Name or service not known error appears when opening an Enrollment Portal

  • 7025163
  • 18-Jun-2021
  • 23-Jun-2021

Environment

Advanced Authentication 6.x
AAF

Situation

When I open a New Enrollment Portal by IP address, it works properly. But when I try to open it by its DNS name, I see the error:
{"status":"error","errors":[{"location":"server","name":"Internal Server Error","description":"ConnectionError HTTPSConnectionPool(host='<DNSnameOfAAServer>', port=443): Max retries exceeded with url: /osp/a/TOP/auth/oauth2/.well-known/openid-configuration (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7ff9c00d9d60>: Failed to establish a new connection: [Errno -2] Name or service not known'))"}]}

The same happens with the OOB Portal and any OAuth 2.0 event.

Resolution

Ensure to add a record for the DNS name on the DNS server side. 
The DNS name must be also resolvable on the AA server host level (check by ping).

Cause

The DNS name cannot be resolved.

Additional Information

Also, please ensure https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/.well-known/openid-configuration displays the same DNS name in the output:
  "issuer":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2",
  "authorization_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/auth",
  "token_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/token",
  "userinfo_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/userinfo",
  "jwks_uri":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/jwks",
  "introspection_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/introspect",
  "end_session_endpoint":"https://<DNSnameOfAAServer>/osp/a/TOP/auth/oauth2/logout",
......

Feedback service temporarily unavailable. For content questions or problems, please contact Support.