• State Suggested Answer
  • Replies 27 replies
  • Answers 1 answer
  • Subscribers 97 subscribers
  • Views 16378 views
  • Users 0 members are here
Options
Related

Authentication failed with OpenID connect

pprathapgirija
over 4 years ago

Hello All, 

We have integrated One Identity Manger with Forgerock AM . Once we enter the URL of the Web portal it redirects back to AM for authentication, after authentication it redirect back to the portal with the below error

The authentication process could not be completed. Contact your system administrator if the problem persists.

Failed to authenticate user.

Cannot find the requested object.

 

Got the below error message in the job queue

Login failed (Module: OAuth 2.0 / OpenID Connect (role based), Properties: , Identity: -, Client Machine: 10.11.46.133, Errors: [System.Security.Cryptography.CryptographicException] Cannot find the requested object.

 If anybody have any idea, please let us know.

Thanks,

Pranav

  • 0 over 4 years ago in reply to Troy Grandy

    Thank you Tony , 

    I could only find the below error in the logs

    2020-09-21 15:24:32.0741 ERROR ( ObjectLog 0ig1bmkkmr3nnjhkiru2ggp1) : Failed to authenticate user using OAuth2/Open ID Connect. System.Security.Cryptography.CryptographicException: Cannot find the requested object.

    at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
    at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
    at QER.OAuthAuthentifier.OAuth.<_GetSigningCertificatesFromServerAsync>d__17.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetClaimsAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetPersonDataAsync>d__24.MoveNext() at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
    at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
    at QER.OAuthAuthentifier.OAuth.<_GetSigningCertificatesFromServerAsync>d__17.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetClaimsAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetPersonDataAsync>d__24.MoveNext()
    2020-09-21 15:24:33.0898 WARN ( WebLog 0ig1bmkkmr3nnjhkiru2ggp1) : One or more errors occurred. System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> System.Security.Cryptography.CryptographicException: Cannot find the requested object.

  • 0 over 4 years ago in reply to Troy Grandy

    Thanks Tony,

    i found the below error message in logs

    2020-09-21 15:24:32.0741 ERROR ( ObjectLog 0ig1bmkkmr3nnjhkiru2ggp1) : Failed to authenticate user using OAuth2/Open ID Connect. System.Security.Cryptography.CryptographicException: Cannot find the requested object.

    at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
    at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
    at QER.OAuthAuthentifier.OAuth.<_GetSigningCertificatesFromServerAsync>d__17.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetClaimsAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetPersonDataAsync>d__24.MoveNext() at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
    at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
    at QER.OAuthAuthentifier.OAuth.<_GetSigningCertificatesFromServerAsync>d__17.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetClaimsAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at QER.OAuthAuthentifier.OAuth.<GetPersonDataAsync>d__24.MoveNext()
    2020-09-21 15:24:33.0898 WARN ( WebLog 0ig1bmkkmr3nnjhkiru2ggp1) : One or more errors occurred. System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> System.Security.Cryptography.CryptographicException: Cannot find the requested object.

  • 0 over 4 years ago in reply to Troy Grandy

    I found the below information in web portal logs

    2020-09-21 15:24:32.0741 ERROR ( ObjectLog) : Failed to authenticate user using OAuth2/Open ID Connect. System.Security.Cryptography.CryptographicException: Cannot find the requested object.at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)

    at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
    at QER.OAuthAuthentifier.OAuth.<_GetSigningCertificatesFromServerAsync>d__17.MoveNext()

  • 0 over 4 years ago in reply to Troy Grandy

    error is pointing to a certificate issue by the sound of it X509

  • 0 over 4 years ago in reply to Troy Grandy

    just FYI We have two web servers behind the DNS, i am not sure about what kind of certificates is giving the problem

  • 0 over 4 years ago in reply to pprathapgirija

    It sounds as if you are using a certificate for the Identity Provider this is why the X509 log lines I would expect. I don't know if you went through the wizard manually or not but in the screen shot below is where you would have entered the certificate information