://localhost/test

Labels:

Comments

Post a Comment

Popular posts from this blog

How to disable Swagger documentation?

Background   When I was developing foundational RESTful APIs (Web API) for one of our clients, swagger was our choice for documentation. Swagger provides interactive documentation feature with nice UI. Since we were developing only RESTful APIs, QA team members were using Swagger UI to test APIs. Suddenly there was a request from customer to disable swagger in production environment. Solution How to enable swagger? Install "Swashbuckle" nuget package into your WebAPI project.  This installation will add the following entries in "packages.config"   <package id=" Swashbuckle " version="5.5.3" targetFramework="net45" />   <package id=" Swashbuckle.Core " version="5.5.3" targetFramework="net45" /> " SwaggerConfig.cs " file will be added in " App_Start " folder Execute the project code. When the new browser window pops out, add " swagger/ui/
1 comment
Read more

How to configure custom password validator in PingFederate?

Requirement  Use an existing oracle table (password is plain text) in PingFederate to validate user credential for authorization code flow. Analysis By default PingFederate supports the following password validators LDAP Username Password Credentials Validator PingOne Directory Password Credential Validaot RADIUS Username Password Credential Validator Simple Username Password Credential Validator   SQL password validator is not in the list. So how to use an existing oracle table to validate the user credentials. Solution Need to create SQL custom password validator (jar). You may also contact PingFederate support team for this.   Download   How to Configure Custom Password Validator? Stop PingFederate instance Copy the jar file (pf.plugins.password-credential-validator-sql-v2.jar) to the following folder on PingFederate server                  <PingFederateInstall>/pingfederate/server/default/deploy/            3. Restart PingF
Post a Comment
Read more