By: Chris Lumpkin user 11 Sep 2020 at 1:58 p.m. CDT

4 Responses
Chris Lumpkin gravatar
I am attempting to follow the [instructions for testing SCIM API with UMA authorization]( I followed the instructions for enabling SCIM and UMA, importing the TLS cert into my local Java keystore (in this case that cert comes from our loadbalancer), downloading the scim-rp.jks file, and I extracted the keystore password from Vault. I was expecting to see a log entry with the admin user's display name, but the sample code is throwing an exception because a 502 page is returned instead of the expected JSON results. This is the sample code I'm using: ``` package org.tcp.usermgmtclient; import gluu.scim2.client.factory.ScimClientFactory; import; import org.gluu.oxtrust.model.scim2.BaseScimResource; import org.gluu.oxtrust.model.scim2.ListResponse; import org.gluu.oxtrust.model.scim2.user.UserResource; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.CommandLineRunner; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import; import java.util.List; @SpringBootApplication public class UserMgmtClientApplication implements CommandLineRunner { private String domainURL = ""; private String umaAatClientId = "1202.fa5c7517-d54b-4b53-90b9-e1ba387e44aa"; private String umaAatClientJksPath = "certs/scim-rp.jks"; private String umaAatClientJksPassword = "tR6J4wtIU8l8"; private String umaAatClientKeyId = ""; private static final Logger LOG = LoggerFactory .getLogger(UserMgmtClientApplication.class); public static void main(String[] args) {"STARTING THE APPLICATION");, args);"APPLICATION FINISHED"); } @Override public void run(String... args) throws Exception {"EXECUTING : command line runner"); ClientSideService client = ScimClientFactory.getClient(domainURL, umaAatClientId, umaAatClientJksPath, umaAatClientJksPassword, umaAatClientKeyId); String filter = "userName eq \"admin\""; Response response = client.searchUsers(filter, 1, 1, null, null, null, null);"Got response : Status Code " + response.getStatus()); List<BaseScimResource> resources = response.readEntity(ListResponse.class).getResources();"Length of results list is: {}", resources.size()); UserResource admin = (UserResource) resources.get(0);"First user in the list is: {}" + admin.getDisplayName()); client.close(); for (int i = 0; i < args.length; ++i) {"args[{}]: {}", i, args[i]); } } } ``` This is the output and stack trace: ``` 2020-09-11 14:41:13.692 INFO 7013 --- [ main] o.t.u.UserMgmtClientApplication : Got response : Status Code 502 2020-09-11 14:41:13.696 INFO 7013 --- [ main] ConditionEvaluationReportLoggingListener : Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled. 2020-09-11 14:41:13.702 ERROR 7013 --- [ main] o.s.boot.SpringApplication : Application run failed java.lang.IllegalStateException: Failed to execute CommandLineRunner at org.springframework.boot.SpringApplication.callRunner( ~[spring-boot-2.3.2.RELEASE.jar:2.3.2.RELEASE] at org.springframework.boot.SpringApplication.callRunners( ~[spring-boot-2.3.2.RELEASE.jar:2.3.2.RELEASE] at ~[spring-boot-2.3.2.RELEASE.jar:2.3.2.RELEASE] at ~[spring-boot-2.3.2.RELEASE.jar:2.3.2.RELEASE] at ~[spring-boot-2.3.2.RELEASE.jar:2.3.2.RELEASE] at org.tcp.usermgmtclient.UserMgmtClientApplication.main( ~[classes/:na] Caused by: RESTEASY003145: Unable to find a MessageBodyReader of content-type text/html and type class org.gluu.oxtrust.model.scim2.ListResponse at org.jboss.resteasy.core.interception.ClientReaderInterceptorContext.throwReaderNotFound( ~[resteasy-jaxrs-3.5.1.Final.jar:3.5.1.Final] at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.getReader( ~[resteasy-jaxrs-3.5.1.Final.jar:3.5.1.Final] at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed( ~[resteasy-jaxrs-3.5.1.Final.jar:3.5.1.Final] at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readFrom( ~[resteasy-client-3.5.1.Final.jar:3.5.1.Final] at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readEntity( ~[resteasy-client-3.5.1.Final.jar:3.5.1.Final] at org.jboss.resteasy.specimpl.BuiltResponse.readEntity( ~[resteasy-jaxrs-3.5.1.Final.jar:3.5.1.Final] at ~[classes/:na] at org.springframework.boot.SpringApplication.callRunner( ~[spring-boot-2.3.2.RELEASE.jar:2.3.2.RELEASE] ... 5 common frames omitted ``` Thanks in advance for any insight, Chris

By Chris Lumpkin user 15 Sep 2020 at 1:35 p.m. CDT

Chris Lumpkin gravatar
This is the only service log I found that appears to be related to the issue, from nginx: ``` - - [15/Sep/2020:18:29:18 +0000] "GET /identity/restv1/scim/v2/Users?filter=userName+eq+%22admin%22&startIndex=1&count=1 HTTP/1.1" 502 22307 "-" "Apache-HttpClient/4.5.12 (Java/13.0.2)" "" ```

By Chris Lumpkin user 16 Sep 2020 at 2:02 p.m. CDT

Chris Lumpkin gravatar
I found a more specific error in nginx, and I confirmed oxAuth is not getting any requests when I run my client request: ``` 2020/09/16 18:39:56 [error] 32#32: *229762 connect() failed (111: Connection refused) while connecting to upstream, client:, server:, request: "GET /identity/restv1/scim/v2/Users?filter=userName+eq+%22admin%22&startIndex=1&count=1 HTTP/1.1", upstream: "", host: "" ```

By Jose Gonzalez staff 19 Sep 2020 at 1:53 p.m. CDT

Jose Gonzalez gravatar
HI, I think it is connectivity issues. I'm fairly sure your scim.log is not showing anything (check if this is so). Log into your container and try to do a GET like ``. If the service is functional it should give you a 200 JSON reply. Then, we can try to troubleshoot why `/identity/restv1/scim/v2/Users...` is unresponsive, ie. 502.

By Chris Lumpkin user 21 Sep 2020 at 12:49 p.m. CDT

Chris Lumpkin gravatar
I'm closing this issue, as we're migrating from the docker CE instance to a kubernetes clustered deployment. Thanks for your help.