Hi Floris, Because you are using oxd-server, could you please let me know how you registered the client manually . oxd server has its own database. So when you register any client using oxd-server it will store Client details in oxd-server db. As you are registering client manually , not sure how you stored the details in oxd-server. Kind Regards, Jajati

I create a configuration json file with a unique oxdId, put it in the migration folder and then I restart the OXD-server. In the logs I can then see a message like: RP created successfully. RP : Rp{oxdId='a4573e2f-2b82-4e8b-a9ca-7f00bartez13', opHost='https://oidc.surfconext.nl', ... etc The client seems to be functioning correctly, because I can see requests being made to the correct OP endpoints. Extra information from our OP provider logs: Feb 14 16:35:35 oidc Apache-oidc: 145.101.112.195 - - [14/Feb/2018:16:35:35 +0100] "POST /token HTTP/1.1" 200 1397 "-" "Apache-HttpClient/4.2.3 (java 1.5)" "83.96.202.201" Feb 14 16:35:35 oidc Apache-oidc: 145.101.112.195 - - [14/Feb/2018:16:35:35 +0100] "GET /userinfo HTTP/1.1" 401 102 "-" "Apache-HttpClient/4.2.3 (java 1.5)" "83.96.202.201" First call should provide an id-token and access_token Second call: OXD-client makes request to userinfo-endpoint, but is not using the correct access token, hence it does not receive user info and server returns a 401.

Hi Floris, We are trying reproduce this issue using the same steps you have mentioned.I understand this is urgent for you. I will get back to you asap. Also if possible we will modify the plugin for your requirement. Kind Regards, Jajati

Thanks a lot! Our OP provider has the following testing environment, which could help you reproduce the problem: https://authz-playground.surfconext.nl/?modus=oidc I could provide you with the client ID en secret, but not in a public ticket thread. If you think it is helpful, let me know how I can send you our client credentials and the correct settings for this testing tool...

Hi Floris, Do you know if the OP you are testing against is fully compliant with the OpenID Connect spec? I don't see Surf listed on the [OpenID Provider certification list](https://openid.net/certification/). Thanks, Will

Hi Floris , You can email me the Client Id and Client secret at jajati@centroxy.com and Also send me oxd-conf json WITHOUT your license details. Kind Regards, Jajati

I have sent you the info by e-mail. Thanks in advance!

PS. see this link for documentation on the OP Provider. https://wiki.surfnet.nl/display/surfconextdev/Documentation+for+Service+Providers @William Lowe: FYI: Our OP provider is a national educational service for higher education. I will ask them if they can apply for the certification list.

Thanks for the updated version of the Wordpress plugin. I was able to use manual setup to successfully register the OpenID client. However, when I start the authentication flow, it halts on the following error (I've sent more complete logs and additional info via e-mail to Jajati Badu...) ERROR [org.xdi.oxd.server.service.UmaTokenService] Token is blank in response, site: Rp{oxdId='a4fb1ff1-d692-440d-8128-c7bbf12e66e6', opHost='https://oidc.surfconext.nl', opDiscoveryPath='null', idToken='null', accessToken='null', authorizationRedirectUri='https://surf.leerpodium.nl/login/index.php?option=oxdOpenId', postLogoutRedirectUri='https://surf.leerpodium.nl/login/index.php?option=allLogout', applicationType='web', redirectUris=[https://surf.leerpodium.nl/login/index.php?option=oxdOpenId], claimsRedirectUri=[], responseTypes=[code], clientId='XXXXXXXXXX', clientSecret='XXXXXXXXXX', clientRegistrationAccessToken='null', clientRegistrationClientUri='null', clientIdIssuedAt=null, clientSecretExpiresAt=null, clientName='null', sectorIdentifierUri='null', clientJwksUri='', setupOxdId='null', setupClientId='null', scope=[openid, address, email, profile, phone], uiLocales=[en], claimsLocales=[en], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[], userId='null', userSecret='null', pat='null', patExpiresIn=0, patCreatedAt=null, patRefreshToken='null', umaProtectedResources=[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt=null, rptCreatedAt=null, rptUpgraded=null, oxdRpProgrammingLanguage=null} ERROR [org.xdi.oxd.server.Processor] Failed to obtain PAT. java.lang.RuntimeException: Failed to obtain PAT. at org.xdi.oxd.server.service.UmaTokenService.obtainTokenWithClientCredentials(UmaTokenService.java:209) at org.xdi.oxd.server.service.UmaTokenService.obtainToken(UmaTokenService.java:168) at org.xdi.oxd.server.service.UmaTokenService.obtainPat(UmaTokenService.java:150) at org.xdi.oxd.server.service.UmaTokenService.getPat(UmaTokenService.java:145) at org.xdi.oxd.server.service.ValidationService.introspect(ValidationService.java:136) at org.xdi.oxd.server.service.ValidationService.validate(ValidationService.java:108) at org.xdi.oxd.server.service.ValidationService.validate(ValidationService.java:51) at org.xdi.oxd.server.Processor.process(Processor.java:74) at org.xdi.oxd.server.Processor.process(Processor.java:51) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:55) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2018-02-18 15:51:37,815 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","details":null,"error_description":"Unknown internal server error occurs."}}

Hi Floris, We have tested the plugin in our systems and it is working fine with No error. I will go though the log file you have sent and get back to you. Kind Regards, Jajati

You mean it is working as expected with php7.0 and Ubuntu Linux 16.04 so we can rule out php / kernel versions?

Closing this ticket as Floris Managed to solve this using another method.