Can you post the link to the demo instructions that you're following?

https://github.com/GluuFederation/oxd-python-demo-app this is the one that I'm following

Hi, Doma. I have a previous version of this app installed, I believe, but I only used it for testing OIDC flows. I wonder whether the UMA part was updated to be in sync with the recent changes. We'll need to do some internal tests on it, then I'll get back to you with proper instructions.

Ok. thank you. I was trying to execute sampleclaimsgathering script using RPT policy by adding that to some scopes. However couldn't see it getting executed . I was trying to use this app to see whether I can see that executes any script or not. Please can you some link to any application that has used UMA Sample Claims gathering script

>Please can you some link to any application that has used UMA Sample Claims gathering script I'll ask internally whether we have something, I can't recall anything like this ready to be used, though. I think we should use this opportunity to come up with some good, streamlined demo which covers claim gathering part as well.

Hi, Please can you let mw know if you have figured out the issues with oxd-python-demo app by conducting internal tests. Thanks, Doma

Interesting... I was wondering where this code went. Even I didn't know. I do have a suggestion for testing UMA. ### 1. Install Gluu Gateway Install the Gluu Gateway, and use it as the RS. This way, you'll just have to worry about writing the client. You can find the latest docs for GG installation on [https://gluu.org/docs](https://gluu.org/docs) It's currently distributed only for Ubuntu 14 (trusty). ### 2. Clone the Gluu Gateway project: ``` $ git clone https://github.com/GluuFederation/gluu-gateway.git ``` ### 3. Deploy the gg-demo application It's in folder gg-demo. There is a README file. I also have some [slides](https://goo.gl/19Hz8M) that I presented at identiverse.

Thank you. I will take a look and will let you know the updates

Hi Mike, I was following the installation steps for gluu-gateway and followed the below steps - Add the Gluu repo: ``` # echo "deb https://repo.gluu.org/ubuntu/ trusty main" > /etc/apt/sources.list.d/gluu-repo.list # curl https://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add - ``` - Add the Postgresql-10 repo: ``` # echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" > /etc/apt/sources.list.d/psql.list # wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - ``` - Add the Node repo: ``` # curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - # apt update # apt install gluu-gateway # cd /opt/gluu-gateway/setup # python setup-gluu-gateway.py ``` However couldn't finish the last setup script to run successfully. It returned below error: ``` Unable to create konga oxd client used to call oxd-https endpoints ``` Please could you guide to resolve this issue. Thanks, Doma

Hi, Doma. Let me try to reproduce.

Hi, Problem has been fixed. I've selceted yes for configuring oxd server and gave the details. Then the configuration was successful. However when I opened the link https://localhost:1338/login,the dahsboard page says Cannot connect to default and make sure konga is running. Konga is running fine.I checked the status. It says Konga is running. Please could you help Thanks, Doma

Please use markdown format when you open support issues. What do you get back from : ``` # /etc/init.d/konga status` # netstat -antlp | grep 1338 ``` Did you try to restart the system? It's possible everything did not sync up on your initial installation. Once you restart, can you also read the logs and see if there is anything interesting that would indicate a problem: - `/var/log/konga.log` - `/var/log/oxd-server/oxd-server.log` - `/var/log/oxd-server/oxd-https.log` Also, is the Gluu Server accessible? Can you login to it as `admin`? Obviously if the Gluu Server is not up, you won't be able to login to konga. Are the Gluu Server and Gluu Gateway installed on different VM's? If so, is port 443 open? If you give us all the relevant info, we can help you.

**Status update:** I'm also having some issues while trying to install this package. Waiting for package's developer to provide a solution.

WHy does the ticket say Ubuntu 16.04? We only released packages for Ubuntu 14 (trusty)?

Hi Mike, I'm using Ubuntu 14.

Hi Doma, thank you for your patience. I also suspect your kong is not running, so could you provide **/var/log/konga.log**? You can also check if you have listeners on ports 8000 and 8001. The following netstat is from a clean and running GG installation: ``` ----------------------netstat -tulpn---------------------------------- Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1037/sshd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 6159/postgres tcp 0 0 0.0.0.0:1338 0.0.0.0:* LISTEN 6321/node tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6207/kong -c nginx. tcp 0 0 0.0.0.0:8445 0.0.0.0:* LISTEN 6207/kong -c nginx. tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 6207/kong -c nginx. tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 6207/kong -c nginx. tcp6 0 0 :::22 :::* LISTEN 1037/sshd tcp6 0 0 :::8443 :::* LISTEN 6294/java tcp6 0 0 :::8444 :::* LISTEN 6294/java tcp6 0 0 127.0.0.1:8099 :::* LISTEN 6237/java ``` If there are no listeners on these ports (kong), please use ``` # service kong restart ``` I have just followed the steps taken from [the Gluu Gateway docs](https://gluu.org/docs/gg/installation/#install-the-gluu-gateway-package), successfully installing and setting up the Gluu Gateway.

Hi, Thank you for the response. Kong is running fine. Below is the status. ``` **root@gluu-accenture:/home/doma# service kong status kong is running ... PID: [15447] **root@gluu-accenture:/home/doma# netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1040/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2341/cupsd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 15397/postgres tcp 0 0 127.0.0.1:1338 0.0.0.0:* LISTEN 15549/node tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 15447/kong -c nginx tcp 0 0 0.0.0.0:8445 0.0.0.0:* LISTEN 15447/kong -c nginx tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 15447/kong -c nginx tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 15447/kong -c nginx tcp6 0 0 127.0.0.1:8081 :::* LISTEN 4095/java tcp6 0 0 :::35217 :::* LISTEN 3970/java tcp6 0 0 127.0.0.1:8082 :::* LISTEN 4459/java tcp6 0 0 127.0.0.1:8085 :::* LISTEN 4201/java tcp6 0 0 ::1:631 :::* LISTEN 2341/cupsd tcp6 0 0 :::1689 :::* LISTEN 3970/java tcp6 0 0 :::8443 :::* LISTEN 15531/java tcp6 0 0 :::8444 :::* LISTEN 15531/java tcp6 0 0 :::4444 :::* LISTEN 3970/java tcp6 0 0 127.0.0.1:8099 :::* LISTEN 15479/java tcp6 0 0 :::1636 :::* LISTEN 3970/java udp 0 0 0.0.0.0:631 0.0.0.0:* 1006/cups-browsed udp 0 0 0.0.0.0:5353 0.0.0.0:* 526/avahi-daemon: r udp 0 0 0.0.0.0:38583 0.0.0.0:* 748/dhclient udp 0 0 0.0.0.0:55867 0.0.0.0:* 526/avahi-daemon: r udp 0 0 127.0.1.1:53 0.0.0.0:* 1040/dnsmasq udp 0 0 0.0.0.0:68 0.0.0.0:* 748/dhclient udp6 0 0 :::5353 :::* 526/avahi-daemon: r udp6 0 0 :::42838 :::* 526/avahi-daemon: r udp6 0 0 :::51122 :::* 748/dhclient root@gluu-accenture:/home/doma# When process using port 443 is killed kong started. However Gluu stopped working and returned below error **{"message":"no API found with those values"}** Hence Gluu gateway throws oxd-server error 2018-07-12 12:47:05,385 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_client_token","params":{"scope":["openid","uma_protection"],"algorithm":null,"client_id":"@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!02AD.EAD4.3ECD.121B","client_secret":"881f29b0-c7e1-4101-9707-21507784fa35","op_host":"https://gluu-accenture.com","op_discovery_path":null,"authentication_method":null,"key_id":null}} 2018-07-12 12:47:05,439 TRACE [org.xdi.oxd.server.service.RpService] Found rp by client_id: @!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!02AD.EAD4.3ECD.121B, rp: Rp{oxdId='48b34ec3-943a-4c9e-b2db-1bb1096d7b6d', opHost='https://gluu-accenture.com', opDiscoveryPath='null', idToken='null', accessToken='null', authorizationRedirectUri='https://localhost:1338', postLogoutRedirectUri='https://localhost:1338', applicationType='web', redirectUris=[https://localhost:1338], claimsRedirectUri=[], responseTypes=[code], clientId='@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!02AD.EAD4.3ECD.121B', clientSecret='881f29b0-c7e1-4101-9707-21507784fa35', clientRegistrationAccessToken='6b3ff1ee-a770-411f-8c5c-b6f1077eeb1e', clientRegistrationClientUri='https://gluu-accenture.com/oxauth/restv1/register?client_id=@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!02AD.EAD4.3ECD.121B', clientIdIssuedAt=Thu Jul 12 09:49:24 BST 2018, clientSecretExpiresAt=Fri Jul 13 09:49:24 BST 2018, clientName='null', sectorIdentifierUri='null', clientJwksUri='null', setupClient='true', setupOxdId='null', setupClientId='null', scope=[openid, uma_protection], uiLocales=[en], claimsLocales=[en], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[], userId='null', userSecret='null', pat='f1b4af66-5c13-40f2-bef9-58f0cd061901', patExpiresIn=299, patCreatedAt=Thu Jul 12 11:00:16 BST 2018, patRefreshToken='null', umaProtectedResources=[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt=null, rptCreatedAt=null, rptUpgraded=null, oxdRpProgrammingLanguage=null} 2018-07-12 12:47:05,443 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2018-07-12 12:47:05,506 TRACE [org.xdi.oxd.server.service.DiscoveryService] Discovery response: {"message":"no API found with those values"} 2018-07-12 12:47:05,509 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2018-07-12 12:47:05,539 ERROR [org.xdi.oxd.server.op.GetClientTokenOperation] RESTEASY004020: uriTemplate parameter is null java.lang.IllegalArgumentException: RESTEASY004020: uriTemplate parameter is null at org.jboss.resteasy.specimpl.ResteasyUriBuilder.uriTemplate(ResteasyUriBuilder.java:151) at org.jboss.resteasy.client.ClientRequest.getBuilder(ClientRequest.java:158) at org.jboss.resteasy.client.ClientRequest.<init>(ClientRequest.java:109) at org.xdi.oxauth.client.BaseClient.initClientRequest(BaseClient.java:227) at org.xdi.oxauth.client.TokenClient.exec(TokenClient.java:220) at org.xdi.oxauth.client.TokenClient.execClientCredentialsGrant(TokenClient.java:153) at org.xdi.oxd.server.op.GetClientTokenOperation.execute(GetClientTokenOperation.java:72) at org.xdi.oxd.server.op.GetClientTokenOperation.execute(GetClientTokenOperation.java:30) at org.xdi.oxd.server.Processor.process(Processor.java:76) at org.xdi.oxd.server.Processor.process(Processor.java:51) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:55) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2018-07-12 12:47:05,614 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","details":null,"error_description":"Unknown internal server error occurs."}} 2018-07-12 12:47:05,627 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2018-07-12 12:47:10,810 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... ``` And when I restart Gluu server it says port address 443 already in use. ``` root@gluu-accenture:/var/log/oxd-server# service gluu-server-3.1.3 restart Shutting down Gluu Server... Stopping oxAuth RP... OK Stopping oxTrust... OK Stopping oxAuth... OK Stopping OpendDJ... OK Port address(es) :443 already in use, Please stop the service(s) listening on one of :443 ports and execute /etc/init.d/gluu-server-3.1.3 start ``` Kong is using 443 port. ``` **root@gluu-accenture:/var/log/oxd-server# netstat -tulpn | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 15447/kong -c nginx tcp6 0 0 :::8443 :::* LISTEN 15531/java ``` I resolved it by changing 443 ssl port in kong.conf to 3000. Now I can see the dashboard Thank you for the support Thanks, Doma

On issue [5691](https://support/gluu.org/5691) on July 11 at 9:50am CDT I asked > Are the Gluu Server and Gluu Gateway installed on different VM's It seems that wasnt' the case? See attached screenshot.

Hi Mike, No. They are installed on same VM.

Hi, I've deployed the gg-demo application ina cgi-bin enabled server. I could see the permission ticket received in response to the call to get resource. However the sequence fails with errors. Please coudl you throw some light on how we shoudl configure the config.py. I've edited some values. However error persists. <type 'exceptions.TypeError'> Python 2.7.6: /usr/bin/python Fri Jul 13 13:38:04 2018 ``` A problem occurred in a Python script. Here is the sequence of function calls leading up to the error, in the order they occurred. /var/www/cgi-bin/demo-client.py in () 29 30 #Authenticate client in oxd-server => 31 access_token = callOxdToGetClientAccessToken(url = oxd_host + ":8443/get-client-token") 32 33 # Client calls AS UMA /token endpoint with permission ticket and client creds access_token undefined, callOxdToGetClientAccessToken = <function callOxdToGetClientAccessToken>, url undefined, oxd_host = 'https://gluu-accenture.com' /var/www/cgi-bin/calls.py in callOxdToGetClientAccessToken(url='https://gluu-accenture.com:8443/get-client-token') 23 headers={"Content-Type": "application/json"}, 24 json=body, => 25 verify=False) 26 displayActionName("2. Authenticating client in oxd-server") 27 displayResponse(response,body) verify undefined, builtin False = False /usr/lib/python2.7/dist-packages/requests/api.py in post(url='https://gluu-accenture.com:8443/get-client-token', data=None, **kwargs={'headers': {'Content-Type': 'application/json'}, 'json': {'client_id': '@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!436C.BC38.67B7.C1CA', 'client_secret': 'a2f71736-5dc8-4bc1-9e18-5af47ad80802', 'op_host': 'https://gluu-accenture.com', 'oxd_id': '9efbf0c7-87aa-4433-b31e-f439a3e1e95e', 'scope': ['uma_protection', 'openid']}, 'verify': False}) 86 """ 87 => 88 return request('post', url, data=data, **kwargs) 89 90 global request = <function request>, url = 'https://gluu-accenture.com:8443/get-client-token', data = None, kwargs = {'headers': {'Content-Type': 'application/json'}, 'json': {'client_id': '@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!436C.BC38.67B7.C1CA', 'client_secret': 'a2f71736-5dc8-4bc1-9e18-5af47ad80802', 'op_host': 'https://gluu-accenture.com', 'oxd_id': '9efbf0c7-87aa-4433-b31e-f439a3e1e95e', 'scope': ['uma_protection', 'openid']}, 'verify': False} /usr/lib/python2.7/dist-packages/requests/api.py in request(method='post', url='https://gluu-accenture.com:8443/get-client-token', **kwargs={'data': None, 'headers': {'Content-Type': 'application/json'}, 'json': {'client_id': '@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!436C.BC38.67B7.C1CA', 'client_secret': 'a2f71736-5dc8-4bc1-9e18-5af47ad80802', 'op_host': 'https://gluu-accenture.com', 'oxd_id': '9efbf0c7-87aa-4433-b31e-f439a3e1e95e', 'scope': ['uma_protection', 'openid']}, 'verify': False}) 42 43 session = sessions.Session() => 44 return session.request(method=method, url=url, **kwargs) 45 46 session = <requests.sessions.Session object>, session.request = <bound method Session.request of <requests.sessions.Session object>>, method = 'post', url = 'https://gluu-accenture.com:8443/get-client-token', kwargs = {'data': None, 'headers': {'Content-Type': 'application/json'}, 'json': {'client_id': '@!DEBA.B171.FA0F.F31C!0001!85C5.71D2!0008!436C.BC38.67B7.C1CA', 'client_secret': 'a2f71736-5dc8-4bc1-9e18-5af47ad80802', 'op_host': 'https://gluu-accenture.com', 'oxd_id': '9efbf0c7-87aa-4433-b31e-f439a3e1e95e', 'scope': ['uma_protection', 'openid']}, 'verify': False} <type 'exceptions.TypeError'>: request() got an unexpected keyword argument 'json' args = ("request() got an unexpected keyword argument 'json'",) message = "request() got an unexpected keyword argument 'json'" ``` And also I could see a claims_redirect uri mentioned in config.py. Is this cgi file we need to create and store somewhere. Please advise Thanks, Doma

Michal, could you comment on this?

Hi Doma, I suspect that you are using old requests library. POST'ing using the json kwarg requires >=2.4.2 You can upgrade the lib using ``` pip install --upgrade requests ``` claims_redirect uri - is a uri which is used after the claims gathering. In our case it points to the same script (because we are handling redirected call in it). This uri also has to be set in your client configuration in gluu-server (OpenID Connect -> Clients -> your client -> Add Claim Redirect Uris). I also added some comments about config values to make it clearer. https://github.com/GluuFederation/gluu-gateway/blob/master/gg-demo/config.py

Hi Doma, Is there anything else we can assist you? Idle tickets are generally closed periodically.