"Failed to find attribute" error on Gluu Implicit Client example
By: Elliot Rodriguez user 17 May 2017 at 12:27 p.m. CDT
I have tried completing the primer at https://www.gluu.org/blog/openid-connect-implicit-client/ and I am not getting back any information in the callback page.
When I inspect the logs I see:
2017-05-17 13:15:55,243 INFO [qtp2008017533-16] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:141) - Authenticating user 'admin'
2017-05-17 13:15:55,249 INFO [qtp2008017533-16] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:155) - User 'admin' authenticated successfully
2017-05-17 13:15:55,320 INFO [qtp2008017533-10] [org.gluu.oxtrust.ldap.service.OrganizationService] (OrganizationService.java:258) - Starting App version 3.0.1
2017-05-17 13:16:00,495 ERROR [qtp2008017533-15] [org.gluu.oxtrust.ldap.service.AttributeService] (AttributeService.java:582) - Failed to find attribute 'memberOf' metadata
2017-05-17 13:16:00,495 ERROR [qtp2008017533-15] [org.gluu.oxtrust.ldap.service.AttributeService] (AttributeService.java:582) - Failed to find attribute 'oxLastLogonTime' metadata
I haven't added any users or imported anything from a data store. My redirect_uri is NOT over https; this is just a local instance on my machine connecting to Gluu on a VM.
How can I resolve this?
Answers
By Aliaksandr Samuseu staff 17 May 2017 at 12:43 p.m. CDT
Hi, Elliot.
Please try to see what's happening in Chrome development console. Are there some errors showing up? Please also capture your implicit flow with SAMLTracer Firefox plugin and share the capture with us.
By Michael Schwartz Account Admin 17 May 2017 at 2:23 p.m. CDT
We have a patch coming out, Gluu Server 3.0.2, which will be out shortly for allowing callbacks to http for localhost.
Otherwise, you can't have a non-https callback.
If you could include the client ldif that would be helpful. Or at least screenshots of your client config.
By Elliot Rodriguez user 17 May 2017 at 3:06 p.m. CDT
Hi Mike - Will a self-signed cert on localhost work?
I'll get the rest of the information you requested shortly.
By Michael Schwartz Account Admin 17 May 2017 at 3:22 p.m. CDT
Yes, self signed is fine. Remember, the redirect is handled by the browser. So you'll get the normal warning about untrusted certificate, but that's fine for testing.
By Aliaksandr Samuseu staff 17 May 2017 at 7:33 p.m. CDT
Hi, Elliot.
It turns out we have some issue with CORS filter in current packages, so unless tweaked a bit, you may still be facing issues with on-page (javascript etc) clients using implicit flow, even if https:// scheme is used (that's why I asked to check Google Chrome's dev console, it should give you some hints that CORS prohibits some access during your failing flows). Fixes for it are on the way, please stay put.
By Elliot Rodriguez user 18 May 2017 at 7:11 a.m. CDT
Okay. I had to put this down yesterday but I'll share some more diagnostics shortly.
By Aliaksandr Samuseu staff 26 May 2017 at 4:44 a.m. CDT
Hi, Elliot.
We are still working on a fix for CORS issue. Were you able to capture your implicit flow with SAMLTracer?
By Aliaksandr Samuseu staff 06 Jun 2017 at 9:18 a.m. CDT
Hi, Elliot.
I'm closing this ticket due to inactivity. CORS issue is fixed in 3.0.2 package which is about to be released. Please try your implicit flow again there.
Post an answer
Warning
I have detected that you have been inactive for 10 minutes.
I got sleepy so I've taken a nap!
