Troubleshooting
Problem
Registration of MAS OIDC client fails with error:
CWOAU0061E: The OAuth service provider could not find the client because the client name is not valid
CWOAU0061E: The OAuth service provider could not find the client because the client name is not valid
Cause
When you install MAS, a job registers MAS as an oidc client, this job will create an entry in the mongo database, in the oauthClient collection in the mas core database.
It can happen that the registration fails.
Possible causes can be that there is already an entry in the mongo database for MAS, as a result the client id in the database does not match the client id stored in a secret in the mas core namespace.
This could be the result of a restoring a mongo database in a different environment.
This could be the result of a restoring a mongo database in a different environment.
Another possible issue could be that the oidc registration pod is not able to access the auth.<mas domain> url. This could be caused by a misconfiguration of the dns.
Diagnosing The Problem
In coreidp pod logs, you see errors like:
com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidClientException: CWOAU0023E: The OAuth service provider could not find the client CXyNzvQ2NMTXYw33eAnfHq1nZSkuab6n
com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidClientException: CWOAU0023E: The OAuth service provider could not find the client CXyNzvQ2NMTXYw33eAnfHq1nZSkuab6n
In oidcclientreg pod logs, you see errors like:
DEBUG:__main__: - Still waiting for Coreidp to be ready after ... will retry in 10 seconds
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): auth.<mas-domain>:443
DEBUG:__main__:OIDC connect failed unexpectedly
To troubleshoot a possible dns issue, from the coreidp pod or the oidc registration pod (if it is still running), run the command
curl -k https://auth.<mas domain>:443
curl -k https://auth.<mas domain>:443
if the server cannot resolve the name, you will see something like:
curl: (6) Could not resolve host: auth.<mas domain>
Resolving The Problem
Ensure that the auth url can be resolved by the pods.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m0z000000cwZDAAY","label":"Maximo Application Suite"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
29 November 2023
UID
ibm17085881