Environment
Access Manager 4.4.2
Self Service Password Reset v.4.3.0.4 b404 r39600
Situation
Access Manager integrated with Self Service Password Reset under Identity Servers > Shared Settings > Self Service Password Reset.
On Self Service Password Reset side the integration was configured from Configuration Editor > Settings > Web Services > REST Services.
Social Authentication class/method/contract flow was defined.
Under "class" definition the AutoProvisioning is done via SSPR ( check button )
Performing Social Authentication ( i.e. Google+ ) the IDP's catalina.out returns the error: "Provisioning of LDAP Attribute for Social Authentication user failed"
Method: SocialAuthClass.A
Thread: ajp-bio-127.0.0.1-9019-exec-23
Error Message Resource Key: NIDPLOGGING.200104305
Request Attribute: error: Provisioning of LDAP
Attribute for Social Authentication user failed.
tcpdump shows "HTTP/1.1 500 (application/json)" and following the TCP Stream you can see:
Error: unhandled Accept header value in request
and POST shows:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
The initial call to SSPR API fails because Accept header do not include application/json type, and the rest-signing-form must be application/json
POST /sspr/public/rest/signing/form HTTP/1.1
content-type: application/json
Check documentation here: /sspr/public/reference/rest.jsp#rest-signing-form.
Resolution
Migrated to Access Manager 4.4.3 the issue do not occours anymore.
Cause
Reported to Engineering