OXD server returns "Unknown internal server error occurs" message while handling AUTHORIZATION_CODE_FLOW command

By: Alex Moniatovsky user 26 Oct 2017 at 4:41 p.m. CDT

8 Responses
Alex Moniatovsky gravatar
Hi, I am interested in Gluu SSO solution, our DevOps has deployed Gluu server along with OXD server(purchased license) to use their API for authentication purposes. The main requirements for authentication(and user management as well) is the absence of redirection from our resource to SSO provider, so we just want to use Gluu APIs for authentication. So I have integrated org.xdi.oxd-java:2.4.4.Final library in our back-end and performed next steps: 1) Register our application as OpenID client via CommandType.REGISTER_SITE command an obtained OXD_ID; 2) Update registration with the client id, client secret via CommandType.UPDATE_SITE command, BTW I haven't found how to do this from Gluu server UI; 3) Create test user from Gluu UI; 4) Send CommandType.AUTHORIZATION_CODE_FLOW command with required params; 5) Get not verbose response: {"error":"internal_error","error_description":"Unknown internal server error occurs."}; Here the my code snippet: ``` final AuthorizationCodeFlowParams commandParams = new AuthorizationCodeFlowParams(); commandParams.setOxdId(OXD_ID); commandParams.setClientId(CLIENT_ID); commandParams.setClientSecret(CLIENT_SECRET); commandParams.setNonce(UUID.randomUUID().toString()); commandParams.setRedirectUrl("https://gluu-de.local/"); commandParams.setScope("openid"); commandParams.setUserId("Test"); commandParams.setUserSecret("P@ssw0rd"); final Command command = new Command(CommandType.AUTHORIZATION_CODE_FLOW); command.setParamsObject(commandParams); String accessToken = client.send(command).dataAsResponse(AuthorizationCodeFlowResponse.class).getAccessToken(); ``` From oxd-server.log: ``` ReadResult{m_command='{"command":"authorization_code_flow","params":{"scope":"openid","nonce":"1b1b3f4c-5ee5-4765-b3e8-262e5ffb092c","acr":null,"oxd_id":"5ceb7c97-4e02-4133-a391-66ad0a2de4e9","redirect_url":"https://gluu-de.local/","client_id":"IvaaS","client_secret":"ivaas_secret","user_id":"Test User","user_secret":"P@ssw0rd"}}', m_leftString=''} 2017-10-26 20:38:14,600 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"authorization_code_flow","params":{"scope":"openid","nonce":"1b1b3f4c-5ee5-4765-b3e8-262e5ffb092c","acr":null,"oxd_id":"5ceb7c97-4e02-4133-a391-66ad0a2de4e9","redirect_url":"https://gluu-de.local/","client_id":"IvaaS","client_secret":"ivaas_secret","user_id":"Test User","user_secret":"P@ssw0rd"}} 2017-10-26 20:38:14,601 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2017-10-26 20:38:14,622 DEBUG [org.xdi.oxd.server.op.AuthorizationCodeFlowOperation] Authorization code is blank. 2017-10-26 20:38:14,622 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Unknown internal server error occurs."}} 2017-10-26 20:38:14,622 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. ``` I have investigated oxd server sources and found that while proccessing AUTHORIZATION_CODE_FLOW command, OXD prepare AuthorizeClient with request and execute it. If authorizationCode property in response is blank, "Authorization code is blank." message is printed(what I exactly see in the log) and null response is returned, I assume that it lead to "Unknown internal server error occurs" for client . Could you please suggest where did I go wrong?How to resolve this issue? Thank you in advance
Ubuntu 17.04
closed

Answers

By Jajati Badu Account Admin 27 Oct 2017 at 4:22 a.m. CDT

Copy
Jajati Badu gravatar
Hi Alex, Thank you very much for using Gluu server. From your log file it seems you are using wrong oxd java library. oxd-java library has been moved to https://github.com/GluuFederation/oxd/tree/master/oxd-client . So could you please try oxd-java library mentioned below **oxd-java library (3.0.1)** (Stable version) [Download oxd-java 3.0.1](https://ox.gluu.org/maven/org/xdi/oxd-client/3.0.1/oxd-client-3.0.1.jar) **oxd-java library (3.1.1)** (To be released very soon) [Download oxd-java 3.1.1 ](https://ox.gluu.org/maven/org/xdi/oxd-client/3.1.1.Final/oxd-client-3.1.1.Final.jar) [Document](https://gluu.org/docs/oxd/3.1.1/libraries/java/) Thanks, Jajati

By Alex Moniatovsky user 27 Oct 2017 at 7:51 a.m. CDT

Copy
Alex Moniatovsky gravatar
Thanks Jajati, for your response, I have shifted to library version that you have provided: <version.oxd>3.0.1</version.oxd> <dependency> <groupId>org.xdi</groupId> <artifactId>oxd-client</artifactId> <version>${version.oxd}</version> </dependency> But unfortunately, it doesn't resolve the issue, I get the same message in logs, hence same response is obtained by my application: "Unknown internal server error occurs". Do you have other ideas what is wrong? Thanks, Alex
Video or screenshot link

By Jajati Badu Account Admin 27 Oct 2017 at 10:46 a.m. CDT

Copy
Jajati Badu gravatar
Hi Alex, oxd-server 3.0.1 has following endpoints . I don't think authorization_code_flow is supported by oxd-server 3.0.1 - Register Site - Update Site Registration - Get Authorization URL - Get Tokens (ID & Access) by Code - Get Access Token by Refresh Token - Get User Info - Get Logout URI https://gluu.org/docs/oxd/3.0.1/protocol/ Thanks, Jajati

By Alex Moniatovsky user 29 Oct 2017 at 1:16 p.m. CDT

Copy
Alex Moniatovsky gravatar
Thanks, Jahati I read this protocol overview and it actually confusing me, because OXD client and server sources point that AUTHORIZATION_CODE_FLOW is supported. We have a requirement to not redirect users to the external page, sending all auth data from our back-end to obtain an access token, Gluu expert(we had a call with him, before choosing Gluu as SSO solution) states that we should be good with it. So could you please confirm that we are not able to meet this requirement neither with client library nor direct calls to REST endpoints?

By Jajati Badu Account Admin 30 Oct 2017 at 3:46 a.m. CDT

Copy
Jajati Badu gravatar
Hi Alex, I will check this with our team and get back to you asap. Thanks, Jajati

By Alex Moniatovsky user 01 Nov 2017 at 12:30 p.m. CDT

Copy
Alex Moniatovsky gravatar
Hi Jahati, Are there any updates on this issue?

By Yuriy Zabrovarnyy staff 01 Nov 2017 at 1:11 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Alex, First of all `AUTHORIZATION_CODE_FLOW` command is not officially supported. It is used for testing of oxd-server internally. However you can use it if you wish (it works perfectly according to latest jenkins reports). According to logs you posted above we can see that `code` is not returned from your AS (probably oxauth). ``` 2017-10-26 20:38:14,622 DEBUG [org.xdi.oxd.server.op.AuthorizationCodeFlowOperation] Authorization code is blank. ``` You can check `oxauth.log` for more details but I guess that your client is not marked as `trusted`. Please check you client `"client_id":"IvaaS"`. You can make client `trusted` via GUI (identity/oxtrust) or otherwise please set trusted flag during registration. Please check sample here (line 145) ``` https://github.com/GluuFederation/oxd/blob/version_3.1.1/oxd-client/src/test/java/org/xdi/oxd/client/RegisterSiteTest.java#L145-145 ``` Thanks, Yuriy Z

By Alex Moniatovsky user 30 Nov 2017 at 6:30 p.m. CST

Copy
Alex Moniatovsky gravatar
Thanks Yuriy, I will consider flow with user redirection.

Post an answer