Jump to content

External Authenitcation Not Working after Upgrade


Recommended Posts

We upgraded to FMS19 today and Google OAuth no longer works. The select an account screen comes up in a Browser, the redirect to our server is called and then there is no error and the DB is not logged in. It just leaves you at the login window. You could repeat this process over and over.  If you reload the redirect URL you get an Authentication Failed error which I what I would expect if the authentication was failing. I think the original auth request is successful but does not open the DB.

I also tested on another server with the same results.

 

Link to post
Share on other sites
  • Replies 9
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

I've been using FMS19 extensively with OpenID Connect OAuth providers so I know the underlying mechanism works.

I would suggest using https://oidcdebugger.com/ to initiate an auth request and complete the second step with Postman so that you have a chance to inspect the id_token that you get back.

You'll need to add https://oidcdebugger.com/debug to your list of Redirect URLs on the Google side.

19 minutes ago, RyanB said:

It just leaves you at the login window

Which one?  The FM one or the Google one?

If you changed the DNS name of your server, make sure to update the redirect URLs on the Google side.

Link to post
Share on other sites

I thought that too and checked our firewall. Nothing should be getting blocked so I am not sure why it is stopped.

Is FMS 19 using any new ports?

I have never used https://oidcdebugger.com/

I am not sure what to put for Authorize URI (required), Response type (required) , or Response mode (required)

 

Link to post
Share on other sites

Check out addendum 4 of our series of white papers:

image.png.1293f4f57de25ec45bade1095dddbd25.png

It describes how to use oidcdebugger and postman to simulate the whole process and to inspect the id_token.

And no: no different ports because this all goes on port https (443), none of it is FMS-specific.

Link to post
Share on other sites

Thanks. I have not worked through the document yet but I have discovered a possible cause. We use internal DNS in our office which points traffic to our FM Server FQDN to the LAN IP.

Oauth is working fine outside the Office and if I edit my host record to resolve to the FMServer using the public IP Oauth works fine. This all worked before the upgrade. It makes no sense because DNS resolves fine internally and externally.

Link to post
Share on other sites

Yes, would be weird.  The only thing I can think of are the SSL issues with Comodo that started around June 1st, if your FMS SSL cert was affected by the expiry of the intermediate bundle from Sectigo then perhaps that is what is in play and the FMS19 upgrade is a red herring?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.