If you are using SSO version 8.9.x and have perfromed key-rotation, when trying to use suomi.fi authentiction method you get Internal Server Error error in browser
Diag Logs :
2022-03-11 13:04:58,078 protocol [11.88.10.98] AuthorizationServlet com.ubisecure.ubilogin.sso.ui.conversation.authn.AccessDeniedException: Access to the requested resource is denied at com.ubisecure.ubilogin.sso.ui.conversation.authn.UbiloginAuthenticationRequest.assertAccessAllowed(UbiloginAuthenticationRequest.java:428) at com.ubisecure.ubilogin.sso.ui.conversation.authn.UbiloginAuthenticationRequest.assertAccessAllowed(UbiloginAuthenticationRequest.java:398) at com.ubisecure.ubilogin.sso.ui.servlet.AbstractMainServlet.main(AbstractMainServlet.java:201)
This kind of error occurs if there arent any keys configured to be encryption key. This means that all keys are configured as signing keys and the integration with suomi.fi is probably configured to use encryption.
You can check if key has added only usage to be -d "use : sig" using below GET method curl -H "Authorization: Bearer XXXXXX" -X GET https://HOSTNAME/uas/oauth2/metadata.jwks --insecure
You can remove the usage by following command : curl -H "Authorization: Bearer XXXXXX" -X PUT https://HOSTNAME/sso-api/credential/System/ServerKeyContainer/sig-key1 -d "use= " --insecure
Now the same key will be used as encrypion key as well as sig key. |
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|