IBM Security Verify

 View Only
  • 1.  IBM Application Gateway redirection error adding "default"

    Posted Wed August 26, 2020 04:10 AM
    Hello,

    I am trying IAG and IBM Security Verify Access as the Identity Provider.

    I have a problem and I don't know how to solve or debug it. I defined everything in the config file for IAG, I run the container and I access the page. I am not logged in, so I am redirected to Verift Access and I can login, so I can access the resource. When the session expires, I try to navigate and I am getting a 400, and if I reload the page I get this error:

    FBTOAU210E Redirect URI: [https://10.1.10.96/pkmsoidcdefault] is not valid

    The redirect uri should be "https://10.1.10.96/pkmsoidc".

    When I review the requests I can see that for these new requests I am getting this "default" added to pkmsoidc, but at the beginning of the connection, I am not.

    Regards

    ------------------------------
    Javier Garcia Pazos
    ------------------------------


  • 2.  RE: IBM Application Gateway redirection error adding "default"

    Posted Thu August 27, 2020 10:12 AM
    Hello 
    There are a couple of configurations you could validate.  The metadata URI (Verify Access /OIDC definition) must correspond with the IAG discovery_endpoint
    identity: oidc: discovery_endpoint: "https://www.myidp.ibm.com/mga/sps/oauth/oauth20/metadata/oidc_def"   https://www.myidp.ibm.com/mga/ corresponds to the Point of Contact Prefix value in the OIDC definition (Verify Access )


    ------------------------------
    Serge Vereecke
    ------------------------------



  • 3.  RE: IBM Application Gateway redirection error adding "default"

    Posted Thu August 27, 2020 11:03 AM
    Hello Serge, 
    sure I reviewed those configurations and both are right. 

    Now, I think the problem is xhr requests. When I log in and session expires, if I click in a xhr request I get this error, but if I click on a html request, I am redirected to Security Verify.

    Next picture shows you in the last request how it is added "default" to the redirect_uri but the others are ok.


    Then, if I reload the page, I get the redirect_uri error

    ------------------------------
    Javier Garcia Pazos
    ------------------------------



  • 4.  RE: IBM Application Gateway redirection error adding "default"

    Posted Tue September 01, 2020 09:47 AM
    Hi there,

    I also encountered the same issue.
    Enabling 'Generate refresh token' on IAG application config on ISV seems to have resolved the issue.

    Warm Regards,
    Shishir

    ------------------------------
    Shishir JN
    ------------------------------



  • 5.  RE: IBM Application Gateway redirection error adding "default"

    Posted Tue September 01, 2020 11:50 AM
    Hello Shishir JN,

    I can't find how to  'Generate refresh token'. Can you help me?

    Regards


    ------------------------------
    Javier Garcia Pazos
    ------------------------------



  • 6.  RE: IBM Application Gateway redirection error adding "default"

    Posted Wed September 02, 2020 01:38 AM
    Hi Javier,

    I enabled 'Generate refresh token' like in the screen-shot below.

    Warm Regards,

    ------------------------------
    Shishir JN
    ------------------------------



  • 7.  RE: IBM Application Gateway redirection error adding "default"

    Posted Wed September 02, 2020 02:16 AM
    Thank you very much Shishir JN,

    I thought you did it in IAG own configuration. 

    Regards

    ------------------------------
    Javier Garcia Pazos
    ------------------------------