Sending credentials to osAuth gets a Java.lang error

By: Scott Borne user 16 May 2017 at 3:58 p.m. CDT

5 Responses
Scott Borne gravatar
Using the Gluu provided javascript tutorial we are getting a " java.lang.IllegalStateException: Counter for nested ContextualHttpServletRequest was removed before it should be! " on redirect. It never hits the callback redirect page. From this url https://redhat7.our-domain.com/oxauth/seam/resource/restv1/oxauth/authorize?response_type=code%20token%20id_token&scope=openid%20profile&nonce=4rebdz&client_id=@!A150.80A9.AE46.E6E9!0001!6169.987D!0008!AC9F.7FFD.7EC9.84E7&redirect_uri=https://sso-web-test.our-domain.com/login-callback.html&state=9vytas&max_age=60&claims={%22id_token%22:{%22email%22:null,%22phone_number%22:null},%22userinfo%22:{%22given_name%22:null,%22family_name%22:null}} There are no errors in the httpd error log file. ``` <html> <head></head> <body> <script src="https://cdn.rawgit.com/GluuFederation/openid-implicit-client/master/openidconnect.js"></script> <h2>SSO TEST</h2> <script> // set client_id and redirect_uri var clientInfo = { client_id : '@!A150.80A9.AE46.E6E9!0001!6169.987D!0008!AC9F.7FFD.7EC9.84E7', redirect_uri : 'https://sso-web-test.our-domain.com/login-callback.html' }; OIDC.setClientInfo( clientInfo ); // set Identity Provider configuration information using discovery var providerInfo = OIDC.discover('https://redhat7.our-domain.com'); // or set via manual configuration // var providerInfo = { // issuer: 'https:/op.example.com', // authorization_endpoint: 'http://op.example.com/auth.html', // jwks_uri: 'https://op.example.com/jwks' // }; // set Identity Provider configuration OIDC.setProviderInfo( providerInfo ); // store configuration for reuse in the callback page OIDC.storeInfo(providerInfo, clientInfo); // Redirect to login // login with default scope=openid, response_type=id_token OIDC.login(); // login with options OIDC.login( { scope : 'openid profile', response_type : 'code token id_token', max_age : 60, claims : { id_token : ['email', 'phone_number'], userinfo : ['given_name', 'family_name'] } } ); </script> <button onClick="OIDC.login( {scope : 'internal', response_type : 'token id_token'} );" type="button" class="btn btn-success" >Authenticate</button> </body> </html> ``` This is the same error we were getting on the initial install of oxAuth-rp. The only place I see this error is in the seam discussion boards. We have verified this on a second machine. Any ideas on a work around?
Rhel72
closed

Answers

By Aliaksandr Samuseu staff 16 May 2017 at 4:04 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Scott. Could you provide a link to the actual doc page you were following when configuring it? Could you also use **SAML Tracer** Firefox plugin to capture the whole failing flow and share the capture with us? It's called "SAMLTracer" but should be enough for capturing OIDC implicit/hybrid flows

By Scott Borne user 16 May 2017 at 4:48 p.m. CDT

Copy
Scott Borne gravatar
Here is the article. https://www.gluu.org/blog/openid-connect-implicit-client/ I also found a few others with the same results. Thanks for the info on the tracer. I'll give it a shot. Thanks for your time

By Aliaksandr Samuseu staff 16 May 2017 at 4:54 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Thanks. >I also found a few others with the same results. Do you mean few other tickets on the same issue? Could you reference me to a couple of them?

By Scott Borne user 16 May 2017 at 5:35 p.m. CDT

Copy
Scott Borne gravatar
No I meant a few more tutorials. https://gluu.org/docs/ce/integration/oauth-js-implicit/ Once I find the other ones (very few) I'll send them on

By Aliaksandr Samuseu staff 17 May 2017 at 8:09 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Scott. Please note we currently have an issue with CORS filter which will interfere with implicit flow use by on-page (javascript etc) clients. You can try to check for CORS-related errors in Google Chrome's development console to confirm you are facing it. If you will share the capture I asked before I also will be able to say whether it's the case by looking at it. There are certain ways to circumvent it, or you could wait for a fix which should be there in next couple of days.

Post an answer