Issue with ThumbSignIn

By: Jeffrey Krug user 07 Dec 2018 at 6:42 p.m. CST

6 Responses
Jeffrey Krug gravatar
## Preface - I am in part following the directions at https://gluu.org/docs/ce/3.1.3/authn-guide/thumbsignin/ - There is no version of this page for 3.1.4, although it appears some of the steps listed at the above link are now included in 3.1.4 by default. - My issues may just relate to a need for updated instructions specific to 3.1.4 that take into account what is shipped with it and what is not. ## Description of my setup I believe steps 1 & 2 are not necessary for 3.1.4 as they are included in the release. I performed step 3. After registering with ThumbSignin to get my API id/key, I configured the plugin and got it to run without any errors. ## Problem When I try to login with it though, I briefly see an updated login page at this URL (https://fido.nief.org/oxauth/auth/thumbsignin/tsLogin.htm) although it never appears long enough to ascertain whether the page is working (I have never seen a QR code appear and I imagine that is expected). I quickly get a redirect to (https://fido.nief.org/oxauth/auth/thumbsignin/expired?rpId=). This generates a 404: > Problem accessing /oxauth/auth/thumbsignin/expired. Reason: > > Not Found > > Powered by Jetty:// 9.4.12.v20180830 generates a 494 about That made me think it was related to step 1 that I skipped, but if so I am not sure. When I do a find on the server to verify the presence of expired.xhtml I do see it: ``` [root@fido gluu-server-3.1.4]# pwd /opt/gluu-server-3.1.4 [root@fido gluu-server-3.1.4]# find . -name expired.xhtml ./opt/jetty-9.4/temp/jetty-localhost-8081-oxauth.war-_oxauth-any-2115918240680704873.dir/webapp/auth/thumbsignin/expired.xhtml ``` I suspect the 404 is a completely different error from the initial error, but I could be wrong. The error from the logfile makes me think there is some data that is missing from the jython script: ``` 2018-12-07 19:36:06,512 INFO [qtp985655350-12] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - ThumbSignIn. Inside getPageForStep. Step 1 2018-12-07 19:36:06,529 INFO [qtp985655350-17] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - ThumbSignIn. Inside prepareForStep. Step 1 2018-12-07 19:36:06,534 INFO [qtp985655350-17] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - ThumbSignIn. Inside setRelyingPartyLoginUrl... 2018-12-07 19:36:06,534 INFO [qtp985655350-17] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - ThumbSignIn. Value of state JWT token Payload is {"state":"7NGFLaDIKL","conversation":"e1s1"} 2018-12-07 19:36:06,535 ERROR [qtp985655350-17] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:232) - JSONObject["additional_claims"] not found. org.json.JSONException: JSONObject["additional_claims"] not found. at org.json.JSONObject.get(JSONObject.java:520) ~[thumbsignin-java-sdk.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:188) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:206) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyObject.__call__(PyObject.java:497) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyObject.__call__(PyObject.java:501) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyMethod.__call__(PyMethod.java:141) ~[jython-standalone-2.7.1.jar:?] at org.python.pycode._pyx0.setRelyingPartyLoginUrl$8(thumb_sign_in.py:87) ~[?:?] at org.python.pycode._pyx0.call_function(thumb_sign_in.py) ~[?:?] at org.python.core.PyTableCode.call(PyTableCode.java:171) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyBaseCode.call(PyBaseCode.java:154) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyFunction.__call__(PyFunction.java:423) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyMethod.__call__(PyMethod.java:141) ~[jython-standalone-2.7.1.jar:?] at org.python.pycode._pyx0.prepareForStep$9(thumb_sign_in.py:178) ~[?:?] at org.python.pycode._pyx0.call_function(thumb_sign_in.py) ~[?:?] at org.python.core.PyTableCode.call(PyTableCode.java:171) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyBaseCode.call(PyBaseCode.java:308) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyBaseCode.call(PyBaseCode.java:199) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyFunction.__call__(PyFunction.java:482) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyMethod.__call__(PyMethod.java:228) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyMethod.__call__(PyMethod.java:218) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyMethod.__call__(PyMethod.java:213) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyObject._jcallexc(PyObject.java:3644) ~[jython-standalone-2.7.1.jar:?] at org.python.core.PyObject._jcall(PyObject.java:3676) ~[jython-standalone-2.7.1.jar:?] at org.python.proxies.__builtin__$PersonAuthentication$0.prepareForStep(Unknown Source) ~[?:?] at org.xdi.oxauth.service.external.ExternalAuthenticationService.executeExternalPrepareForStep(ExternalAuthenticationService.java:230) [classes/:?] at org.xdi.oxauth.service.external.ExternalAuthenticationService$Proxy$_$$_WeldClientProxy.executeExternalPrepareForStep(Unknown Source) [classes/:?] at org.xdi.oxauth.auth.Authenticator.prepareAuthenticationForStepImpl(Authenticator.java:632) [classes/:?] at org.xdi.oxauth.auth.Authenticator.prepareAuthenticationForStep(Authenticator.java:524) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.5.24.2.jar:8.5.24] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.5.24.2.jar:8.5.24] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.0.5.Final.jar:3.0.5.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewAction.broadcast(UIViewAction.java:562) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.16.jar:2.2.16] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] ```
CentOS 7.5
closed

Answers

By Mohib Zico staff 08 Dec 2018 at 2:25 a.m. CST

Copy
Mohib Zico gravatar
Hi Jeffrey, Please allow us to check the status. Will get back to you with results and findings...

By Jeffrey Krug user 10 Dec 2018 at 10:57 a.m. CST

Copy
Jeffrey Krug gravatar
I was looking at this some more, and it's clear the error above is created at line 68 of the jython script. Based on the printed message right before the line triggering the error, the json object 'additional_claims' is not set. Not sure how to further try and debug this.

By Jeffrey Krug user 11 Dec 2018 at 12:18 p.m. CST

Copy
Jeffrey Krug gravatar
I consulted with the ThumbSignIn team and they agreed that some things have changed in 3.1.4. They provided an updated jython script that allowed things to get much further along in the authentication process but it still fails. Their latest script is available in github: https://github.com/Thumbsignin/ThumbSignIn_JythonScript/blob/master/thumbsignin/ThumbSignInExternalAuthenticator.py Now after successfully authenticating the Gluu server is producing a 404 on this URL (https://fido.nief.org/oxauth/postlogin) with no errors found in server logs.

By Mohib Zico staff 11 Dec 2018 at 12:35 p.m. CST

Copy
Mohib Zico gravatar
Hi Jeffrey, Thanks for the info. I'll jump into this issue as soon as I can manage some time; too much busy with customer's issue atm. Thanks in advance for your patience!

By Naveen Kumar Gopi user 12 Dec 2018 at 10:20 a.m. CST

Copy
Naveen Kumar Gopi gravatar
Hi, We have made the necassary changes in both ThumbSignIn Jython script and custom pages to fix the issues we found in Gluu v3.1.4. I have raised the below pull request to push all the latest ThumbSignIn changes into Gluu public repository. https://github.com/GluuFederation/oxAuth/pull/963 Thanks, Naveen

By Mohib Zico staff 13 Dec 2018 at 2:04 a.m. CST

Copy
Mohib Zico gravatar
Thanks much for taking the initiative, Naveen. I forwarded your pull request to our Dev team.

Post an answer