Hello,
I am throwing a custom exception using IDMappingExtUtils.throwSTSUserMessageException() method on otp generate mapping rule. It works as expected.
I am also trying to read the custom exception thrown on otp generate mapping rule but for some reason its NOT available for REST API clients.
The error.json file looks as follows:
{
"junction" : "@JUNCTION@",
"errorMessage" : "@ERROR_MESSAGE@",
"reqAddr" : "@REQ_ADDR@",
"timestamp" : "@TIMESTAMP@",
"exceptionMsg" : "@EXCEPTION_MSG@",
"exceptionStack" : "@EXCEPTION_STACK@"
}
I am using followig curl command to request the OTP
curl --location 'https://<AAC_RUNTIME>/sps/apiauthsvc/policy/custom_mac_otp' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Cookie: JSESSIONID=0000SOjuAwsFxKTm9XN6EKRakD7:75455972-df5c-4228-b1b3-71a0d7b72389' \
--data-raw '{
"emailAddress": "abc@xyz.com",
"deliveryType": "email"
}'
I am getting following response. for some reason @EXCEPTION_MSG@ and @EXCEPTION_STACK@ are NOT getting populated.
{
"junction": "",
"errorMessage": "FBTOTP313E The one-time password authenticate callback could not invoke the trust service to perform token exchange for operation id [/otp/generate/deliver/otpvalue/] .",
"reqAddr": "/sps/apiauthsvc/policy/custom_mac_otp",
"timestamp": "2023-04-19T15:49:42Z",
"exceptionMsg": "",
"exceptionStack": ""
I could see from trace.log that custom exception is getting thrown
[4/19/23, 6:40:36:669 PDT] 00000045 id=00000000 i.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker 1 generateAndDeliver com.tivoli.am.fim.otp.exception.OTPException: FBTOTP313E The one-time password authenticate callback could not invoke the trust service to perform token exchange for operation id [/otp/generate/deliver/otpvalue/] .
at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.exchangeOTPToken(UniversalOTPWorker.java:594)
at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.exchangeOTPToken(UniversalOTPWorker.java:642)
at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.callSTSForOTPOperation(UniversalOTPWorker.java:514)
at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.generateAndDeliver(UniversalOTPWorker.java:264)
at com.tivoli.am.fim.authsvc.action.authenticator.macotp.MACOTPAuthenticator$4.execute(MACOTPAuthenticator.java:250)
at com.tivoli.am.fim.authsvc.action.authenticator.macotp.MACOTPAuthenticator$4.execute(MACOTPAuthenticator.java:232)
at com.tivoli.am.fim.authsvc.automaton.state.DecoratorState.execute(DecoratorState.java:56)
at com.tivoli.am.fim.authsvc.automaton.state.DecoratorState.execute(DecoratorState.java:48)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
at com.tivoli.am.fim.authsvc.action.authenticator.macotp.MACOTPAuthenticator.execute(MACOTPAuthenticator.java:521)
at com.tivoli.am.fim.authsvc.automaton.state.AuthenticatorState.execute(AuthenticatorState.java:87)
at com.tivoli.am.fim.authsvc.automaton.state.AuthenticatorState.execute(AuthenticatorState.java:59)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.doProcessState(RestAuthSvcDelegate.java:478)
at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.doProcessPolicy(RestAuthSvcDelegate.java:416)
at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.doPreparePolicy(RestAuthSvcDelegate.java:400)
at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.execute(RestAuthSvcDelegate.java:191)
at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.execute(RestAuthSvcDelegate.java:133)
at com.tivoli.am.fim.authsvc.automaton.state.InteractorState.execute(InteractorState.java:57)
at com.tivoli.am.fim.authsvc.automaton.state.InteractorState.execute(InteractorState.java:49)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate.processRequest(RestAuthSvcDelegate.java:742)
at com.tivoli.am.fim.fedmgr2.proper.FederationManager.doInitialRequestOnDelegate(FederationManager.java:476)
at com.tivoli.am.fim.fedmgr2.proper.FederationManager.finishProcessingWithDelegateId(FederationManager.java:311)
at com.tivoli.am.fim.fedmgr2.proper.FederationManager.processRequest(FederationManager.java:164)
at com.tivoli.am.fim.fedmgr2.servlet.SSOPSServletBase.doRequest(SSOPSServletBase.java:129)
at com.tivoli.am.fim.fedmgr2.servlet.SPSCommandDispatcher.invoke(SPSCommandDispatcher.java:432)
at com.tivoli.am.fim.war.runtime.liberty.LibertyRuntimeServlet.doPost(LibertyRuntimeServlet.java:92)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1258)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:746)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:443)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:183)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:79)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1002)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1140)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5061)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:314)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1007)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:279)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1159)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:428)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:387)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:566)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:500)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:360)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(HttpInboundLink.java:327)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1100)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:757)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:427)
at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:954)
at com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:85)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:958)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:238)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: com.tivoli.am.fim.trustserver.sts.STSModuleException: +null
at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault$JavaScriptRule.execute(STSMapDefault.java:293)
at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.executeMappingRules(STSMapDefault.java:239)
at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.executeMappingRules(STSMapDefault.java:220)
at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.doMap(STSMapDefault.java:121)
at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.invoke(STSMapDefault.java:73)
at com.tivoli.am.fim.trustserver.sts.STSModuleChain.invoke(STSModuleChain.java:319)
at com.tivoli.am.fim.trustserver.sts.STSModuleChainManager.executeChain(STSModuleChainManager.java:1149)
at com.tivoli.am.fim.trustserver.sts.STSModuleChainManager.processthroughChains(STSModuleChainManager.java:170)
at com.tivoli.am.fim.trustserver.sts.STSModuleChainManager.process(STSModuleChainManager.java:117)
at com.tivoli.am.fim.trustserver.sts.STSManager.process(STSManager.java:60)
at com.tivoli.am.fim.trustserver.service.SecurityTokenProcessor.process(SecurityTokenProcessor.java:63)
at com.tivoli.am.fim.trustserver.service.SecurityTokenService.requestSecurityToken(SecurityTokenService.java:136)
at com.tivoli.am.fim.fedmgr2.trust.TokenExchangeCommandImpl.exchange(TokenExchangeCommandImpl.java:163)
at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.exchangeOTPToken(UniversalOTPWorker.java:563)
... 67 more
Caused by: com.ibm.security.access.javascript.JSCodeRuntimeException
at com.ibm.security.access.javascript.JSCode.execute(JSCode.java:141)
at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault$JavaScriptRule.execute(STSMapDefault.java:289)
... 80 more
Caused by: org.mozilla.javascript.WrappedException: Wrapped com.tivoli.am.fim.trustserver.sts.utilities.STSUserMessageException: CustomException (OTPGenerate#22)
at org.mozilla.javascript.Context.throwAsScriptRuntimeEx(Context.java:1932)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:148)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.mozilla.javascript.gen.OTPGenerate_3._c_script_0(OTPGenerate:22)
at org.mozilla.javascript.gen.OTPGenerate_3.call(OTPGenerate)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:405)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3508)
at org.mozilla.javascript.gen.OTPGenerate_3.call(OTPGenerate)
at org.mozilla.javascript.gen.OTPGenerate_3.exec(OTPGenerate)
at com.ibm.security.access.javascript.JSCode.execute(JSCode.java:123)
... 81 more
Caused by: com.tivoli.am.fim.trustserver.sts.utilities.STSUserMessageException: CustomException
at com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils.throwSTSUserMessageException(IDMappingExtUtils.java:173)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
... 90 more
I have also removed the @EXCEPTION_STACK@ entry from sps.page.hiddenMacros from advanced configuration. Am I missing anything? Please advise.
Regards,
Sunil
------------------------------
Sunil Kumar Manihalla
------------------------------