Troubleshooting
Problem
After using the Wizard for "Connect IBM Cloud Identity in to ISAM" attempts to authenticate using "OIDC Login" will fail with the error " DPWAD1075E The authentication failed because the server has not yet been fully initialized. "
Cause
IBM Cloud Identity now requires SNI to make a TLS connection.
Environment
ISAM Reverse Proxy connecting to IBM Cloud Identity
Diagnosing The Problem
The Reverse Proxy message log will have the following errors :
2019-07-21-15:14:28.113-05:00I----- 0x38AD54CC webseald WARNING wiv ssl SSLConnection.cpp 2357 0x7f5083fff700 -- DPWIV1228W WebSEAL could not establish a secure connection to the server, tenant.ice.ibmcloud.com, for the default junction (Function call: gsk_secure_soc_init; failed error: 0x1a4 GSK_ERROR_SOCKET_CLOSED).
2019-07-21-15:14:28.113-05:00I----- 0x38983425 webseald ERROR wad general OIDCOpClient.cpp 663 0x7f5083fff700 -- DPWAD1061E Failed to connect to the OIDC OP server: tenant.ice.ibmcloud.com:443.
Resolving The Problem
Add the following to the end of the applicable Reverse Proxy configuration file:
[ssl:default]
jct-gsk-attr-name = string:230:tenant.ice.ibmcloud.com
jct-gsk-attr-name = enum:4020:1
Where 'tenant' is the IBM Cloud Identity tenant you've configured for SSO.
If you have multiple OIDC OP Providers you may need to add more specific SNI settings for those providers.
eg.
[ssl:default]
jct-gsk-attr-name = string:230:tenant.ice.ibmcloud.com
jct-gsk-attr-name = enum:4020:1
[ssl:tenant2]
jct-gsk-attr-name = string:230:tenant2.ice.ibmcloud.com
jct-gsk-attr-name = enum:4020:1
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQRZH","label":"IBM Security Access Manager Appliance"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSELE6","label":"IBM Security Access Manager for Mobile"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSLHZW","label":"IBM Security Identity and Access Manager"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Product Synonym
ISAM for Web; IBM Cloud Identity; IBM CI; IBM Security Access Manager
Was this topic helpful?
Document Information
Modified date:
22 July 2020
UID
ibm10960908