No login page from Gluu

By: Quentin Paillard user 15 Feb 2019 at 5:35 a.m. CST

3 Responses
Quentin Paillard gravatar
Hello, I'm new to OpenID Connect and I'm just starting to focus on Gluu. My goal is to restrict access to a web service using OpenID. I followed some documentation and examples on internet. So, I was able to set up the service on a remote server (CentOS), the installation went well. On the client side, I mounted a second server with the apache module "mod_auth_openidc" and some files for the web site. When I connect to the apache site, there is an exchange with the Gluu server and I get a token. But I was expecting a page asking to authenticate before recovering the token ... Is it a configuration problem? Have I misunderstood something? I'm a little confused with the OIDCRedirectURI too. Thanks in advance for the help :) My client details ; - **Name:** mod_auth_oidc - **Description:** Test client to test mod_auth_oidc - **Client ID:** @!8A81.0193.7306.001E!0001!BEFD.6F42!0008!C72A.7C68.E5AA.2ED8 - **Subject Type:** public - **Expirattion date:** Tue Feb 14 00:00:00 CET 2119 - **ClientSecret:** XXXXXXXXXXX - **Application Type:** web - **Persist Client Authorizations:** false - **Pre-Authorization:** true - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Login Redirect URIs:** [https://<RP_URL>/callback] - **Scopes:** [email, openid, profile] - **Grant types:** [authorization_code] - **Response types:** [code] virtual host from Web Site : ``` <VirtualHost *:443> ServerName <RP_URL> DocumentRoot "/var/www/html" OIDCProviderMetadataURL https://<OP_URL>/.well-known/openid-configuration OIDCClientID @!8A81.0193.7306.001E!0001!BEFD.6F42!0008!C72A.7C68.E5AA.2ED8 OIDCClientSecret SECRET OIDCResponseType code OIDCProviderTokenEndpointAuth client_secret_basic OIDCSSLValidateServer Off OIDCProviderIssuer https://<OP_URL> OIDCRedirectURI https://<RP_URL>/callback OIDCCryptoPassphrase SOMETHING <Location "/" > Require valid-user AuthType openid-connect </Location> ErrorLog path/to/log CustomLog /path/to/log combined SSLEngine on SSLCertificateFile /path/to/crt SSLCertificateKeyFile /path/to/key </VirtualHost> ```
CentOS 7.6
closed

Answers

By William Lowe user 15 Feb 2019 at 5:42 a.m. CST

Copy
William Lowe gravatar
> But I was expecting a page asking to authenticate before recovering the token ... > Are you logged into your Gluu Server when testing? If you already have a session in the Gluu Server, it will bypass authentication, i.e. single sign-on (SSO). Make sure you are logged out and then test. The redirect to the authorization endpoint will prompt for login.

By Quentin Paillard user 15 Feb 2019 at 6:10 a.m. CST

Copy
Quentin Paillard gravatar
I feel so ashamed about this ... You are right, i was still logged in on a toher tab to the Gluu page. Seems to be better now, i'll continue my research on Gluu :) Thanks for the help

By William Lowe user 15 Feb 2019 at 6:13 a.m. CST

Copy
William Lowe gravatar
Haha you're complaining about a core product feature *working*!! That's a first :) Best of luck with your continued testing.

Post an answer