-
Title
Authentication fails on web portal with Azure Open ID -
Description
Authentication to the One Identity Manager Web Portal using Azure OpenID (OAuth2) fails after redirect from the Azure login page.
An error occurred while processing the request: POST https://<server>/apiserver/imx/login/portal
System.Exception: An error occurred while processing the request: POST https://<server>/apiserver/imx/login/portal
---> VI.Base.ViException: The user could not be authenticated.
---> QER.OAuthAuthentifier.OAuth2Exception: An error occurred while sending the request.
---> System.Net.Http.HttpRequestException: An error occurred while sending the request.
---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. -
Cause
The API Server makes an outbound HTTPS request to
login.microsoftonline.comto exchange the OAuth authorization code for an access token.-
The API server did not have Internet access, so Windows could not automatically download the intermediate certificate during TLS validation.
-
This caused the TLS handshake to fail, resulting in the authentication error.
-
-
Resolution
Ensure the certificates for Azure were installed on the APIServer - so the trust relationship was made.
Azure Certificate Authority details