Super Gluu Enrollment failing multiple remote IP addresses

By: Ben Gadsden user 03 Sep 2019 at 3:58 a.m. CDT

2 Responses
Ben Gadsden gravatar
I have setup a Gluu server which is behind an Nginx Reverse Proxy. I installed Super Gluu and I am unable to enroll any devices - I am testing on both an iPhone and Android. It appears to be an issue with the Super Gluu configuration picking up the client IP (remote IP) and also the local IP address of the Nginx server (private IP). I have tried numerous configuration changes on Nginx with the X-Forwarded-For headers and remote_addr etc but I cannot get it to work. Error as follows; 2019-09-03 16:34:42,830 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:171) - Executing python 'authenticate' authenticator method 2019-09-03 16:34:42,831 INFO [qtp1094834071-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Authenticate for step 1 2019-09-03 16:34:42,914 INFO [qtp1094834071-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Authenticate for step 1. There is no U2F 'user.name@xx.xx.com' user devices associated with application 'https://idp.xx.xx.com/identity/authentication/getauthcode'. Changing auth_method to 'enroll' 2019-09-03 16:34:42,914 INFO [qtp1094834071-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Authenticate for step 1. auth_method: 'enroll' 2019-09-03 16:34:42,915 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:269) - Executing python 'getApiVersion' authenticator method 2019-09-03 16:34:42,915 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:185) - Executing python 'getNextStep' authenticator method 2019-09-03 16:34:42,915 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:241) - Executing python 'getExtraParametersForStep' authenticator method 2019-09-03 16:34:42,915 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:157) - Executing python 'getCountAuthenticationSteps' authenticator method 2019-09-03 16:34:42,916 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:255) - Executing python 'getPageForStep' authenticator method 2019-09-03 16:34:42,916 INFO [qtp1094834071-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. authmethod 'enroll' 2019-09-03 16:34:42,916 DEBUG [qtp1094834071-14] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:241) - Executing python 'getExtraParametersForStep' authenticator method 2019-09-03 16:34:42,982 DEBUG [qtp1094834071-10] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:362) - Validating acr_values: 'super_gluu' 2019-09-03 16:34:42,982 DEBUG [qtp1094834071-10] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:129) - Executing python 'isValidAuthenticationMethod' authenticator method 2019-09-03 16:34:42,982 DEBUG [qtp1094834071-10] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:227) - Executing python 'prepareForStep' authenticator method 2019-09-03 16:34:42,983 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Prepare for step 2 2019-09-03 16:34:42,988 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Prepare for step 2. auth_method: 'enroll' 2019-09-03 16:34:42,988 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Prepare for step 2. Adding req_ip and req_loc to super_gluu_request 2019-09-03 16:34:42,988 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Determine remote location. remote_ip: '49.xx.xx.1, 172.16.1.1' 2019-09-03 16:34:42,989 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Determine remote location. Exception: 2019-09-03 16:34:42,989 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - java.lang.IllegalArgumentException: Illegal character in path at index 37: http://ip-api.com/json/49.xx.xx.1, 172.16.1.1?fields=49177 2019-09-03 16:34:42,989 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '49.xx.xx.1, 172.16.1.1' 2019-09-03 16:34:42,989 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Super-Gluu. Prepare for step 2. Prepared super_gluu_request: 2019-09-03 16:34:42,989 INFO [qtp1094834071-10] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - {"app":"https://idp.xx.xx.com/identity/authentication/getauthcode","licensed":false,"method":"enroll","req_ip":"49.xx.xx.1, 172.16.1.1","created":"2019-09-03T16:34:42+10:00","issuer":"https://idp.xx.xx.com","state":"bae101d4-f24e-476b-bb01-d6d874697719","username":"Ben.Gadsden@tr.com.au"} 2019-09-03 16:34:42,989 DEBUG [qtp1094834071-10] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:241) - Executing python 'getExtraParametersForStep' authenticator method 2019-09-03 16:34:48,371 TRACE [oxAuthScheduler_Worker-4] [org.xdi.service.custom.script.CustomScriptManager] (CustomScriptManager.java:127) - Last finished time '2019-09-03T16:34:48.371+1000' 2019-09-03 16:35:18,371 TRACE [oxAuthScheduler_Worker-3] [org.xdi.service.custom.script.CustomScriptManager] (CustomScriptManager.java:127) - Last finished time '2019-09-03T16:35:18.371+1000' I am able to send through only the private IP by itself but it still fails. Any help would be very much appreciated! Cheers, Ben
CentOS 7.6
closed

Answers

By Dzouato Djeumen Rolain Bonaventure staff 04 Oct 2019 at 1:07 p.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Ben, Let me look into this for you.

By Dzouato Djeumen Rolain Bonaventure staff 05 Nov 2019 at 1:52 p.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Ben, The IP Address isn't used to push data to the device. It's just used to determine the geolocation of the user. It may fail , but it should still work. 1. During enrollment , can you scan the QR code ? 2. Do you receive any form of error message on your phones when you scan the QR code ? Thanks for your input and patience.

Post an answer