Error connecting to AAA STS for RDP access - username correct but suspecting URL migration from T...
...R to Refinitiv is the cause
Hi
We are integrating with AAA retrieving the STS token for access to RDP streaming pricing. Until recently we have been successfully authenticating from the existing Thomson Reuters URL https://sts.login.cp.thomsonreuters.net/
Two weeks ago we tried to connect a new users on production with AAA. However when they use the above URL they get an error
2021-08-05 13:12:17.970 DEBUG SerializableWebMessageBase: {"BaseUri":https://sts.login.cp.thomsonreuters.net/,"ClientId":"*******","ClientSecret":"*****","RequestID":"1","HttpStatus":200,"UseJsonSerialization":true} Subject: SerializableAAAClient
2021-08-05 13:12:20.681 DEBUG {"error": "access_denied", "error_description": "Invalid username or password."}
We have tested the same credentials on:
- User's Eikon login = successful
- RDP playground = successful
We think this maybe due to the migration in domains. Is that correct? Could there be another cause for the failure to login and receive the STS token?
If the issue is the Domain, could someone confirm the correct URL is identity.ciam.refinitiv.net and when was this change expected to be made?
Thank you,
Nick
Best Answer
-
Hi @Nick.Straatsma ,
The OAuth token URL has been: https://api.refinitiv.com:443/auth/oauth2/v1/token for a long time now. Can you try this endpoint.
0
Answers
-
Hi @Gurpreet
Thanks very much for the answer. This helped and we also discovered that some of the problem was our TLS version and using JSON instead of URL encoded message body. Here is summary and open questions.
Doing this fixed/enabled us to connect:
- https://sts.login.cp.thomsonreuters.net/
- Resource Owner Password Credential = Successful
- PKCE = successful
- https://sts.identity.ciam.refinitiv.net
- Resource Owner Password Credential = Successful
- PKCE = failing
- https://api.refinitiv.com:443/auth/oauth2/v1/token
- Resource Owner Password Credential = Successful
- PKCE = failing
Questions
- Is there documentation for the URL migrations and supported connection types?
- Do you expect PKCE to work on the new URLs? Attached is a code snippet. We don't get especially verbose responses on failure.
0 - https://sts.login.cp.thomsonreuters.net/
-
Hi @Nick.Straatsma ,
I would recommend that you directly get in touch with STS gateway team to get details for which endpoints will support PKCE.
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 690 Datastream
- 1.5K DSS
- 629 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 560 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 25 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 281 Open PermID
- 46 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 724 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 95 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛
