Forum Discussion

Olivier_Beytrison's avatar
Olivier_Beytrison
Icon for Cirrus rankCirrus
Aug 21, 2024

APM/OAuth2 : auto apply changes made by discovery

Hi, I've setup OAuth2 to Azure EntraID following this documentation. It works well but I'm only facing a serious issue. In the OAuth provider configuration, I've enabled the discovery job to run on...
APM
OAuth Client
  • Olivier_Beytrison's avatar
    Olivier_Beytrison
    Nov 20, 2024

    Hi Lucas,

    Small update on the case. Engineering has been able to solve Issue with an engineering hotfix for 17.1.1.4

    ID1293805-1: Access policies not in Partition Common are not applied in auto discovery process

    Since then the issue has been fixed !

    Thanks again for your help at the beginning of this case!

    Regards,
    Olivier

Lucas_Thompson's avatar
Lucas_Thompson
Icon for Employee rankEmployee
Aug 21, 2024

Apply should happen automatically. If it's not happening, there is some kind of problem.

The JWK discovery process is implemented as a "rest worker" that operates inside of TMOS's restjavad processes, along with other control-plane stuff. The name of the worker is "OIDCDiscoverTaskCollectionWorker", so you can use a command like this to view its log files:

grep -i discovertask /var/log/restjavad.0.log

The logs will look something like this:

restjavad.0.log:[I][648][10 Apr 2018 00:20:25 UTC][OIDCDiscoverTaskCollectionWorker] Downloading OpenID metadata for provider /Common/my_google_provider task ID 4c2c547f-788e-453c-bdae-8dec7e6ab15e using OpenID URI https://accounts.google.com/.well-known/openid-configuration and Trusted CA Bundle /Common/ca-bundle.crt

 

 

For reference, this is a rough outline of the discovery process: