By: Carlos Barbiero user 18 Sep 2017 at 10:46 a.m. CDT

10 Responses

Hey guys, I have a rails app using oxd-ruby and the oxd-server. Whe I try to login to my gluu endpoint I get the login URL but after that I always get an access denied. I checked the black/whitelists and all seems fine. This is getting me crazy :( Any guide/help will be appreciated I attach the oxd-server logs: 2017-09-18 12:23:54,257 TRACE [org.xdi.oxd.server.license.MacAddressProvider] Mac address fetched from file: 02-42-74-87-4B-69 2017-09-18 12:23:54,258 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2017-09-18 12:23:54,259 TRACE [org.xdi.oxd.server.license.LicenseService] Updating statistic ... , request: StatisticUpdateRequest{type=CLIENT, licenseId='null', properties={license_id=d83a4946-3c7d -4cb7-915c-509c64fbe158, mac_address=02-42-74-87-4B-69, oxd_id=365837b7-8c1b-4980-a391-8b688c06661f, client_name=null, client_id=@!2C54.E50D.0DBC.3D39!0001!58D1.CCD0!0008!69B0.7783.5E55.2663, is_cli ent_local=true}, appMetadata=AppMetadata{appName='oxd', appVersiom='3.1.0', programmingLanguage='null', data={server_name=local, git.tags=, git.commit.user.name=Yuriy Zabrovarnyy, git.commit.id.abbr ev=3b33b13, git.branch=origin/version_3.1.0, git.commit.id.describe-short=3b33b13, git.commit.id.describe=3b33b13, git.commit.id=3b33b13cf9890183a8f69bffea9ef696d29d504e, git.commit.message.short=fi xed problem with value parameter encoding, git.build.user.email=Unknown, git.commit.user.email=yzabrovarniy@gmail.com, git.commit.time=08.09.2017 @ 13:32:29 EDT, git.build.time=08.09.2017 @ 13:36:48 EDT, git.build.user.name=Unknown, git.dirty=true, git.commit.message.full=fixed problem with value parameter encoding , git.remote.origin.url=https://github.com/GluuFederation/oxD}}} 2017-09-18 12:23:54,259 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2017-09-18 12:23:55,058 TRACE [org.xdi.oxd.server.license.LicenseService] Updated statistic. oxdId: 365837b7-8c1b-4980-a391-8b688c06661f 2017-09-18 12:23:55,175 WARN [org.apache.http.client.protocol.ResponseProcessCookies] Cookie rejected: "[version: 0][name: JSESSIONID][value: 1kasek2vya6sf1wpr5r0pfy49a][domain: rsauth1.skywaywest. net][path: /oxauth][expiry: null]". Illegal path attribute "/oxauth". Path of origin: "/.well-known/openid-configuration" 2017-09-18 12:23:55,187 TRACE [org.xdi.oxd.server.service.DiscoveryService] Discovery response: { "issuer": "https://rsauth1.skywaywest.net", "authorization_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/authorize", "token_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/token", "userinfo_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/userinfo", "clientinfo_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/clientinfo", "check_session_iframe": "https://rsauth1.skywaywest.net/oxauth/opiframe", "end_session_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/end_session", "jwks_uri": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/jwks", "registration_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/register", "validate_token_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/validate", "id_generation_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/id", "introspection_endpoint": "https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/introspection", "scopes_supported": [ "email", "user_name", "clientinfo", "permission", "openid", "address", "phone", profile", "mobile_phone" ], "response_types_supported": [ "code", "code id_token", "token", "token id_token", "code token", "code token id_token", "id_token" ], "grant_types_supported": [ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "acr_values_supported": ["auth_ldap_server"], "auth_level_mapping": {"-1": ["auth_ldap_server"]}, "subject_types_supported": [ "public", "pairwise" ], "userinfo_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "userinfo_encryption_enc_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_signing_alg_values_supported": [ "id_token_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "request_object_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "display_values_supported": [ "page", "popup" ], "claim_types_supported": ["normal"], "claims_supported": [ "birthdate", "country", "name", "email", "email_verified", "given_name", "gender", "inum", "family_name", "updated_at", "locale", "middle_name", "nickname", "phone_number_verified", "picture", "preferred_username", "profile", "zoneinfo", "user_name", "website" ], "service_documentation": "http://gluu.org/docs", "claims_locales_supported": ["en"], "ui_locales_supported": [ "en", "es" ], "scope_to_claims_mapping": [ {"uma_protection": []}, {"email": [ "email_verified", "email" ]}, {"user_name": ["user_name"]}, {"clientinfo": [ "name", "inum" ]}, {"permission": []}, {"openid": []}, {"address": [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]}, {"phone": [ "phone_number_verified", "phone_number" ]}, {"uma_authorization": []}, {"profile": [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]}, {"mobile_phone": ["phone_mobile_number"]} ], "claims_parameter_supported": true, "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": false, "op_policy_uri": "http://ox.gluu.org/doku.php?id=oxauth:policy", "op_tos_uri": "http://ox.gluu.org/doku.php?id=oxauth:tos", "frontchannel_logout_supported": "true", "frontchannel_logout_session_supported": true } 2017-09-18 12:23:55,190 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"ok","data":{"authorization_url":"https://rsauth1.skywaywest.net/oxauth/seam/resource/restv1/oxauth/authori ze?response_type=code&client_id=@!2C54.E50D.0DBC.3D39!0001!58D1.CCD0!0008!69B0.7783.5E55.2663&redirect_uri=https://skywaywest-portal.net:3000/callbacks&scope=openid+permission+profile+uma_protection +uma_authorization&state=rre46gemn36k9jpff2a01d3lhc&nonce=i1qmlpffq7hhepi4d18epuskvr&prompt=login"}} 2017-09-18 12:23:55,190 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2017-09-18 12:23:55,190 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2017-09-18 12:23:55,190 TRACE [org.xdi.oxd.common.CoreUtils] End of stream. Quit. 2017-09-18 12:23:55,190 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank.

Ubuntu 16.04

closed

By Michael Schwartz Account Admin 18 Sep 2017 at 11:11 a.m. CDT

Copy

What version of oxd are you using?

By Carlos Barbiero user 18 Sep 2017 at 11:54 a.m. CDT

Copy

Hey Michael, Latest version, 3.0.1.

By Jajati Badu Account Admin 18 Sep 2017 at 12:16 p.m. CDT

Copy

Hi Carlos, As per the log file it looks like you are using oxd server 3.1.0 which is released recently. Could you please post the exact Access denied error message you are getting? Also, while we are looking into this issue you can try oxd 3.0.1. You can get the oxd jar file from this location [oxd 3.0.1](http://ox.gluu.org/maven/org/xdi/oxd-server/3.0.1/) Kind Regards, Jajati

By Jajati Badu Account Admin 18 Sep 2017 at 12:20 p.m. CDT

Copy

Also could you please let us know the Gluu server version you are using ? Kind Regards, Jajati

By Carlos Barbiero user 18 Sep 2017 at 2:16 p.m. CDT

Copy

Hey! Gluu server version is 3.1.0 The exact redirect url that I get is this one: https://skywaywest-portal.net:3000/callbacks?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request.&state=hmeqb99uuthsg3t32pqdmq422p with oxd-server 3.0.1 I have another error: 2017-09-18 16:14:50,189 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2017-09-18 16:14:51,056 ERROR [org.xdi.oxd.server.op.RegisterSiteOperation] ClientId: null, clientSecret: null 2017-09-18 16:14:51,056 ERROR [org.xdi.oxd.server.op.RegisterSiteOperation] Thevalue of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorizat ion Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata. 2017-09-18 16:14:51,056 ERROR [org.xdi.oxd.server.op.RegisterSiteOperation] Failed to register client for site. Details:{"error":"invalid_client_metadata","error_description":"The value of one of th e Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metad ata."} java.lang.RuntimeException: Failed to register client for site. Details:{"error":"invalid_client_metadata","error_description":"The value of one of the Client Metadata fields is invalid and the serv er has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata."} at org.xdi.oxd.server.op.RegisterSiteOperation.registerClient(RegisterSiteOperation.java:230) at org.xdi.oxd.server.op.RegisterSiteOperation.persistSiteConfiguration(RegisterSiteOperation.java:184) at org.xdi.oxd.server.op.RegisterSiteOperation.execute(RegisterSiteOperation.java:60) at org.xdi.oxd.server.op.RegisterSiteOperation.execute(RegisterSiteOperation.java:37) at org.xdi.oxd.server.Processor.process(Processor.java:80) at org.xdi.oxd.server.Processor.process(Processor.java:55) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:60) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2017-09-18 16:14:51,059 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Unknown internal server error occurs."}} 2017-09-18 16:14:51,059 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enableto process command. thanks for the help!

By Carlos Barbiero user 19 Sep 2017 at 7:05 a.m. CDT

Copy

Correction: Gluu server version is 3.0.2

By Jajati Badu Account Admin 19 Sep 2017 at 11:31 a.m. CDT

Copy

Hi Carlos, If you are using Gluu server 3.0.2 you should intstall oxd server 3.0.2 . You can can download oxd server from below location [https://ox.gluu.org/maven/org/xdi/oxd-server/3.0.2/](https://ox.gluu.org/maven/org/xdi/oxd-server/3.0.2/) Kind Regards, Jajati

By Carlos Barbiero user 19 Sep 2017 at 11:36 a.m. CDT

Copy

hello Jajati! Will try and I'll let u know how was going, thanks!

By Carlos Barbiero user 19 Sep 2017 at 1:04 p.m. CDT

Copy

now works like a charm! Thanks Jajati!

By Jajati Badu Account Admin 19 Sep 2017 at 1:14 p.m. CDT

Copy

Glad to know that it worked. Thanks for using Gluu Kind Regards, Jajati

You need to Login in order to post an answer

Always get access_denied The resource owner or authorization server denied the request

By: Carlos Barbiero user 18 Sep 2017 at 10:46 a.m. CDT

Answers

By Michael Schwartz Account Admin 18 Sep 2017 at 11:11 a.m. CDT

By Carlos Barbiero user 18 Sep 2017 at 11:54 a.m. CDT

By Jajati Badu Account Admin 18 Sep 2017 at 12:16 p.m. CDT

By Jajati Badu Account Admin 18 Sep 2017 at 12:20 p.m. CDT

By Carlos Barbiero user 18 Sep 2017 at 2:16 p.m. CDT

By Carlos Barbiero user 19 Sep 2017 at 7:05 a.m. CDT

By Jajati Badu Account Admin 19 Sep 2017 at 11:31 a.m. CDT

By Carlos Barbiero user 19 Sep 2017 at 11:36 a.m. CDT

By Carlos Barbiero user 19 Sep 2017 at 1:04 p.m. CDT

By Jajati Badu Account Admin 19 Sep 2017 at 1:14 p.m. CDT

Post an answer