Environment
Advanced Authentication 6.x
AAF
Situation
When I open a New Enrollment Portal by IP address, it works properly. But when I try to open it by its DNS name, I see the error:
{"status":"error","errors":[{"location":"server","name":"Internal Server Error","description":"ConnectionError HTTPSConnectionPool(host='<DNSnameOfAAServer>', port=443): Max retries exceeded with url: /osp/a/TOP/auth/oauth2/.well-known/openid-configuration (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7ff9c00d9d60>: Failed to establish a new connection: [Errno -2] Name or service not known'))"}]}
The same happens with the OOB Portal and any OAuth 2.0 event.
Resolution
Ensure to add a record for the DNS name on the DNS server side.
The DNS name must be also resolvable on the AA server host level (check by ping).
Cause
The DNS name cannot be resolved.
Additional Information
Also, please ensure https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/.well-known/openid-configuration displays the same DNS name in the output:
"issuer":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2",
"authorization_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/auth",
"token_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/token",
"userinfo_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/userinfo",
"jwks_uri":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/jwks",
"introspection_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/introspect",
"end_session_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/logout",
......