When I attempt to test this, I enter the url for the login journey and fill in the credentials. This takes me to the next page/node where I have 4 choices (register, get the app, skip, opt-out). Choosing “Register Device” does NOT take me to the register node but instead returns me to the main login page again with a 401 response (reason: Unauthorized, message: “Login failure”).
I suspected this might be the issue, but I have NOT configured the PUSH Registration Service! The link supplied on the documentation pages (and the link YOU) supplied result in a 403 response for me:
Hi @gpopp - Push service requires also configuring the Push Services. Without understanding the underlying error messages, it would be slightly hard to provide any feedback. Could you please share the underlying error messages from the var/debug directory.
I have not configured the Push Services (surely this is the problem) because I cannot get to the documentation on how to configure them.
Regarding the var/debug directory, which docker container are you referring to? My sandbox environment has all of these:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
ba846904c408 nginx "/docker-entrypoint.…" 18 minutes ago Up 17 minutes 80/tcp, 0.0.0.0:443->443/tcp
nginx.local
31bb1bad60eb gcr.io/forgerock-io/platform-login-ui:7.1.0 "/docker-entrypoint.…" 18 minutes ago Up 17 minutes 8080/tcp
loginui.local
5f1fe75bb5ac gcr.io/forgerock-io/platform-admin-ui:7.1.0 "/docker-entrypoint.…" 18 minutes ago Up 17 minutes 8080/tcp
adminui.local
e6b09ca1a422 gcr.io/forgerock-io/platform-enduser-ui:7.1.0 "/docker-entrypoint.…" 18 minutes ago Up 17 minutes 8080/tcp
enduserui.local
f3c8d7d19ea4 bitbucket/am:7.1.0 "/bin/sh -c \"$FORGER…" 8 days ago Up 17 minutes 0.0.0.0:8080->8080/tcp
am.local
99e2155b6f2a bitbucket/ds-cts:7.1.0 "/opt/opendj/customi…" 8 days ago Up 17 minutes 1636/tcp, 4444/tcp, 8080/tcp, 8443/tcp, 0.0.0.0:1389->1389/tcp, 8989/tcp cts.local
19856a0d78ae bitbucket/ds-idrepo:7.1.0 "/opt/opendj/customi…" 8 days ago Up 17 minutes 1636/tcp, 4444/tcp, 8080/tcp, 8443/tcp, 8989/tcp, 0.0.0.0:389->1389/tcp idrepo.local
3c753f280ff2 bitbucket/idm:7.1.0 "/opt/openidm/bin/do…" 8 days ago Up 17 minutes 0.0.0.0:8082->8080/tcp
idm.local
1f314d9cc60f bitbucket/impexp "/opt/amster/docker-…" 8 days ago Up 17 minutes
impexp.local
I suspect am.local is the one? If so, that container has no /var/debug directory:
There’s also a backstage article that walks you in-detail on how to configure these services. I believe @jochen.raymaekers already highlighted above in his answer. You will require backstage account to access that article.
Also, please note the “Push Service” provided by ForgeRock which you will also see in the above linked backstage document - is a licensed service.
And yes, am.local is the correct container. You will need to find out where in your container the AM configuration is saved and then visit AM Config Dir/var/debug/ to look for log messages.
Thank you! I have an evaluation license account created, but cannot access the knowledge base article regarding configuring of the push services. I receive a 403 error when trying to read it.
One would hope this is a mistake - else, how could a developer evaluate this aspect of the product before buying?
jsingh: I found the location of the /var/debug directory. For anyone else finding this conversation intersting, it is here: /home/forgerock/openam/var/debug/
debug.out contains a rather large dump, but it starts with this:
o.f.o.a.t.e.AuthTreeExecutor: 2022-07-06 16:01:54,781: Thread[http-nio-8080-exec-3]: TransactionId[8fa0776f-e976-4d79-8824-5fbcbb652a28-1415]
WARN: Ignoring the new universal id empty new universal id as universal id id=809b05f1-79bb-43be-8894-b76af829809f,ou=user,o=TestRealm,ou=services,ou=am-config is already set on the context
o.f.o.c.r.a.t.AuthTrees: 2022-07-06 16:01:54,790: Thread[http-nio-8080-exec-3]: TransactionId[8fa0776f-e976-4d79-8824-5fbcbb652a28-1415]
ERROR: Exception in processing the tree
org.forgerock.openam.auth.node.api.NodeProcessException: Unable to read service addresses for Push Notification Service
I think this verifies that my failure to configure the push services is, indeed, the issue. If only I had some way to read how to configure it.