IBM Security Verify

 View Only

ISVA :- How do I get thrown custom exception information to REST API client

  • 1.  ISVA :- How do I get thrown custom exception information to REST API client

    Posted Fri April 21, 2023 11:02 AM
    Hello,
     
    I am throwing a custom exception using IDMappingExtUtils.throwSTSUserMessageException() method on otp generate mapping rule. It works as expected. 
     
    I am also trying to read the custom exception thrown on otp generate mapping rule but for some reason its NOT available for REST API clients. 
     
    The error.json file looks as follows:
     
    {
    "junction" : "@JUNCTION@",
    "errorMessage" : "@ERROR_MESSAGE@",
    "reqAddr" : "@REQ_ADDR@",
    "timestamp" : "@TIMESTAMP@",
    "exceptionMsg" : "@EXCEPTION_MSG@",
    "exceptionStack" : "@EXCEPTION_STACK@"
    }
     
    I am using followig curl command to request the  OTP
     
    curl --location 'https://<AAC_RUNTIME>/sps/apiauthsvc/policy/custom_mac_otp' \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/json' \
    --header 'Cookie: JSESSIONID=0000SOjuAwsFxKTm9XN6EKRakD7:75455972-df5c-4228-b1b3-71a0d7b72389' \
    --data-raw '{
                "emailAddress": "abc@xyz.com",
                "deliveryType": "email"
    }'
     
    I am getting following response. for some reason @EXCEPTION_MSG@ and @EXCEPTION_STACK@ are NOT getting populated.
     
     
    {
        "junction": "",
        "errorMessage": "FBTOTP313E The one-time password authenticate callback could not invoke the trust service to perform token exchange for operation id [/otp/generate/deliver/otpvalue/] .",
        "reqAddr": "/sps/apiauthsvc/policy/custom_mac_otp",
        "timestamp": "2023-04-19T15:49:42Z",
        "exceptionMsg": "",
        "exceptionStack": ""
     
    I could see from trace.log that custom exception is getting thrown
     
    [4/19/23, 6:40:36:669 PDT] 00000045 id=00000000 i.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker 1 generateAndDeliver com.tivoli.am.fim.otp.exception.OTPException: FBTOTP313E The one-time password authenticate callback could not invoke the trust service to perform token exchange for operation id [/otp/generate/deliver/otpvalue/] .
    at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.exchangeOTPToken(UniversalOTPWorker.java:594)
    at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.exchangeOTPToken(UniversalOTPWorker.java:642)
    at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.callSTSForOTPOperation(UniversalOTPWorker.java:514)
    at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.generateAndDeliver(UniversalOTPWorker.java:264)
    at com.tivoli.am.fim.authsvc.action.authenticator.macotp.MACOTPAuthenticator$4.execute(MACOTPAuthenticator.java:250)
    at com.tivoli.am.fim.authsvc.action.authenticator.macotp.MACOTPAuthenticator$4.execute(MACOTPAuthenticator.java:232)
    at com.tivoli.am.fim.authsvc.automaton.state.DecoratorState.execute(DecoratorState.java:56)
    at com.tivoli.am.fim.authsvc.automaton.state.DecoratorState.execute(DecoratorState.java:48)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
    at com.tivoli.am.fim.authsvc.action.authenticator.macotp.MACOTPAuthenticator.execute(MACOTPAuthenticator.java:521)
    at com.tivoli.am.fim.authsvc.automaton.state.AuthenticatorState.execute(AuthenticatorState.java:87)
    at com.tivoli.am.fim.authsvc.automaton.state.AuthenticatorState.execute(AuthenticatorState.java:59)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
    at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.doProcessState(RestAuthSvcDelegate.java:478)
    at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.doProcessPolicy(RestAuthSvcDelegate.java:416)
    at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.doPreparePolicy(RestAuthSvcDelegate.java:400)
    at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.execute(RestAuthSvcDelegate.java:191)
    at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate$1.execute(RestAuthSvcDelegate.java:133)
    at com.tivoli.am.fim.authsvc.automaton.state.InteractorState.execute(InteractorState.java:57)
    at com.tivoli.am.fim.authsvc.automaton.state.InteractorState.execute(InteractorState.java:49)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:144)
    at com.tivoli.am.fim.authsvc.automaton.state.ContainerState.execute(ContainerState.java:99)
    at com.tivoli.am.fim.authsvc.protocol.delegate.RestAuthSvcDelegate.processRequest(RestAuthSvcDelegate.java:742)
    at com.tivoli.am.fim.fedmgr2.proper.FederationManager.doInitialRequestOnDelegate(FederationManager.java:476)
    at com.tivoli.am.fim.fedmgr2.proper.FederationManager.finishProcessingWithDelegateId(FederationManager.java:311)
    at com.tivoli.am.fim.fedmgr2.proper.FederationManager.processRequest(FederationManager.java:164)
    at com.tivoli.am.fim.fedmgr2.servlet.SSOPSServletBase.doRequest(SSOPSServletBase.java:129)
    at com.tivoli.am.fim.fedmgr2.servlet.SPSCommandDispatcher.invoke(SPSCommandDispatcher.java:432)
    at com.tivoli.am.fim.war.runtime.liberty.LibertyRuntimeServlet.doPost(LibertyRuntimeServlet.java:92)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1258)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:746)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:443)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:183)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:79)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1002)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1140)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5061)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:314)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1007)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:279)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1159)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:428)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:387)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:566)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:500)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:360)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(HttpInboundLink.java:327)
    at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1100)
    at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:757)
    at com.ibm.ws.channel.ssl.internal.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:427)
    at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:954)
    at com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:85)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:958)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
    at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:238)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)
    Caused by: com.tivoli.am.fim.trustserver.sts.STSModuleException: +null
    at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault$JavaScriptRule.execute(STSMapDefault.java:293)
    at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.executeMappingRules(STSMapDefault.java:239)
    at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.executeMappingRules(STSMapDefault.java:220)
    at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.doMap(STSMapDefault.java:121)
    at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault.invoke(STSMapDefault.java:73)
    at com.tivoli.am.fim.trustserver.sts.STSModuleChain.invoke(STSModuleChain.java:319)
    at com.tivoli.am.fim.trustserver.sts.STSModuleChainManager.executeChain(STSModuleChainManager.java:1149)
    at com.tivoli.am.fim.trustserver.sts.STSModuleChainManager.processthroughChains(STSModuleChainManager.java:170)
    at com.tivoli.am.fim.trustserver.sts.STSModuleChainManager.process(STSModuleChainManager.java:117)
    at com.tivoli.am.fim.trustserver.sts.STSManager.process(STSManager.java:60)
    at com.tivoli.am.fim.trustserver.service.SecurityTokenProcessor.process(SecurityTokenProcessor.java:63)
    at com.tivoli.am.fim.trustserver.service.SecurityTokenService.requestSecurityToken(SecurityTokenService.java:136)
    at com.tivoli.am.fim.fedmgr2.trust.TokenExchangeCommandImpl.exchange(TokenExchangeCommandImpl.java:163)
    at com.tivoli.am.fim.authsvc.action.authenticator.otp.UniversalOTPWorker.exchangeOTPToken(UniversalOTPWorker.java:563)
    ... 67 more
    Caused by: com.ibm.security.access.javascript.JSCodeRuntimeException
    at com.ibm.security.access.javascript.JSCode.execute(JSCode.java:141)
    at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault$JavaScriptRule.execute(STSMapDefault.java:289)
    ... 80 more
    Caused by: org.mozilla.javascript.WrappedException: Wrapped com.tivoli.am.fim.trustserver.sts.utilities.STSUserMessageException: CustomException (OTPGenerate#22)
    at org.mozilla.javascript.Context.throwAsScriptRuntimeEx(Context.java:1932)
    at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:148)
    at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
    at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
    at org.mozilla.javascript.gen.OTPGenerate_3._c_script_0(OTPGenerate:22)
    at org.mozilla.javascript.gen.OTPGenerate_3.call(OTPGenerate)
    at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:405)
    at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3508)
    at org.mozilla.javascript.gen.OTPGenerate_3.call(OTPGenerate)
    at org.mozilla.javascript.gen.OTPGenerate_3.exec(OTPGenerate)
    at com.ibm.security.access.javascript.JSCode.execute(JSCode.java:123)
    ... 81 more
    Caused by: com.tivoli.am.fim.trustserver.sts.utilities.STSUserMessageException: CustomException
    at com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils.throwSTSUserMessageException(IDMappingExtUtils.java:173)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.base/java.lang.reflect.Method.invoke(Unknown Source)
    at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
    ... 90 more
    I have also removed the @EXCEPTION_STACK@ entry from sps.page.hiddenMacros from advanced configuration. Am I missing anything? Please advise.
     
    Regards,
    Sunil


    ------------------------------
    Sunil Kumar Manihalla
    ------------------------------