IBM Application Gateway redirection error adding "default"

5. RE: IBM Application Gateway redirection error adding "default"

Like

Javier Garcia Pazos

Posted Tue September 01, 2020 11:50 AM

Hello Shishir JN,

I can't find how to 'Generate refresh token'. Can you help me?

Regards

------------------------------
Javier Garcia Pazos
------------------------------

Original Message

Original Message:
Sent: Tue September 01, 2020 09:46 AM
From: Shishir JN
Subject: IBM Application Gateway redirection error adding "default"

Hi there,

I also encountered the same issue.
Enabling 'Generate refresh token' on IAG application config on ISV seems to have resolved the issue.

Warm Regards,
Shishir

------------------------------
Shishir JN

Original Message:
Sent: Thu August 27, 2020 11:03 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello Serge,
sure I reviewed those configurations and both are right.

Now, I think the problem is xhr requests. When I log in and session expires, if I click in a xhr request I get this error, but if I click on a html request, I am redirected to Security Verify.

Next picture shows you in the last request how it is added "default" to the redirect_uri but the others are ok.

Then, if I reload the page, I get the redirect_uri error

------------------------------
Javier Garcia Pazos

Original Message:
Sent: Thu August 27, 2020 06:22 AM
From: Serge Vereecke
Subject: IBM Application Gateway redirection error adding "default"

Hello
There are a couple of configurations you could validate. The metadata URI (Verify Access /OIDC definition) must correspond with the IAG discovery_endpoint
identity: oidc: discovery_endpoint: "https://www.myidp.ibm.com/mga/sps/oauth/oauth20/metadata/oidc_def" https://www.myidp.ibm.com/mga/ corresponds to the Point of Contact Prefix value in the OIDC definition (Verify Access )

In the OIDC (Verify access) client definition , the redirect URI must correspond to the IAG-URL/pkmsoidc value

Kind regards,
Serge Vereecke

------------------------------
Serge Vereecke

Original Message:
Sent: Wed August 26, 2020 04:10 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello,

I am trying IAG and IBM Security Verify Access as the Identity Provider.

I have a problem and I don't know how to solve or debug it. I defined everything in the config file for IAG, I run the container and I access the page. I am not logged in, so I am redirected to Verift Access and I can login, so I can access the resource. When the session expires, I try to navigate and I am getting a 400, and if I reload the page I get this error:

FBTOAU210E Redirect URI: [https://10.1.10.96/pkmsoidcdefault] is not valid

The redirect uri should be "https://10.1.10.96/pkmsoidc".

When I review the requests I can see that for these new requests I am getting this "default" added to pkmsoidc, but at the beginning of the connection, I am not.

Regards

------------------------------
Javier Garcia Pazos
------------------------------

6. RE: IBM Application Gateway redirection error adding "default"

Like

Shishir JN

Posted Wed September 02, 2020 01:38 AM

Hi Javier,

I enabled 'Generate refresh token' like in the screen-shot below.

Warm Regards,

------------------------------
Shishir JN
------------------------------

Original Message

Original Message:
Sent: Tue September 01, 2020 11:50 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello Shishir JN,

I can't find how to 'Generate refresh token'. Can you help me?

Regards

------------------------------
Javier Garcia Pazos

Original Message:
Sent: Tue September 01, 2020 09:46 AM
From: Shishir JN
Subject: IBM Application Gateway redirection error adding "default"

Hi there,

I also encountered the same issue.
Enabling 'Generate refresh token' on IAG application config on ISV seems to have resolved the issue.

Warm Regards,
Shishir

------------------------------
Shishir JN

Original Message:
Sent: Thu August 27, 2020 11:03 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello Serge,
sure I reviewed those configurations and both are right.

Now, I think the problem is xhr requests. When I log in and session expires, if I click in a xhr request I get this error, but if I click on a html request, I am redirected to Security Verify.

Next picture shows you in the last request how it is added "default" to the redirect_uri but the others are ok.

Then, if I reload the page, I get the redirect_uri error

------------------------------
Javier Garcia Pazos

Original Message:
Sent: Thu August 27, 2020 06:22 AM
From: Serge Vereecke
Subject: IBM Application Gateway redirection error adding "default"

Hello
There are a couple of configurations you could validate. The metadata URI (Verify Access /OIDC definition) must correspond with the IAG discovery_endpoint
identity: oidc: discovery_endpoint: "https://www.myidp.ibm.com/mga/sps/oauth/oauth20/metadata/oidc_def" https://www.myidp.ibm.com/mga/ corresponds to the Point of Contact Prefix value in the OIDC definition (Verify Access )

In the OIDC (Verify access) client definition , the redirect URI must correspond to the IAG-URL/pkmsoidc value

Kind regards,
Serge Vereecke

------------------------------
Serge Vereecke

Original Message:
Sent: Wed August 26, 2020 04:10 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello,

I am trying IAG and IBM Security Verify Access as the Identity Provider.

I have a problem and I don't know how to solve or debug it. I defined everything in the config file for IAG, I run the container and I access the page. I am not logged in, so I am redirected to Verift Access and I can login, so I can access the resource. When the session expires, I try to navigate and I am getting a 400, and if I reload the page I get this error:

FBTOAU210E Redirect URI: [https://10.1.10.96/pkmsoidcdefault] is not valid

The redirect uri should be "https://10.1.10.96/pkmsoidc".

When I review the requests I can see that for these new requests I am getting this "default" added to pkmsoidc, but at the beginning of the connection, I am not.

Regards

------------------------------
Javier Garcia Pazos
------------------------------

7. RE: IBM Application Gateway redirection error adding "default"

Like

Javier Garcia Pazos

Posted Wed September 02, 2020 02:16 AM

Thank you very much Shishir JN,

I thought you did it in IAG own configuration.

Regards

------------------------------
Javier Garcia Pazos
------------------------------

Original Message

Original Message:
Sent: Wed September 02, 2020 01:37 AM
From: Shishir JN
Subject: IBM Application Gateway redirection error adding "default"

Hi Javier,

I enabled 'Generate refresh token' like in the screen-shot below.

Warm Regards,

------------------------------
Shishir JN

Original Message:
Sent: Tue September 01, 2020 11:50 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello Shishir JN,

I can't find how to 'Generate refresh token'. Can you help me?

Regards

------------------------------
Javier Garcia Pazos

Original Message:
Sent: Tue September 01, 2020 09:46 AM
From: Shishir JN
Subject: IBM Application Gateway redirection error adding "default"

Hi there,

I also encountered the same issue.
Enabling 'Generate refresh token' on IAG application config on ISV seems to have resolved the issue.

Warm Regards,
Shishir

------------------------------
Shishir JN

Original Message:
Sent: Thu August 27, 2020 11:03 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello Serge,
sure I reviewed those configurations and both are right.

Now, I think the problem is xhr requests. When I log in and session expires, if I click in a xhr request I get this error, but if I click on a html request, I am redirected to Security Verify.

Next picture shows you in the last request how it is added "default" to the redirect_uri but the others are ok.

Then, if I reload the page, I get the redirect_uri error

------------------------------
Javier Garcia Pazos

Original Message:
Sent: Thu August 27, 2020 06:22 AM
From: Serge Vereecke
Subject: IBM Application Gateway redirection error adding "default"

Hello
There are a couple of configurations you could validate. The metadata URI (Verify Access /OIDC definition) must correspond with the IAG discovery_endpoint
identity: oidc: discovery_endpoint: "https://www.myidp.ibm.com/mga/sps/oauth/oauth20/metadata/oidc_def" https://www.myidp.ibm.com/mga/ corresponds to the Point of Contact Prefix value in the OIDC definition (Verify Access )

In the OIDC (Verify access) client definition , the redirect URI must correspond to the IAG-URL/pkmsoidc value

Kind regards,
Serge Vereecke

------------------------------
Serge Vereecke

Original Message:
Sent: Wed August 26, 2020 04:10 AM
From: Javier Garcia Pazos
Subject: IBM Application Gateway redirection error adding "default"

Hello,

I am trying IAG and IBM Security Verify Access as the Identity Provider.

I have a problem and I don't know how to solve or debug it. I defined everything in the config file for IAG, I run the container and I access the page. I am not logged in, so I am redirected to Verift Access and I can login, so I can access the resource. When the session expires, I try to navigate and I am getting a 400, and if I reload the page I get this error:

FBTOAU210E Redirect URI: [https://10.1.10.96/pkmsoidcdefault] is not valid

The redirect uri should be "https://10.1.10.96/pkmsoidc".

When I review the requests I can see that for these new requests I am getting this "default" added to pkmsoidc, but at the beginning of the connection, I am not.

Regards

------------------------------
Javier Garcia Pazos
------------------------------

IBM Verify

IBM Verify