Question

FME Server - Proxy and OAuth error

  • 19 February 2023
  • 4 replies
  • 159 views

Hi,

FME Server 2022.2.1 Express install.

Connecting out via proxy (not authenticated).

https is not enabled on tomcat

 

I've published an OAuth2 connection to the FME Server and am trying to Authorize it. Proxy is configured in the FME settings.

Client ID and Secret is all set up correctly, including the redirect URI as I can get to the OAuth sign-in page for the app. However when supplying my credentials the token/code is being sent to http://<server><port>/fmeoauth but it just returns an error page "FME OAuth Service FAILED" "Failed to complete".

 

I've also tried to use the ip address of the proxy to no avail. I'm guessing it is a tomcat redirecting issue but can't see any previous info related to modifying the server.xml or OAuth config file in the install folder.

 

the FME OAuth log is detailing some nio error:

 

Sun-19-Feb-2023 04:28:08.734 AM  INFORM  http-nio-0.0.0.0-80-exec-2  417005 : Retrieving connection with nonce: <removed>

Sun-19-Feb-2023 04:28:08.749 AM  ERROR  http-nio-0.0.0.0-80-exec-2  929026:Error: http://<my proxy url>

COM.safe.fmeserver.api.FMEServerException: 929026:Error: http://" alt="http://http://" target="_blank">http://<my proxy url>

at COM.safe.fmeserver.api.FMEServerException.getExceptionFromMessage(FMEServerException.java:127)

at COM.safe.fmeserver.api.FMEServerTCPIPChannel.handleErrorResponse(FMEServerTCPIPChannel.java:497)

at COM.safe.fmeserver.api.FMEServerTCPIPChannel.genericRequestHelper(FMEServerTCPIPChannel.java:444)

at COM.safe.fmeserver.api.FMEServerTCPIPChannel.genericRequest(FMEServerTCPIPChannel.java:332)

at COM.safe.fmeserver.api.FMEServerTCPIPChannel.genericRequest(FMEServerTCPIPChannel.java:322)

at COM.safe.fmeserver.api.namedconnection.FMEOAuthV2Connection.retrieveAccessTokenForCode(FMEOAuthV2Connection.java:119)

at COM.safe.webservices.fmeoauth.FMEOAuthServlet.doGet(FMEOAuthServlet.java:357)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:670)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:779)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)

at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:750)


4 replies

Userlevel 6
Badge +32

One thing to check, on the machine where FME server is installed, if you go to the proxy URL, does it load correctly?

 

It would also be worth reaching out to Support on this

thanks @hkingsbury​  yes all loads fine.

The token seems to be received fine and forms url http://<server>/fmeoauth?code=jbfeufjefkjejkblahblahblah but then it just errors. I can't find anything online referencing the required syntax or headers to check if tha'ts somehow the issue.

Userlevel 1
Badge +6

HI @troubleshoot123​ ,

 

It does sound like an issue with the redirect URI. As an example of setting up an oauth connection on FME Server, we have detailed instructions for setting up an ArcGIS Online Web Connection. Before following those steps, I'd suggest removing the web service itself from FME Server and then republishing it from FME Workbench. This will ensure that the newest version of the Web Service is being used by FME Server. Web Services can be accessed from FME Server > Files and Connections > Web Connections > Manage Web Services.

 

There may also be more helpful information in Configuring FME Server to use OAuth-based Web Connections.

 

Does the web service share the same redirect URI as another web service on the FME Server? If so, please change the redirect URI for one of the web services.

 

Has the proxy been configured on FME Server? FME Server's proxy is configured separately from FME Workbench. Please confirm settings from FME Server > System Configuration > Proxy. Ensure if URL exceptions have been added to the No Proxy For parameter, including the FME Server URL. Only hostnames and ip addresses should be entered, with examples in the Proxy documentation.

 

If these do not solve your issue, I recommend submitting a case to our Support team. If possible, please include the fmeserver.log and fmeconnection.log (resources/logs/core), fmeoauth.log (services), and tomcat logs for our support to review.

 

Thank you.

Badge +3

Hope you’ve resolved your “FME Flow OAuth Service FAILED” by now, but if not, I’d like to post what solved it for me (and it was partly inspired by line 3 of the log you posted). If you have a proxy configured and you’ve entered the address such as: http://myproxy.mydomain.com try removing ‘http://’ from the proxy address. Other web tasks worked OK, but not OAUTH2 until that part was removed. Using FME Flow 2023.2.2

Reply