Forums / SmartComponent Library - Developer Forum / Update Progress 12.2 - Security_Hybrid_Realm returns 403

Update Progress 12.2 - Security_Hybrid_Realm returns 403

5 posts, 1 answered
  1. Markus Grigoleit
    Markus Grigoleit avatar
    21 posts
    Registered:
    04 Jun 2019
    24 Mar
    Link to this post
    So recently we updated our Progress to 12.2. 

    Were using the oeablSecurity-form-oerealm.xml schema and basicly copied it from our 11.6 environment.

    The PASOE works fine so far. Deploying all REST-Intefaces from our APP. Those URLS who are not secured by the oeablSecurity-form-oerealm.xml will return correct data.

    Only the auth-call itself returns 403 whatever auth-info we provide.

    Any ideas or documentation in that matter?
  2. Mike Fechner
    Mike Fechner avatar
    263 posts
    Registered:
    14 Sep 2016
    24 Mar in reply to Markus Grigoleit
    Link to this post
    Progress has changed the PASOE config files from 11.6 to OpenEdge 12.x 

    I don't think I every used an 11.6 PASOE instance/config with OE12.

    The most significant difference is that in OE12.2 the keys used to seal the client-principal is no longer in the eablSecurity-form-oerealm.xml file, it is now in a seperate key file.

    That by itself might explain your experience. 
  3. Markus Grigoleit
    Markus Grigoleit avatar
    21 posts
    Registered:
    04 Jun 2019
    24 Mar in reply to Mike Fechner
    Link to this post
    Hello Mike!

    Are you refering to this:

    <b:property name="key" value="abc123"/>

    we already replaced it with

    <b:property name="registryFile" value= "ABLDomainRegistry.keystore" />

    There was a knowledbase entry where it was described how to create the keystore. It must include the key matching with that inside the .restapplications-file?

    Is there a checklist, documentation on what exactly we have to change in order to make it work again?
  4. Mike Fechner
    Mike Fechner avatar
    263 posts
    Registered:
    14 Sep 2016
    25 Mar in reply to Markus Grigoleit
    Link to this post
    Don't think _we_ have a checklist - as this is part of the OpenEdge PASOE configuration. And unfortunately changes with almost every release. Sometimes more, sometimes less.

    Have you added your domain(s) to the ABLDomainRegistry.keystore file - with the key reflected in the .restapplicaitonsettings file?

    If that does not help, please create a support ticket and attach an archive of the WEB-INF folder so that we can compare it to a working configuration we have here. 
  5. Markus Grigoleit
    Markus Grigoleit avatar
    21 posts
    Registered:
    04 Jun 2019
    Answered
    28 Apr
    Link to this post
    Done.

    See SCLSUP-368
5 posts, 1 answered