Internal error while logging in to Edge UI through SSO

Not applicable

Hi,

I have enabled Edge SSO in my APIGEE Edge Private Cloud installation.

https://docs.apigee.com/private-cloud/v4.18.01/install-and-configure-edge-sso

After completing the installation, i configured Edge UI to use SSO. Also, i created a User for the email address i am using.

Now if i try to login to Edge SSO from the SSO login page, i am able to login and the Email Address is displayed in the account settings correctly.


But if i try to login to Edge UI, then it fails. From edge ui it is redirected to Edge SSO correctly. Then i login through IDP and it redirects back to Edge UI but with a 500 internal error at https://<edge ui host>:8443/oAuthCallbackWithAuthcode?code=MvEApRLDrs1eKQiHxpmdeVAh&state=/.

I can see that i am signed in if i go to Edge SSO login page but if i visit Edge UI it is giving 500 internal error.

How can i debug this? I checked the logs for both Edge UI and APIGEE SSO both are not showing any errors.

Is there any steps i am missing?

Solved Solved
0 4 2,837
1 ACCEPTED SOLUTION

Not applicable

This issue was resolved.

The error was because of an HTTPS call (https://edge-sso-ip:port/token_key ) happening from Edge management server to Edge SSO server which was giving 404. Got the error from /opt/apigee/var/log/edge-management-server/logs/system.log.

As in our case, internet traffic was restricted behind a internet proxy server and HTTPS calls from the edge management server to Edge SSO server were failing because it was not going through the internet proxy server. Edge UI application does not use the environment variables HTTPS_PROXY, NO_PROXY etc. We needed to add JAVA_OPTS manually for https.ProxyHost, https.ProxyPort etc or enable direct access without internet proxy.

View solution in original post

4 REPLIES 4

Not applicable

@Anil Sagar Is there any steps i am missing?

Not applicable

This issue was resolved.

The error was because of an HTTPS call (https://edge-sso-ip:port/token_key ) happening from Edge management server to Edge SSO server which was giving 404. Got the error from /opt/apigee/var/log/edge-management-server/logs/system.log.

As in our case, internet traffic was restricted behind a internet proxy server and HTTPS calls from the edge management server to Edge SSO server were failing because it was not going through the internet proxy server. Edge UI application does not use the environment variables HTTPS_PROXY, NO_PROXY etc. We needed to add JAVA_OPTS manually for https.ProxyHost, https.ProxyPort etc or enable direct access without internet proxy.

Awesome, Thank you @Jaideep Menon for answering the same with all details !!

I saw the same error reported by OPDK 18.01 customer and after long hours of debugging and looking through log files we discovered that the SSO module was working fine, but the UI redirect from SSO server was failing. Although we were using well known CA signed (Entrust) certs, we still had to manually add the public cert to the management server keystore & restarted the management server -- sso worked!

Here are sample commands:

1. Import the cert for SSO to management server java keystore

Sample command
keytool -importcert -alias startssl -keystore $JAVA_HOME/jre/lib/security/cacerts -file /path/to/cert/cert.crt

2. Restart management server