Issue with PingFederate CDR REST Datasource (server_profiles/pingfederate/instance/server/default/deploy/ekyc/index.jsp)

[arvindk25]

Fail to complete CDR consent flow due to Exception in PingFederate REST Datasource

Steps to reproduce:

1. Login to http://dr.data-recipient.local:8080/
2. Complete login flow (astone/password)
3. Go to Manage Accounts -> Add "crn1" / OTP "123456"
4. Accept the consent
5. You receive the Exception/Error instead of getting the Bank Account linked page

verified_claims is not present in id_token or userinfo --> Possible configuration issue, scope requested in client app is missing / Policy Tree / contract / Attribute Expression Mapping misconfiguration

You possibly cannot convert JSONArray to JSONObject without a parser and there is no exception handling in ekyc/index.jsp for null pointers, json parsing exceptions etc. --> Possible implementation bug

File: server_profiles/pingfederate/instance/server/default/deploy/ekyc/index.jsp

pingfederate_1           | /opt/out/instance/log/server.log:  Caused by: org.apache.jasper.JasperException: An exception occurred processing [/index.jsp] at line [6]
pingfederate_1           | /opt/out/instance/log/server.log:
pingfederate_1           | /opt/out/instance/log/server.log:  3: {
pingfederate_1           | /opt/out/instance/log/server.log:  4:   org.json.simple.JSONArray verifiedClaims = (org.json.simple.JSONArray)baseObj.get("verified_claims");
pingfederate_1           | /opt/out/instance/log/server.log:  5:
pingfederate_1           | /opt/out/instance/log/server.log:  6:   for(Object verifiedClaim : verifiedClaims)
pingfederate_1           | /opt/out/instance/log/server.log:  7:   {
pingfederate_1           | /opt/out/instance/log/server.log:  8:     org.json.simple.JSONObject verifiedClaimObj = (org.json.simple.JSONObject) verifiedClaim;
pingfederate_1           | /opt/out/instance/log/server.log:  9:     org.json.simple.JSONObject claims = (org.json.simple.JSONObject)verifiedClaimObj.get("claims");

[arvindk25]

@ttranatping Please have a look into this one

[ttranatping]

Hi. That code is unrelated to the CDR sandbox. It was us doing a bit of R&D for ekyc.

Which branch are you deploying? Please use master. And the latest version uses a different Data Recipient application @ https://spa.data-recipient.local

[ttranatping]

Just realised that the ekyc things are in master! It is a red herring and it should still function with that error.

Please use https://spa.data-recipient.local when testing a sample data recipient application. The Postman scripts are also handy.

[arvindk25]

Just realised that the ekyc things are in master! It is a red herring and it should still function with that error.

Please use spa.data-recipient.local when testing a sample data recipient application. The Postman scripts are also handy.

@ttranatping Please fix this as we require to test the Data Out Flow as per readme section "Running the DR Client" or update the master branch with correct instructions to test as Data Out (Holder)

[ttranatping]

It’s producing an error message but it still works. Hence, it’s a red herring. We will fix it but at the moment, that error is just cosmetic. It shouldn’t prevent you from proceeding.

There are two applications documented in the setup instructions. Use the second one (the spa application). We will remove the first application soon.

Also, the best way to test the data holder is using Postman. The postman collection is a data recipient application, with many tests performed against the data holder. Instructions are provided here:

https://github.com/pingidentity/pingidentity-cdr-sandbox/blob/master/docs/postman.md

[ttranatping]

I've updated master and removed the EKYC config and I've updated the docs and removed the original DR application.

I would also strongly suggest you follow the postman steps from above. It provides the most thorough test of the Data Holder.