Hi Levy, Which kind of client have you setup on **Gluu** server. Also for future request, please make sure to provide more details so that we can help you in less time.

Hi Thomas, I created OpenID client web client. Let me know which details you need more?

Hello, Can you provide the link of the documentation that you followed to configure the OpenID client?

Hi Thomas, I used this: https://gluu.org/docs/ce/admin-guide/openid-connect/

Hi, Note that there are many ways to setup and OpenID client using GLUU server. You can found that [here](https://gluu.org/docs/ce/integration/). I need one information from you. Let's say you have setup Gluu server on a VM and it is accessible at this address: https://gluu.yourdomain.com. I want you to visit this link https://gluu.yourdomain.com/.well-known/openid-configuration and let me know what is the value of "authorization_endpoint" parameter.

Hi Thomas, here you go: authorization_endpoint: "https://signin.myvoicenotebook.com/oxauth/restv1/authorize", token_endpoint: "https://signin.myvoicenotebook.com/oxauth/restv1/token",

> Hi Guys, So I managed to setup client in GLUU server, but for some reason for getting the token I'm getting redirect to /oxauth/token instead of /oxauth/restv1/token and of course getting 404 Any ideas why? Your "token_endpoint" seems correct at this stage. Can you provided the link from which you are getting a 404 error? I mean the whole link.

I'm using Google's Auth login.. you can try the following: https://gala-demo.appspot.com/ type under service_id: my-notebook-babfd_dev scopes: openid

As you can see, you are giving more information now. As requested early please kindly provide as much information as possible when submitting a request. To make sure i'm got it right do you mean this [link](https://gluu.org/docs/ce/authn-guide/google/)?

Not really, I'm using google actions and for their account linking they require oAuth2 server. You can test it here: [https://gala-demo.appspot.com/](https://gala-demo.appspot.com/) Enter:**my-notebook-babfd_dev** under service_id Under scopes: **openid** This should create a request to my server to test the authentication.

Hi Thomas, Did you get a chance to look into it? Thanks!

Yeah, i'm working on. I have setup a simple Google actions project with API.AI. I will come back to you when done.

Levy, > Hi Thomas, I used this: https://gluu.org/docs/ce/admin-guide/openid-connect/ You may use this [link](https://gluu.org/docs/ce/authn-guide/google/) or just compare you config with that one. One more thing, check the oxauth.log file to have more details about the issue. Thanks!

Hi Thomas, Again I couldn't find anything useful: oxauth.log: ``` 2018-01-09 20:15:03,275 ERROR [qtp1484531981-21] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:409) - Failed to update oxLastLogonTime of user 'itayl@xxxxxx.com' 2018-01-09 20:15:03,277 INFO [qtp1484531981-21] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:514) - Attempting to redirect user: SessionUser: SessionState {dn='oxAuthSessionId=6ffaf4ac-326b-41bf-bc78-e8db87d3246f,ou=session,o=@!5A93.7304.2063.3638!0001!8ACD.E61C,o=gluu', id='6ffaf4ac-326b-41bf-bc78-e8db87d3246f', lastUsedAt=Tue Jan 09 20:15:03 UTC 2018, userDn='inum=@!5A93.7304.2063.3638!0001!8ACD.E61C!0000!1140.8F93.D181.3EC9,ou=people,o=@!5A93.7304.2063.3638!0001!8ACD.E61C,o=gluu', authenticationTime=Tue Jan 09 20:15:03 UTC 2018, state=authenticated, sessionState='5e0c9372-9d5d-4dc6-a3e1-89c363b6fce9', permissionGranted=null, isJwt=false, jwt=null, permissionGrantedMap=org.xdi.oxauth.model.common.SessionIdAccessMap@8f61c90, involvedClients=null, sessionAttributes={auth_step=1, acr=gplus, remote_ip=4.14.111.233, auth_user=itayl@xxx.com, scope=openid email, response_type=code, redirect_uri=https://oauth-redirect.googleusercontent.com/r/my-notebook-babfd, state=ADK7bBPLnEAlxhdWYv5zlSbHtzf61pmqUo9SmUIvuXs4wwUdqOZRm6lWJDNZmhGvEHr-oyHhDUdxNIMMLU-2oaJf07jsl0DKv1NmqyuuVI0sW9OGdZ8gmUP5wjmNtfVnmkuPOgDhl9F9MCj9djpzZmubtKQvFrLPbtKG7XhaXEKZDcOufZflb1lTV5NUYznWCbfbTFu9u7nsIyeQR-BpWvQJF-8va8yzXFXZdSb8VbZj4uX4cbGryx5NfgkMeqtOAmxz2QRTM-FkVtah6RCPDAxiaUlAworUmlcwOBtWsw8QhuE78GVO_LAdloI_sMChJQmz4cqdi8zqAajYQK3LWePNKoe2VVYPTCgawSByvJf3CnmpVD482qHX-4_IXYKsG09bcc6mUw9r-geI1aojf4E9G2P0TqszAQw_pVyx58UvtY9JZTMT25ulguAuFHdQHBXYCw9bVqDErjQ9kKnSfRgQRVMIyQcTjCx1sID-IXhmM3YNIO8aI3APk0ksxttjsgvdjna5k8SyQHmZvAGtP4dhw4Ca4HrsqrYughkC-wsViMTWeHMEBAYbnMG121YOFEHNX2cviU0ylBg67WMSjeKvXDhb-t92FVa-b4rtnanLQQVDTGhiaze4BxnGWAUJ_5CxfxswwRxhq2f2v12M7Oje6d5la9V2Jg, client_id=@!5A93.7304.2063.3638!0001!8ACD.E61C!0008!24B8.1FF4.D526.FB07}, persisted=true} 2018-01-09 20:15:03,279 INFO [qtp1484531981-21] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:522) - Attempting to redirect user: User: org.xdi.oxauth.model.common.User@28999f23 2018-01-09 20:15:03,280 INFO [qtp1484531981-21] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:342) - Authentication success for User: 'itayl@xxxxx.com' ``` Any insights from your end on this? (I masked my email address)

> Any insights from your end on this? Nope. My goal is: "Reproduce the issue you are getting". To do that i need all relevant information. To recap: "You are developing an service than extends Google actions and as google actions have a feature call Accounts linking that need Auth2 server, you have use Gluu for that purpose". Please note that all information provide till now isn't enough the reproduce your issue. I have setup a basic application that extends Google actions on Google CP. Now to configure "Accounts linking' on that project i need the link to the specific documentation you have use to setup OpenID client on Gluu server. Please kindly provide all information you thing can help reproduce that issue.

Hi Thomas, I basically used "[https://gluu.org/docs/ce/admin-guide/openid-connect/](https://gluu.org/docs/ce/admin-guide/openid-connect/)" To setup the client and used that information to place in the account linking page. I also used this: [https://developers.google.com/actions/identity/oauth2-code-flow ](https://developers.google.com/actions/identity/oauth2-code-flow)To make sure I configure things correctly.

HI Thomas, What other info do you need from me? Also who is responsible for which token URL will be called? Is it the client-end (Google in this case) or the gluu server?

Just used another service to test the server and got this out of the log, maybe it points to something? ``` 2018-01-11 08:29:20,708 INFO [qtp1484531981-20] [org.xdi.oxauth.service.SessionIdService] (SessionIdService.java:127) - Acr is changed. Session acr: gplus(level: 40), current acr: gplus passport(level: null) 2018-01-11 08:29:20,710 ERROR [qtp1484531981-20] [org.xdi.oxauth.exception.GlobalExceptionHandler] (GlobalExceptionHandler.java:45) - #{authorizeAction.checkPermissionGranted}: java.lang.NullPointerException javax.faces.FacesException: #{authorizeAction.checkPermissionGranted}: java.lang.NullPointerException at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:89) ~[jsf-impl-2.2.14.jar:2.2.14] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.2.14.jar:2.2.14] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [jsf-api-2.2.14.jar:2.2] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.ocpsoft.rewrite.servlet.impl.HttpRewriteResultHandler.handleResult(HttpRewriteResultHandler.java:42) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.ocpsoft.rewrite.servlet.RewriteFilter.rewrite(RewriteFilter.java:297) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:198) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] Caused by: javax.faces.FacesException: #{authorizeAction.checkPermissionGranted}: java.lang.NullPointerException at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118) ~[jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.UIViewAction.broadcast(UIViewAction.java:562) ~[jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) ~[jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) ~[jsf-api-2.2.14.jar:2.2] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) ~[jsf-impl-2.2.14.jar:2.2.14] ... 48 more Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:101) ~[jsf-api-2.2.14.jar:2.2] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) ~[jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.UIViewAction.broadcast(UIViewAction.java:562) ~[jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) ~[jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) ~[jsf-api-2.2.14.jar:2.2] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) ~[jsf-impl-2.2.14.jar:2.2.14] ... 48 more Caused by: java.lang.NullPointerException at org.xdi.oxauth.service.SessionIdService.assertAuthenticatedSessionCorrespondsToNewRequest(SessionIdService.java:129) ~[classes/:?] at org.xdi.oxauth.authorize.ws.rs.AuthorizeAction.checkPermissionGranted(AuthorizeAction.java:196) ~[classes/:?] at sun.reflect.GeneratedMethodAccessor296.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) ~[org.mortbay.jasper.apache-el-8.0.33.jar:8.0.33] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) ~[org.mortbay.jasper.apache-el-8.0.33.jar:8.0.33] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) ~[weld-web-3.0.0.Final.jar:3.0.0.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) ~[weld-web-3.0.0.Final.jar:3.0.0.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) ~[jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) ~[jsf-api-2.2.14.jar:2.2] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) ~[jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.UIViewAction.broadcast(UIViewAction.java:562) ~[jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) ~[jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) ~[jsf-api-2.2.14.jar:2.2] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) ~[jsf-impl-2.2.14.jar:2.2.14] ... 48 more ```

Itay, I'm not sure we can continue to assist with this ticket... it's a large effort to reproduce your settings. In order to assist, we would need you to be using one of the client software platforms identified in our [SSO guide](https://gluu.org/docs/ce/integration/). I'm closing this ticket out for now. If you really need additional assistance with this, I would recommend that you consider purchasing a [support contract](https://gluu.org/pricing). Thanks, Will

Hi Will I totally understand. I do however have one question that will help me take it from here by my own. Who is responsible for which token URL will be called? Is it the client-end (Google in this case) or the gluu server?

Please list out all the tokens you a referring to.. In general, I think more research of the [OpenID Connect core spec](http://openid.net/specs/openid-connect-core-1_0.html) would be very helpful.

Hi, Itay. >Who is responsible for which token URL will be called? Your Gluu instance will publish OIDC metadata at url like `https://host.name/.well-known/openid-configuration` It will contain locations of all endpoints it offers. Your RP is expected to check it and learn what url to use for each of them. In some cases you may need to set them all manually at RP.