Password Reset application troubleshooting - SSO

404 Page Not Found

A page not found error indicates that the steps described in Password application installation  have not been completed.

HTTP Status 500 – Internal Server Error

Check Tomcat server logs (in ubilogin-sso/tomcat/logs/catalina.YYYY-MM-DD.log by default) if it contains some of the log entries shown below.

  • INFO: [ERROR] password com.ubisecure.sso.password.reset.BeginResetServlet: java.lang.IllegalStateException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature validation failed
  • INFO: [ERROR] password com.ubisecure.sso.password.reset.OTPServlet: java.lang.IllegalStateException: Invalid response: {"error":"unauthorized_client"} for grant_type=...
    • Depending on the shown grant_type
      • http://globalsign.com/iam/sso/oauth2/grant-type/sms-mt-otp → No Unregistered SMS OTP method allowed to Password Reset application
      • http://globalsign.com/iam/sso/oauth2/grant-type/smtp-otp → No Unregistered SMTP OTP method allowed to Password Reset application
      • Otherwise → The password method contains an invalid value X in the configuration parameter password.reset.grantTypes

User was found but the account is invalid

The user account may not have the required account attribute set, such as mail which should contain the email address where the email would be sent, or mobile which should contain the mobile number where the SMS message would be sent. Check that the attribute is set.

With Ubilogin Directory as the user account directory, verify that the user account has the password method activated.

Ensure the correct method is being used during password reset by specifying the method name in the query string. For example: https://idp.example.com/password-reset?method=password.1