"Failed to find attribute" error on Gluu Implicit Client example

By: Elliot Rodriguez user 17 May 2017 at 12:27 p.m. CDT

8 Responses
Elliot Rodriguez gravatar
I have tried completing the primer at https://www.gluu.org/blog/openid-connect-implicit-client/ and I am not getting back any information in the callback page. When I inspect the logs I see: ``` 2017-05-17 13:15:55,243 INFO [qtp2008017533-16] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:141) - Authenticating user 'admin' 2017-05-17 13:15:55,249 INFO [qtp2008017533-16] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:155) - User 'admin' authenticated successfully 2017-05-17 13:15:55,320 INFO [qtp2008017533-10] [org.gluu.oxtrust.ldap.service.OrganizationService] (OrganizationService.java:258) - Starting App version 3.0.1 2017-05-17 13:16:00,495 ERROR [qtp2008017533-15] [org.gluu.oxtrust.ldap.service.AttributeService] (AttributeService.java:582) - Failed to find attribute 'memberOf' metadata 2017-05-17 13:16:00,495 ERROR [qtp2008017533-15] [org.gluu.oxtrust.ldap.service.AttributeService] (AttributeService.java:582) - Failed to find attribute 'oxLastLogonTime' metadata ``` I haven't added any users or imported anything from a data store. My redirect_uri is NOT over https; this is just a local instance on my machine connecting to Gluu on a VM. How can I resolve this?
CentOS72
closed

Answers

By Aliaksandr Samuseu staff 17 May 2017 at 12:43 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Elliot. Please try to see what's happening in Chrome development console. Are there some errors showing up? Please also capture your implicit flow with **SAMLTracer** Firefox plugin and share the capture with us.

By Michael Schwartz Account Admin 17 May 2017 at 2:23 p.m. CDT

Copy
Michael Schwartz gravatar
We have a patch coming out, Gluu Server 3.0.2, which will be out shortly for allowing callbacks to http for localhost. Otherwise, you can't have a non-https callback. If you could include the client ldif that would be helpful. Or at least screenshots of your client config.

By Elliot Rodriguez user 17 May 2017 at 3:06 p.m. CDT

Copy
Elliot Rodriguez gravatar
Hi Mike - Will a self-signed cert on localhost work? I'll get the rest of the information you requested shortly.

By Michael Schwartz Account Admin 17 May 2017 at 3:22 p.m. CDT

Copy
Michael Schwartz gravatar
Yes, self signed is fine. Remember, the redirect is handled by the browser. So you'll get the normal warning about untrusted certificate, but that's fine for testing.

By Aliaksandr Samuseu staff 17 May 2017 at 7:33 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Elliot. It turns out we have some issue with CORS filter in current packages, so unless tweaked a bit, you may still be facing issues with on-page (javascript etc) clients using implicit flow, even if `https://` scheme is used (that's why I asked to check Google Chrome's dev console, it should give you some hints that CORS prohibits some access during your failing flows). Fixes for it are on the way, please stay put.

By Elliot Rodriguez user 18 May 2017 at 7:11 a.m. CDT

Copy
Elliot Rodriguez gravatar
Okay. I had to put this down yesterday but I'll share some more diagnostics shortly.

By Aliaksandr Samuseu staff 26 May 2017 at 4:44 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Elliot. We are still working on a fix for CORS issue. Were you able to capture your implicit flow with SAMLTracer?

By Aliaksandr Samuseu staff 06 Jun 2017 at 9:18 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Elliot. I'm closing this ticket due to inactivity. CORS issue is fixed in 3.0.2 package which is about to be released. Please try your implicit flow again there.

Post an answer