ruwanta
commented
3 years ago Can you try a proper domain name instead of "localhost" or "OUR_HOST" , as these are not considers as a proper domain names for certificates.
Open AndreaCaglio97 opened 3 years ago
ruwanta
commented
3 years ago Can you try a proper domain name instead of "localhost" or "OUR_HOST" , as these are not considers as a proper domain names for certificates.
AndreaCaglio97
commented
3 years ago @ruwanta thanks a lot for the answer, but my domain has already been placed in the certificates (in the description of the issue I have used OUR_HOST as a placeholder for my domain name).
Seems that the problem is related to localhost, what can be done to fix it?
ruwanta
commented
3 years ago Did you follow this? https://is.docs.wso2.com/en/latest/setup/changing-the-hostname/
AndreaCaglio97
commented
3 years ago @ruwanta thanks a lot, I followed the guide about Changing the hostname, and the Issue which I reported has been resolved.
Unfortunately I have another problem. When I log in to wso2 using the generated OTP, on the browser I'm redirected to the following url:
https://dsotp-dev.digitalgrid.it/accountrecoveryendpoint/confirmrecovery.do?client_id=gVWBVK0pdX4pg2Yk3fFbBjKe1aUa&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=eMpRGZ2HmgHcXhvgavgzd-vxKDYeyTCNZOImNQjQemI&passiveAuth=false&redirect_uri=https%3A%2F%2Fdsotp-dev.digitalgrid.it%2Flogin%2Foauth2%2Fcode%2Fwso2&response_type=code&scope=openid&state=P7R0WCAAFN6erHiAOuDHCGpie2MRlAp7Z3Vl3Onyqm0%3D&tenantDomain=carbon.super&sessionDataKey=94e6cb26-faa5-47a4-a787-b7adbce9218b&relyingParty=gVWBVK0pdX4pg2Yk3fFbBjKe1aUa&type=oidc&sp=ng-dms-gateway&isSaaSApp=true&username=mario.rossi%40ngdms.com&tenantdomain=ngdms.com&confirmation=ZPSXNU&callback=%2Fauthenticationendpoint%2Flogin.do%3Fclient_id%3DgVWBVK0pdX4pg2Yk3fFbBjKe1aUa%26commonAuthCallerPath%3D%252Foauth2%252Fauthorize%26forceAuth%3Dfalse%26nonce%3DeMpRGZ2HmgHcXhvgavgzd-vxKDYeyTCNZOImNQjQemI%26passiveAuth%3Dfalse%26redirect_uri%3Dhttps%253A%252F%252Fdsotp-dev.digitalgrid.it%252Flogin%252Foauth2%252Fcode%252Fwso2%26response_type%3Dcode%26scope%3Dopenid%26state%3DP7R0WCAAFN6erHiAOuDHCGpie2MRlAp7Z3Vl3Onyqm0%253D%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D94e6cb26-faa5-47a4-a787-b7adbce9218b%26relyingParty%3DgVWBVK0pdX4pg2Yk3fFbBjKe1aUa%26type%3Doidc%26sp%3Dng-dms-gateway%26isSaaSApp%3Dtrue%26authenticators%3DBasicAuthenticator%3ALOCAL&reason=ADMIN_FORCED_PASSWORD_RESET_VIA_OTP
The following is the screenshot of the result obtained on the browser:
Replacing in the url of the error page the tenant carbon.super with our custom tenant ngdms.com, the first login with OTP works and, as showed in the following screenshot, it's possible to set a new password:
Why this replacing is necessary? I don't understand why carbon.super tenant is in the url instead of our custom tenant ngdms.com . What can be done to fix it? Thank you so much in advance for your support.
marcoranica94
commented
3 years ago Is there news for this bug? Thanks
katcel
commented
6 months ago I also have this issue. Any news? Furthermore the link https://is.docs.wso2.com/en/latest/setup/changing-the-hostname/ does not work any more Thanks
Describe the issue:
The login using the OTP as password ends with an error. On the browser we are redirected at the following url:
https://OUR_HOST/accountrecoveryendpoint/confirmrecovery.do?client_id=gVWBVK0pdX4pg2Yk3fFbBjKe1aUa&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=I3lojalN4Kg4rUFjLS-kNv0QWGUf2er0SAsO9jKnKVw&passiveAuth=false&redirect_uri=http%3A%2F%2Fdev.local.ngdms%2Flogin%2Foauth2%2Fcode%2Fwso2&response_type=code&scope=openid&state=cQs04GFFkqW7vczZH9XMIJ0d7qb2YSbZAhCywtqBd0c%3D&tenantDomain=carbon.super&sessionDataKey=af76cd5b-6f86-4f92-89ba-69ad1cc280ce&relyingParty=gVWBVK0pdX4pg2Yk3fFbBjKe1aUa&type=oidc&sp=ng-dms-gateway&isSaaSApp=true&username=a.caglio%40ngdms.com&tenantdomain=ngdms.com&confirmation=0NU4MI&callback=%2Fauthenticationendpoint%2Flogin.do%3Fclient_id%3DgVWBVK0pdX4pg2Yk3fFbBjKe1aUa%26commonAuthCallerPath%3D%252Foauth2%252Fauthorize%26forceAuth%3Dfalse%26nonce%3DI3lojalN4Kg4rUFjLS-kNv0QWGUf2er0SAsO9jKnKVw%26passiveAuth%3Dfalse%26redirect_uri%3Dhttp%253A%252F%252Fdev.local.ngdms%252Flogin%252Foauth2%252Fcode%252Fwso2%26response_type%3Dcode%26scope%3Dopenid%26state%3DcQs04GFFkqW7vczZH9XMIJ0d7qb2YSbZAhCywtqBd0c%253D%26tenantDomain%3Dcarbon.super%26sessionDataKey%3Daf76cd5b-6f86-4f92-89ba-69ad1cc280ce%26relyingParty%3DgVWBVK0pdX4pg2Yk3fFbBjKe1aUa%26type%3Doidc%26sp%3Dng-dms-gateway%26isSaaSApp%3Dtrue%26authenticators%3DBasicAuthenticator%3ALOCAL&reason=ADMIN_FORCED_PASSWORD_RESET_VIA_OTPThe following is the screenshot of the result obtained on the browser:
The error produces the following log:
ERROR {org.wso2.carbon.identity.mgt.endpoint.util.client.ApiClient} - Error while performing the request method: POST on the resource: https://localhost:9443/api/identity/recovery/v0.9/validate-code com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching localhost found.The complete logs are attached here: identity-server.log
How to reproduce:
Expected behavior:
The login using the OTP as password ends successful and then it's possible to create a new password.
Environment information: