OAuth2 Client registration is not found for C11N Application

General
, , , ,
1

When you migrate a new C11N app from one environment to another, you might face login issue which generate exceptions like below..

(root cause)
Type com.pega.pegarules.pub.PRRuntimeException

Message OAuth2 Client registration is not found for C11N Application : aim. C11N Application must be registered as OAuth2 Client

Stack at com.pega.pegarules.session.internal.mgmt.authentication.AATTokenUtil.generateAndSetCookiesForConstellationAppln(AATTokenUtil.java:104)
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRAuth.performPostAuthentication(SchemePRAuth.java:814)
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRSPA.performPostAuthentication(SchemePRSPA.java:137)
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.executePostAuthenticationPolicies(Authentication.java:2952)
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.performPostAuthentication(Authentication.java:2940)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.handleAuthentication(HttpAPI.java:3021)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:644)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:466)
at jdk.internal.reflect.GeneratedMethodAccessor174.invoke(Unknown:Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

“OAuth2 Client registration” is required for C11N application, and usually it will be generated automatically when you create a new C11N application.. however, “OAuth2 Client registration” may not be generated automatically when you import a RAP package for C11N application… you can not login to the new C11N application if this unfortunate situation happens…

to solve the issue…

  1. login to the system with an operator id that has “PRPC:Administrators” as default access group.
  2. In devstudio, open the C11N application rule definition which “OAuth2 Client registration” is missing.
  3. In devstudio, open Rule-Application.pzRegisterConstellationAppAsOAuth2Client activity
  4. Run pzRegisterConstellationAppAsOAuth2Client from Actions menu
  5. Set the activity Run context.. Thread: {thread_of_C11N_app_rule}, Page: “Copy existing page”, Page to copy: “RH_1(Rule-Application)”
  6. click Run..
  7. go to “OAuth 2.0 Client Registration” instance landing page (DevStudio > Rocords > Security), confirm PegaApp_{C11NApp} is generated.

run-pzRegisterConstellationAppAsOAuth2Client.png
run-pzRegisterConstellationAppAsOAuth2Client.png2264Ă—744 80.7 KB

2

fix this by manually registering the Constellation application as an OAuth2 client in Dev Studio. Log in with an operator whose default access group is PRPC:Administrators, open the affected C11N application rule, and run the activity Rule-Application.pzRegisterConstellationAppAsOAuth2Client from the Actions menu. In the run context, select the application rule thread, choose Copy existing page, and use RH_1 (Rule-Application) as the page to copy. After the activity runs successfully, go to Records > Security > OAuth 2.0 Client Registration and confirm that PegaApp_{YourC11NApp} was created. Once that client registration exists, the login issue for the migrated Constellation app should be resolved.