We are testing the touch app MWO (version 10.16).When logging the MWO, I’ve got ‘ERROR_COMPATIBILITY_AUTHENTICATION_FORBIDDEN:Authentication must use an OpenID token’.I have already added the Redirect URLs for our test instance:https://tast.loram.com/Token.aspxifs-app.com.ifsworld.mwo10://appI am testing with the appowner with all the grants as an admin for touch apps. Appreciate if anybody could help me out! Wen

Touch App MWO ERROR_COMPATIBILITY_AUTHENTICATION_FORBIDDEN:Authentication must use an OpenID token

Page 1 / 1

@lmwwenxu I believe the problem is not with your redirect URI’s but your authentication configuration. In particular, you seem to have compatibility mode enabled, which is not supported for IEE, Aurena and Mobile apps.

https://docs.ifs.com/techdocs/foundation1/010_overview/210_security/030_authentication/default.htm

I’m not an expert in this specific area, but I hope the above gives you some way to narrow it down and ensure OpenID authentication is enabled for mobile apps.

Best regards,

Rukmal

Hi,, Rukmal,

Thanks for the information. The authentication for the IFS instance is ‘IFS Database’. Somehow, it does have the box ‘Enable Credentials Cache' checked under Integrations and Compatibility. I’ve unchecked the box and restarted its Middleware. But I still get the same error.

Here are the error details in the trace log for TAS:

DateTime=2023-07-17T15:32:14.0517999Z
w3wp.exe Warning: 0 : Push Notifications not enabled since IFS Application credentials not set for 'tast'.
DateTime=2023-07-17T15:32:14.0517999Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.Utility.resources, Version=1.0.0.0, Culture=en-US, PublicKeyToken=null'.
DateTime=2023-07-17T15:32:14.2705761Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.ObjectModel.resources, Version=4.15.8164.20633, Culture=en-US, PublicKeyToken=null'.
DateTime=2023-07-17T15:32:14.3643193Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.ObjectModel.resources, Version=4.15.8164.20633, Culture=en, PublicKeyToken=null'.
DateTime=2023-07-17T15:32:14.3643193Z
w3wp.exe Warning: 0 : Name truncated: instance_app_device_register_tab
DateTime=2023-07-17T15:32:14.6924504Z
w3wp.exe Warning: 0 : Name truncated: instance_app_approval_configuration_tab
DateTime=2023-07-17T15:32:17.7706816Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.AdminDb.resources, Version=1.0.0.0, Culture=en-US, PublicKeyToken=null'.
DateTime=2023-07-17T15:33:57.5253452Z
w3wp.exe Error: 0 : ERROR_COMPATIBILITY_AUTHENTICATION_FORBIDDEN:Authentication must use an OpenID token
DateTime=2023-07-17T15:33:57.5253452Z

Do you have any idea? How could I check the OpenID authentication for mobile apps?

Thanks a lot!

Wen

Hi, Rukmal,

Thanks for the information. The authentication for the IFS instance is ‘IFS Database’. But it has the 'Enable Credentials Cache' checked somehow under Integrations and Compatibility. I’ve unchecked it and restarted its Middleware. However I still get the same error.

Here are the detailed errors in trace.log:

w3wp.exe Error: 0 : Couldn't decrypt ifs password: Error occurred while decoding OAEP padding.
DateTime=2023-07-17T15:32:14.0517999Z
w3wp.exe Warning: 0 : Push Notifications not enabled since IFS Application credentials not set for 'tast'.
DateTime=2023-07-17T15:32:14.0517999Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.Utility.resources, Version=1.0.0.0, Culture=en-US, PublicKeyToken=null'.
DateTime=2023-07-17T15:32:14.2705761Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.ObjectModel.resources, Version=4.15.8164.20633, Culture=en-US, PublicKeyToken=null'.
DateTime=2023-07-17T15:32:14.3643193Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.ObjectModel.resources, Version=4.15.8164.20633, Culture=en, PublicKeyToken=null'.
DateTime=2023-07-17T15:32:14.3643193Z
w3wp.exe Warning: 0 : Name truncated: instance_app_device_register_tab
DateTime=2023-07-17T15:32:14.6924504Z
w3wp.exe Warning: 0 : Name truncated: instance_app_approval_configuration_tab
DateTime=2023-07-17T15:32:17.7706816Z
w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.Cloud.AdminDb.resources, Version=1.0.0.0, Culture=en-US, PublicKeyToken=null'.
DateTime=2023-07-17T15:33:57.5253452Z
w3wp.exe Error: 0 : ERROR_COMPATIBILITY_AUTHENTICATION_FORBIDDEN:Authentication must use an OpenID token
DateTime=2023-07-17T15:33:57.5253452Z

Do you have any idea? How do I check the OpenID authentication for mobile apps?

Thanks a lot.

Wen

Hi @lmwwenxu,

Like I said, I’m not an expert in this particular area, so I don’t have any specific suggestions.

However, you mentioned “Integrations and Compatibility” which is the COMPATIBILITY application type referred in the documentation (https://docs.ifs.com/techdocs/foundation1/010_overview/210_security/030_authentication/default.htm) whereas the Mobile apps use the DEFAULT application type.

The fact that you’re using DB authentication should not be a problem since that still uses Open ID Connect whereas COMPATIBILITY types do not, hence the error you see. So you need to figure out how to set up MWO according to the DEFAULT type.

I hope this gives you some way forward or that someone with expertise in this area can chip in.

Best regards,

Rukmal

Reply

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded