Troubleshooting
Problem
You already can log in to RES/DC through OpenID Connection (OIDC) in a web browser, but encounter error when you try to connect to either RES or DC server in Rule Designer.
To enable the IBM® Operational Decision Manager Support team (Support) to assist with your problem, you must collect documentation so that the Support team can diagnose your problem. Gathering the required documentation before you contact Support expedites the troubleshooting process and save you time. Otherwise, you might be directed to collect this data after the case is opened to allow us to proceed with our investigation.
Diagnosing The Problem
Errors can occur in different stages of OIDC connection:
1) the RD directs user to log in from web browser and browser is redirected to OIDC server login page to get an access code;
2) the RD contacts OIDC provider to get an access token based on the access code;
3) the RD uses the access token as a bearer token in the header to connect to the RES/DC server.
You always need to collect the Rule Designer side information. By checking the Eclipse log or contacting the support, you also need to
- If the error occurred in stage 1, collect browser information.
- If the error occurred in stage 3, collect server-side information.
Http Proxy
If you are using an http or https proxy, make sure http proxy setting is defined in Eclipse Window -> Preferences -> General -> Network Connections view. To verify the setting, you can log in to your DC/RES server through the Eclipse internal Web Browser.
Collect Rule Designer Information
In Rule Designer's eclipse.ini file, add the lines before the line -vmargs
-debug
debug.options
Add following content at the end of file:
-Djava.util.logging.config.file=logging.properties
-Djavax.net.debug=all
Create debug.options file in the same directory as eclipse.ini with the following content:
ilog.rules.studio.shared/debug/oidc/code_flow_traces=true
ilog.rules.studio.shared/debug/oidc/tokencache_traces=true
Create logging.properties file in the same directory as eclipse.ini with the following content:
handlers= java.util.logging.ConsoleHandler,java.util.logging.FileHandler
java.util.logging.ConsoleHandler.level=FINEST
sun.net.www.protocol.http.HttpURLConnection.level=ALL
java.util.logging.FileHandler.pattern=java%u-%g.log
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
After you reproduced the issue, collect the following information:
- eclipse.ini file
- OIDC JSON config file that is referred in eclipse.ini by -Dcom.ibm.rules.authentication.oidcconfig
- Rule Designer error message and screen capture
<workspacedir>/.metadata/.log file - All java*.log files from Rule Designer folder.
Click the three dots to the right of the address bar Click More Tools > Developer Tools On the Network tab, check the box that is labeled "Preserve log". Re-create the login. When complete, go back to the Network tab. In the table showing network traffic status, right-click any entry then select "Save as HAR with content".
Add the following trace string in the DC/RES server config:
:com.ibm.ws.security.oidc.*=all:com.ibm.ws.security.openidconnect.*=all:com.ibm.ws.security.openid20.*=all:com.ibm.ws.security.web.*=all
- Re-create the login issue
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"ARM Category":[{"code":"a8m50000000L1MzAAK","label":"Rule Designer-\u003EConnection to RES DC"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
14 September 2022
UID
ibm16619927