gluu-radius authentication

By: Hamdi Bahrini user 17 Oct 2019 at 9:33 a.m. CDT

23 Responses
Hamdi Bahrini gravatar
hi community, I installed version 4.0 of the gluu (beta) server on a centOS 7 virtual machine to test gluu-radius. I made all the configurations but when I send an authentication request I get "Access-Reject" knowing that I already created a test user in the Gluu server under "Manage People". The configuration i did: /etc/raddb/server ``` #server shared_secret timeout 192.168.56.7 test789 4 ``` /etc/ssh/sshd_config ``` UsePam yes ``` /etc/pam.d/sshd ``` auth required pam_sepermit.so # I added the next line auth required pam_radius_auth.so # I commented the next one #auth substack password-auth auth include postlogin ``` The authentication request: ``` radtest testuser Passw0rd 192.168.56.7 0 test789 Sent Access-Request Id 103 from 0.0.0.0:58668 to 192.168.56.7:1812 length 78 User-Name = "testuser" User-Password = "Passw0rd" NAS-IP-Address = 192.168.56.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Passw0rd" Received Access-Reject Id 103 from 192.168.56.7:1812 to 0.0.0.0:0 length 20 (0) -: Expected Access-Accept got Access-Reject ``` the gluu-radius log file: /opt/gluu/radius/logs/gluu-radius.log ``` [INFO ] 2019-10-17 10:16:57.032 [Radius Auth Listener] GluuRadiusServer - Client ip: 192.168.56.2 [INFO ] 2019-10-17 10:16:57.043 [Radius Auth Listener] RadiusServer - received packet from /192.168.56.2:58668 on local address 0.0.0.0/0.0.0.0:1812: Access-Request, ID 103 User-Name: testuser User-Password: 0x5061737377307264 NAS-IP-Address: 192.168.56.2 NAS-Port: 0 Message-Authenticator: 0x65a58759cd8080248e4fc16465ecf138 [INFO ] 2019-10-17 10:16:57.237 [Radius Auth Listener] RadiusServer - send response: Access-Reject, ID 103 ```
CentOS 7.0
closed

Answers

By Dzouato Djeumen Rolain Bonaventure staff 18 Oct 2019 at 5:47 a.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello, Please can you open the file `/etc/gluu/conf/radius/gluu-radius-logging.xml` and change `<Root level="INFO">` to `<Root level="DEBUG">` , restart the `gluu-radius` service then try to authenticate and provide us with the logs ? Thanks.

By Hamdi Bahrini user 18 Oct 2019 at 11:16 p.m. CDT

Copy
Hamdi Bahrini gravatar
Hi Rolain, Thank you in advance ``` [DEBUG] 2019-10-19 00:10:00.436 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-19 00:10:00.438 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-19 00:10:02.438 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-19 00:10:02.439 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-19 00:10:04.443 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-19 00:10:04.443 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-19 00:10:04.493 [Radius Auth Listener] RadiusServer - receive buffer size = 106496 [DEBUG] 2019-10-19 00:10:04.503 [Radius Auth Listener] DurationUtil - LDAP operation: search, duration: PT0.008S, dn: ou=radius_clients,o=gluu, filter: (&(&(objectClass=oxRadiusClient))(oxRadiusClientIpAddress=*)), scope: SUB, batchOperationWraper: org.gluu.persist.ldap.impl.LdapBatchOperationWraper@272fef60, start: 0, searchLimit: 0, count: 0, controls: null, attributes: [oxRadiusClientSortPriority, oxRadiusClientIpAddress, oxRadiusClientSecret, inum, oxRadiusClientName] [DEBUG] 2019-10-19 00:10:04.504 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [c4c488e5-d67d-4501-9844-59b1168b489b] [DEBUG] 2019-10-19 00:10:04.504 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [192.168.56.2] [DEBUG] 2019-10-19 00:10:04.504 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [proxy-radius] [DEBUG] 2019-10-19 00:10:04.505 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2019-10-19 00:10:04.505 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [U1eeujF9ofs=] [INFO ] 2019-10-19 00:10:04.506 [Radius Auth Listener] GluuRadiusServer - Client ip: 192.168.56.2 [INFO ] 2019-10-19 00:10:04.507 [Radius Auth Listener] RadiusServer - received packet from /192.168.56.2:47300 on local address 0.0.0.0/0.0.0.0:1812: Access-Request, ID 161 User-Name: testuser User-Password: 0x5061737377307264 NAS-IP-Address: 192.168.56.2 NAS-Port: 0 Message-Authenticator: 0x8e884dc7311c28d86630b85290c520cf [DEBUG] 2019-10-19 00:10:04.510 [Radius Auth Listener] SuperGluuAccessRequestFilter - Performing two-step authentication for user {testuser} [DEBUG] 2019-10-19 00:10:04.596 [Radius Auth Listener] RequestAddCookies - CookieSpec selected: default [DEBUG] 2019-10-19 00:10:04.597 [Radius Auth Listener] RequestAuthCache - Auth cache not set in the context [DEBUG] 2019-10-19 00:10:04.598 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2019-10-19 00:10:04.598 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection leased: [id: 1][route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2019-10-19 00:10:04.598 [Radius Auth Listener] MainClientExec - Opening connection {s}->https://gluu.server.test.loc:443 [DEBUG] 2019-10-19 00:10:04.599 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connecting to gluu.server.test.loc/192.168.56.7:443 [DEBUG] 2019-10-19 00:10:04.599 [Radius Auth Listener] SSLConnectionSocketFactory - Connecting socket to gluu.server.test.loc/192.168.56.7:443 with timeout 0 [DEBUG] 2019-10-19 00:10:04.601 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2] [DEBUG] 2019-10-19 00:10:04.602 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] [DEBUG] 2019-10-19 00:10:04.602 [Radius Auth Listener] SSLConnectionSocketFactory - Starting handshake [DEBUG] 2019-10-19 00:10:04.625 [Radius Auth Listener] SSLConnectionSocketFactory - Secure session established [DEBUG] 2019-10-19 00:10:04.625 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 [DEBUG] 2019-10-19 00:10:04.625 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [DEBUG] 2019-10-19 00:10:04.625 [Radius Auth Listener] SSLConnectionSocketFactory - peer principal: EMAILADDRESS=bahrini.hamdi@gmail.com, CN=gluu.server.test.loc, O=hamdi, L=montreal, ST=qc, C=ca [DEBUG] 2019-10-19 00:10:04.625 [Radius Auth Listener] SSLConnectionSocketFactory - issuer principal: EMAILADDRESS=bahrini.hamdi@gmail.com, CN=gluu.server.test.loc, O=hamdi, L=montreal, ST=qc, C=ca [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connection established 192.168.56.7:33182<->192.168.56.7:443 [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] MainClientExec - Executing request POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] MainClientExec - Target auth state: UNCHALLENGED [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] MainClientExec - Proxy auth state: UNCHALLENGED [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> Content-Type: application/x-www-form-urlencoded [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> Content-Length: 1094 [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> Host: gluu.server.test.loc [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> Connection: Keep-Alive [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_222) [DEBUG] 2019-10-19 00:10:04.626 [Radius Auth Listener] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "POST /oxauth/restv1/token HTTP/1.1[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "Content-Length: 1094[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "Host: gluu.server.test.loc[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_222)[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]" [DEBUG] 2019-10-19 00:10:04.627 [Radius Auth Listener] wire - http-outgoing-1 >> "[\r][\n]" [DEBUG] 2019-10-19 00:10:04.628 [Radius Auth Listener] wire - http-outgoing-1 >> "__step=initiate_auth&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&__remote_ip=192.168.56.2&__password=Passw0rd&grant_type=password&scope=openid+super_gluu_ro_session&acr_values=super_gluu_ro&client_assertion=eyJraWQiOiJmODM1NWU3ZS0yMjU4LTQ0NTMtYTBjZS04YjkzNWExNWI3Zjlfc2lnX3JzNTEyIiwidHlwIjoiSldUIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJiYjI3YjY1ZC04N2Y2LTRiMTUtYTNlMS1hZTA1NGFjYTNkYjciLCJhdWQiOiJodHRwczovL2dsdXUuc2VydmVyLnRlc3QubG9jL294YXV0aC9yZXN0djEvdG9rZW4iLCJpc3MiOiJiYjI3YjY1ZC04N2Y2LTRiMTUtYTNlMS1hZTA1NGFjYTNkYjciLCJleHAiOjE1NzE0NTg1MDQsImlhdCI6MTU3MTQ1ODIwNCwianRpIjoiZTlkMzRhZTEtOWEzZi00ZjgzLTllZWYtMjViYjgzNzk0YzJmIn0.CmX0dob9VtR180RSSa2OVatNNgGjFyzuGivVE-4bcFvuTUr0VyYGTe-OGZsI9N29C6stpBZXFy4s7m2HIm-dnHY--bigKJ0TxvVxAmTmCEaeOMmrp8rV7SzAwQyTOymd7Lix2KhHmF_1OQHnAQUAtKy5oLkPuG5tvzxdkvdA9C4au-_mTcwVUWn2bGWK5dSm-notcIPVEPgMq7pnOwZ7GkY43BfEVoETd3xm4UBHRzIjBmvFEuTwxGbf_uUtqhXCwjai38wmhfnYxvT6Ejr2uprL-Q3RjAYw4GuoeU4ReO7Zy4-d6SZ-cShOkxCqowSEo6f_HziT4t-Vbxn3EBLvdg&__auth_scheme=twostep&client_id=bb27b65d-87f6-4b15-a3e1-ae054aca3db7&username=testuser" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "HTTP/1.1 401 Unauthorized[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "Date: Sat, 19 Oct 2019 04:10:04 GMT[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "Server: Apache[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "WWW-Authenticate: Basic realm="oxAuth"[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "Content-Type: application/json;charset=iso-8859-1[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "Content-Length: 628[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "Connection: close[\r][\n]" [DEBUG] 2019-10-19 00:10:04.677 [Radius Auth Listener] wire - http-outgoing-1 << "[\r][\n]" [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << HTTP/1.1 401 Unauthorized [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << Date: Sat, 19 Oct 2019 04:10:04 GMT [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << Server: Apache [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << X-Xss-Protection: 1; mode=block [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << X-Content-Type-Options: nosniff [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << WWW-Authenticate: Basic realm="oxAuth" [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << Content-Type: application/json;charset=iso-8859-1 [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << Content-Length: 628 [DEBUG] 2019-10-19 00:10:04.678 [Radius Auth Listener] headers - http-outgoing-1 << Connection: close [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] HttpAuthenticator - Authentication required [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] HttpAuthenticator - gluu.server.test.loc:443 requested authentication [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic] [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available [DEBUG] 2019-10-19 00:10:04.679 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available [DEBUG] 2019-10-19 00:10:04.680 [Radius Auth Listener] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2019-10-19 00:10:04.680 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2019-10-19 00:10:04.680 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2019-10-19 00:10:04.682 [Radius Auth Listener] wire - http-outgoing-1 << "{"reason":"Unable to authenticate client.","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.","error":"invalid_client"}" [DEBUG] 2019-10-19 00:10:04.682 [Radius Auth Listener] DefaultManagedHttpClientConnection - http-outgoing-1: Close connection [DEBUG] 2019-10-19 00:10:04.682 [Radius Auth Listener] MainClientExec - Connection discarded [DEBUG] 2019-10-19 00:10:04.683 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection released: [id: 1][route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2019-10-19 00:10:04.683 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: {"reason":"Unable to authenticate client.","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.","error":"invalid_client"} [DEBUG] 2019-10-19 00:10:04.683 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication failed for user {testuser}. [DEBUG] 2019-10-19 00:10:04.683 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication scheme is neither one-step nor two-step [INFO ] 2019-10-19 00:10:04.684 [Radius Auth Listener] RadiusServer - send response: Access-Reject, ID 161 [DEBUG] 2019-10-19 00:10:06.444 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-19 00:10:06.444 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-19 00:10:08.452 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-19 00:10:08.453 [Thread-7] Runner - Background operations complete ```

By Dzouato Djeumen Rolain Bonaventure staff 19 Oct 2019 at 12:28 a.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Thanks. This is interesting. Can you attach the following: 1. A screenshot of the openid client called `Gluu RO OpenID Client` , specifically the tab called `Encryption/Signing Settings` 2. On that same tab , please paste here the contents of the `JWKS` field. 3. Attach a copy of the file `/etc/certs/gluu-radius.jks` 3. Attach a copy of your `oxauth` logs . Zip or tar the whole `/opt/gluu/jetty/oxauth/logs` directory. I think this is just a client misconfiguration issue. This will help me locate the issue.

By Hamdi Bahrini user 23 Oct 2019 at 10:27 a.m. CDT

Copy
Hamdi Bahrini gravatar
The screenshot of the openid client: ``` https://ibb.co/7C2wmBx ``` The contents of the JWKS field: ``` { "keys": [ { "use": "sig", "e": "AQAB", "kty": "RSA", "alg": "RS256", "n": "zfnK4Ch6SLJp5umZaUlhKrNwPrmluSo-55xFU4lvpWO-rtb_uKjhNac-hMBdVLX1XmPn0gIVm-v2IMdKdHCUjQK2oZkKRUdaJ4XLdYQoyZ6lGLueJbJa8_Iq2Z0K-hQst6UQJFlmxrkY-GKoGKrr7gNfEfhDtL0XukCc3VbZpU1rdyb-4alZ8RVspx-u13k3B1XQhoZiQq7R5uTgFmOGdGwcNtLc3RSq1bUDaBp7D9NDuRWB_Z3yTgr4jSMidVq2A03T0hrm4SPg6-E-13-J8nMPWhhFFymnvAqwrJsT4iJjHhQ1iXowKWUWFokIHo2aUuokV5pDJXYtSteZaq9KbQ", "exp": 1601662776321, "x5c": [ "MIIDBDCCAeygAwIBAgIhAJCAC6MKXXQq70Sfr66Em/kMmi7OCqtDotRAg86rceE4MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkxMDAzMTgxOTI2WhcNMjAxMDAyMTgxOTM2WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfnK4Ch6SLJp5umZaUlhKrNwPrmluSo+55xFU4lvpWO+rtb/uKjhNac+hMBdVLX1XmPn0gIVm+v2IMdKdHCUjQK2oZkKRUdaJ4XLdYQoyZ6lGLueJbJa8/Iq2Z0K+hQst6UQJFlmxrkY+GKoGKrr7gNfEfhDtL0XukCc3VbZpU1rdyb+4alZ8RVspx+u13k3B1XQhoZiQq7R5uTgFmOGdGwcNtLc3RSq1bUDaBp7D9NDuRWB/Z3yTgr4jSMidVq2A03T0hrm4SPg6+E+13+J8nMPWhhFFymnvAqwrJsT4iJjHhQ1iXowKWUWFokIHo2aUuokV5pDJXYtSteZaq9KbQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAAWdWvLT/ggxUQQv1jiSMyQozuZtuITIUs510L0J+s7nSt5wFC7fC2ldJps3TyI4ZI1CtZOifFESGpd1gZzKBouFDbtkf6M5LC51F/VMJF09ewVk0lV2cC4cDvMoWD7rFX7m6WMKCOwIbMe9+daQjs8DF26F/ozTDGxtLslDcyVAEFfnOCgZBAtecox+vj10cxdZtoGzVo1oB3Rnmr6TAFJSl/8PzkIFxgrGKCihdk3AZ8U9Yfpvd86xi6o1/Zujtu8K5YG3+Hbk8cf9a9Lxv8E8wI+l/WGSJ3CRFVBVhjGWAcVHrbnrI6Y2ksUdX+LkBq0dvyqaiHhxQaDnv+TmnbU=" ], "kid": "7cf24227-0693-47b2-a398-46032231695d_sig_rs256" }, { "use": "sig", "e": "AQAB", "kty": "RSA", "alg": "RS384", "n": "ihZcItx9H3JIswXiwBzCIRwjtzywEv_FTjBpmXH_5ca1AbJQwZcJPEEKh6UZTnwru4Zd6ukjf7QLDvyreEWcyxVgv1CqvgBkBxpsj2FFi3xjbL82bIq5E04rbPs7Zafda0N9khDP7EM0QlCoMGn5wspJyZR_apxFrhfcEmx23t5Zh6n-wTS9KDyTri0SccVZHWMdR6pOWMKJ8mMz9_KviFDgiFtdrFXCDTuk0caFshtJZIC0Q3nChORWKqoLLGLJVlXVvl7QLiwsGLEle_7_ab93QmvogQV97VnfRrx5Hd0AfgB4PL3ieMFUZzMWr18oE4PrQo-8tsmljleLznWh6w", "exp": 1601662776321, "x5c": [ "MIIDAzCCAeugAwIBAgIgB5EpdpH9tu8im3bQDlp/XuR1s5VgxuNrDilvwE/rntIwDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTEwMDMxODE5MjdaFw0yMDEwMDIxODE5MzZaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKFlwi3H0fckizBeLAHMIhHCO3PLAS/8VOMGmZcf/lxrUBslDBlwk8QQqHpRlOfCu7hl3q6SN/tAsO/Kt4RZzLFWC/UKq+AGQHGmyPYUWLfGNsvzZsirkTTits+ztlp91rQ32SEM/sQzRCUKgwafnCyknJlH9qnEWuF9wSbHbe3lmHqf7BNL0oPJOuLRJxxVkdYx1Hqk5YwonyYzP38q+IUOCIW12sVcINO6TRxoWyG0lkgLRDecKE5FYqqgssYslWVdW+XtAuLCwYsSV7/v9pv3dCa+iBBX3tWd9GvHkd3QB+AHg8veJ4wVRnMxavXygTg+tCj7y2yaWOV4vOdaHrAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAeuSyrWq+asdvbGqI+YmGJlVfOvqffSdd6pWR6kqUrHI+BdafD8Jedy81F7VgMfGdRN00fWgcYBtNlJkFGQiDB69aLnmtKc0qT8yxnyzOuqdDR3mW1Nrsi+RHpd6t1OgmvqwXRFylJYOGoRubcVHYqS0OZWrp8vr4iXVvcrotB0K3tTe8PO58gu157/O41RiIXO5nw1OefTj/yLRSXjXZOJelLZ9dP/3qWMtkmGZm1GiKiSOX754OBRbeA2ROeMcTRyUyZ1ok/hPs9CcXLOMOS04Vi/Xj5VQpD6IRUY+SIbKlyE6qSf+KCPRqARp9tsdCQkO3r5Ov4m05Mq4NLQYSqQ==" ], "kid": "ac94653a-bd8b-4be3-8dfb-f8b784d024d3_sig_rs384" }, { "use": "sig", "e": "AQAB", "kty": "RSA", "alg": "RS512", "n": "t7G7vBEA844tC3z8NPmavWvmI5AoqO-Gh38FJyhN9sHg5VSa0KSsLskOOG2PJ_v-4gYwIlCKwa8kBv6oc8OtyU0zyEwqGWaHEZrFynKqD08V_Vd7qsoI-yjPcDqvLVNQnUEC8Ev1hLxjlq8_257Bk8kaJIdNY8ELvcI6gHQnSbd_4hxrtzXHcD3_9-heArcs_9NeuCSWbT8PcQ3YKeACTOeNFgqw_Jr0-Ij43tPQ5nL3bHdyLfsg0ZER5ex905RIwHhD-cDLHjba7-yzmrN_t5xUfBLK94TB17Tx0J6hV2c-0TGh36PEnivQuCCBvT69GmRrfL3GdkrA5i2YFSYyLQ", "exp": 1601662776321, "x5c": [ "MIIDAzCCAeugAwIBAgIgSZKAgXNuG+p9B1TbpXHHxbM+DowOPgSBesQ+w2EyG80wDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTEwMDMxODE5MjdaFw0yMDEwMDIxODE5MzZaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3sbu8EQDzji0LfPw0+Zq9a+YjkCio74aHfwUnKE32weDlVJrQpKwuyQ44bY8n+/7iBjAiUIrBryQG/qhzw63JTTPITCoZZocRmsXKcqoPTxX9V3uqygj7KM9wOq8tU1CdQQLwS/WEvGOWrz/bnsGTyRokh01jwQu9wjqAdCdJt3/iHGu3NcdwPf/36F4Ctyz/0164JJZtPw9xDdgp4AJM540WCrD8mvT4iPje09Dmcvdsd3It+yDRkRHl7H3TlEjAeEP5wMseNtrv7LOas3+3nFR8Esr3hMHXtPHQnqFXZz7RMaHfo8SeK9C4IIG9Pr0aZGt8vcZ2SsDmLZgVJjItAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAguw6b/wvO25ZuYkB5GiSrgeyeCzeK68j8ysXQ6FYZfH6f2eKlOY9JsTmrjzcWDS2CnzpHEABDtGnE+iyfNEhikLs4tUO9Zv1rTjV0PDGKMPM6OWmvk/MQDT7SxeddZqEI8Tsi4H5E7D9fK4Mf7YWRXxHSASerX8WSThWgDl2S9vDb4HWfnfeN8nfdBcuqoMtG+OU6UIXbqBOKp22Lrn72osuGmw/NSAaGIpqO3PpDwa5eNyS5K+3DTGRTeZkXH2CNtv1J8UIkvhmQOZ9fbkY7zNeuuzxMiFB5MDesum4xnQAW+toXc8g3ibThKNa5AeHLjJrkd5sGovAFV18eCbK/Q==" ], "kid": "f8355e7e-2258-4453-a0ce-8b935a15b7f9_sig_rs512" }, { "use": "sig", "crv": "P-256", "kty": "EC", "alg": "ES256", "exp": 1601662776321, "x5c": [ "MIIBeDCCAR2gAwIBAgIgA+f9LQo5UqRhFjHuFkeaV6ErT2BBmdcb7g0LWwuprQowCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTEwMDMxODE5MjdaFw0yMDEwMDIxODE5MzZaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASxVAgs7flkESGOPLsbjJrZGkQJ3YIin58CtBUHPDosAeGnioyZ3nsZ+gxykiQpvWCay4H16rhZ9DL4dIV3uDQPoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSQAwRgIhAOf83SPmzQYkrDh5TuleaDoGtG/K6N6F1T4dtdDfyaPzAiEAusVhICs0DBysJmAyemL0t9EXKvUohgmmwUdexqha4ok=" ], "y": "4aeKjJneexn6DHKSJCm9YJrLgfXquFn0Mvh0hXe4NA8", "x": "sVQILO35ZBEhjjy7G4ya2RpECd2CIp-fArQVBzw6LAE", "kid": "2fef95c0-1c80-4f64-9b72-e59918ecfa08_sig_es256" }, { "use": "sig", "crv": "P-384", "kty": "EC", "alg": "ES384", "exp": 1601662776321, "x5c": [ "MIIBtDCCATugAwIBAgIhALLZOBp3jIpTpCdnix03FWTXP33SkioEIK2558aJ3fp7MAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkxMDAzMTgxOTI3WhcNMjAxMDAyMTgxOTM2WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEvnDJqwId643RKv1S3EXySQS2qj2H2pHaBUAvxR8R5yiyTD3E1haLB1tZc8kRelxboaihJ2Oc29vY4vNv2s7FZJg9pF4HOdMfnkWoBYHVbi+HJER7nxCeNCiBaH+VzcXEoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDZwAwZAIwfb4L9fJBxKJYlqqRIwNoXddDLf/17PJXAiIPVxoOe5jtvdYQJHvk5q9+enN8ROzPAjAXrn95AYVj3sQvX5mZ8459HTHUI6bHTsazmMgUdzll+H4HXIhWUDKm2qADa6KgAA0=" ], "y": "oaihJ2Oc29vY4vNv2s7FZJg9pF4HOdMfnkWoBYHVbi-HJER7nxCeNCiBaH-VzcXE", "x": "vnDJqwId643RKv1S3EXySQS2qj2H2pHaBUAvxR8R5yiyTD3E1haLB1tZc8kRelxb", "kid": "555c12de-43fe-4dca-a3e5-25da98774f9d_sig_es384" }, { "use": "sig", "crv": "P-521", "kty": "EC", "alg": "ES512", "exp": 1601662776321, "x5c": [ "MIIB/zCCAWCgAwIBAgIgL9dQRfDHpCxA33LpMYAB2F8JXd8xofseCfZjyV4q2i8wCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTEwMDMxODE5MjdaFw0yMDEwMDIxODE5MzZaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAEaDvb12ZGaxScRLvQo7HlhU5u5jNXXbeGiKoB7EdzKKmPXhtwPEVWIGtDOIjHhsEPR9Ts0nJVINsR1KzUlgx7qsgBs3qUNAtDLC+CizdQLiHEtWMuKKa58Z2mqR/kn4Ej7iu/Ru+nljGKv9Osy8wT3yxh5lm4RI+72KFckjGyj1U5r9aMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GMADCBiAJCAMZgCh2edMN/wkQDEGOAhasnemdq65hiTcyKHxSn2uep+TdSDezJtZzL+1q26cJYXGeLzs/OWXf0iCFKDt8E6xVUAkIA6jDznV6Em5apvVSJkaHYaR/hXxT1m6wWdRtwr4r9YAKAuwX377nK5xr7rz6zRmdpF0o4LeRlVMe3XWU/s/MysGA=" ], "y": "bN6lDQLQywvgos3UC4hxLVjLiimufGdpqkf5J-BI-4rv0bvp5Yxir_TrMvME98sYeZZuESPu9ihXJIxso9VOa_U", "x": "ARoO9vXZkZrFJxEu9CjseWFTm7mM1ddt4aIqgHsR3MoqY9eG3A8RVYga0M4iMeGwQ9H1OzSclUg2xHUrNSWDHuqy", "kid": "9c2e779f-f1f6-4ca3-a9dd-c97f2dc6db91_sig_es512" } ] } ``` The gluu-radius.jks and the logs tar: ``` https://filebin.net/1stxo905zcinmbxz ```

By Dzouato Djeumen Rolain Bonaventure staff 29 Oct 2019 at 11:33 p.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Please can you open the file `/etc/gluu/conf/radius/gluu-radius.properties` and tell me what's the value of the property `radius.jwt.auth.signAlgorithm` ? Thanks.

By Hamdi Bahrini user 30 Oct 2019 at 9:30 a.m. CDT

Copy
Hamdi Bahrini gravatar
Hello Rolain, radius.jwt.auth.signAlgorithm = RS512 By the way, in the same file, i changed the radius.auth.scheme property to onestep (it was twostep) because that's what i want to test for now. When I reviewed the logs obtained after the change, I found this line towards the end: ``` SuperGluuAccessRequestFilter - Authentication scheme is neither one-step nor two-step ``` [The filter's class on github](https://github.com/GluuFederation/radius/blob/a6110c566592fbb00d7f4119cef9b2d094837147/Server/src/main/java/org/gluu/radius/server/filter/SuperGluuAccessRequestFilter.java) /opt/gluu/radius/logs/gluu-radius.log ``` [DEBUG] 2019-10-30 10:39:00.642 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:00.643 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:02.643 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:02.643 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:04.643 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:04.643 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:06.644 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:06.644 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:08.645 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:08.645 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:10.646 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:10.646 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:12.649 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:12.649 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:14.649 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:14.649 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:16.650 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:16.650 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:18.651 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:18.651 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:20.651 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:20.652 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:22.656 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:22.656 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:24.657 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:24.657 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:26.657 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:26.658 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:28.659 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:28.659 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:30.659 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:30.659 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:32.665 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:32.665 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:34.666 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:34.666 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:36.667 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:36.667 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:38.684 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:38.684 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:40.118 [Radius Auth Listener] RadiusServer - receive buffer size = 106496 [DEBUG] 2019-10-30 10:39:40.120 [Radius Auth Listener] DurationUtil - LDAP operation: search, duration: PT0.001S, dn: ou=radius_clients,o=gluu, filter: (&(&(objectClass=oxRadiusClient))(oxRadiusClientIpAddress=*)), scope: SUB, batchOperationWraper: org.gluu.persist.ldap.impl.LdapBatchOperationWraper@4896420a, start: 0, searchLimit: 0, count: 0, controls: null, attributes: [oxRadiusClientSortPriority, oxRadiusClientIpAddress, oxRadiusClientSecret, inum, oxRadiusClientName] [DEBUG] 2019-10-30 10:39:40.120 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [c4c488e5-d67d-4501-9844-59b1168b489b] [DEBUG] 2019-10-30 10:39:40.121 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [192.168.56.2] [DEBUG] 2019-10-30 10:39:40.121 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [proxy-radius] [DEBUG] 2019-10-30 10:39:40.121 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2019-10-30 10:39:40.121 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [U1eeujF9ofs=] [INFO ] 2019-10-30 10:39:40.121 [Radius Auth Listener] GluuRadiusServer - Client ip: 192.168.56.2 [INFO ] 2019-10-30 10:39:40.121 [Radius Auth Listener] RadiusServer - received packet from /192.168.56.2:44665 on local address 0.0.0.0/0.0.0.0:1812: Access-Request, ID 141 User-Name: testuser User-Password: 0x5061737377307264 NAS-IP-Address: 192.168.56.2 NAS-Port: 0 Message-Authenticator: 0x97dd5f304f55f76a923b310ec415cf1a [DEBUG] 2019-10-30 10:39:40.122 [Radius Auth Listener] SuperGluuAccessRequestFilter - Performing one-step authentication for user {testuser} [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] RequestAddCookies - CookieSpec selected: default [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] RequestAuthCache - Auth cache not set in the context [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection leased: [id: 6][route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] MainClientExec - Opening connection {s}->https://gluu.server.test.loc:443 [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connecting to gluu.server.test.loc/192.168.56.7:443 [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] SSLConnectionSocketFactory - Connecting socket to gluu.server.test.loc/192.168.56.7:443 with timeout 0 [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2] [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] [DEBUG] 2019-10-30 10:39:40.130 [Radius Auth Listener] SSLConnectionSocketFactory - Starting handshake [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] SSLConnectionSocketFactory - Secure session established [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] SSLConnectionSocketFactory - peer principal: EMAILADDRESS=bahrini.hamdi@gmail.com, CN=gluu.server.test.loc, O=hamdi, L=montreal, ST=qc, C=ca [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] SSLConnectionSocketFactory - issuer principal: EMAILADDRESS=bahrini.hamdi@gmail.com, CN=gluu.server.test.loc, O=hamdi, L=montreal, ST=qc, C=ca [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connection established 192.168.56.7:42670<->192.168.56.7:443 [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] MainClientExec - Executing request POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] MainClientExec - Target auth state: UNCHALLENGED [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] MainClientExec - Proxy auth state: UNCHALLENGED [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> Content-Type: application/x-www-form-urlencoded [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> Content-Length: 1112 [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> Host: gluu.server.test.loc [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> Connection: Keep-Alive [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_222) [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] headers - http-outgoing-6 >> Accept-Encoding: gzip,deflate [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "POST /oxauth/restv1/token HTTP/1.1[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "Content-Length: 1112[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "Host: gluu.server.test.loc[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_222)[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "Accept-Encoding: gzip,deflate[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "[\r][\n]" [DEBUG] 2019-10-30 10:39:40.137 [Radius Auth Listener] wire - http-outgoing-6 >> "__step=initiate_auth&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&__remote_ip=192.168.56.2&__password=Passw0rd&grant_type=password&scope=openid+super_gluu_ro_session&acr_values=super_gluu_ro&client_assertion=eyJraWQiOiJmODM1NWU3ZS0yMjU4LTQ0NTMtYTBjZS04YjkzNWExNWI3Zjlfc2lnX3JzNTEyIiwidHlwIjoiSldUIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIwMDA4LWNjMWI2NzUxLWNmMGItNDgwYi05ZGEyLWFjNjg5NTAwMmNmYyIsImF1ZCI6Imh0dHBzOi8vZ2x1dS5zZXJ2ZXIudGVzdC5sb2Mvb3hhdXRoL3Jlc3R2MS90b2tlbiIsImlzcyI6IjAwMDgtY2MxYjY3NTEtY2YwYi00ODBiLTlkYTItYWM2ODk1MDAyY2ZjIiwiZXhwIjoxNTcyNDQ2NjgwLCJpYXQiOjE1NzI0NDYzODAsImp0aSI6IjU3NmNjZWZjLTEyN2ItNDU1Yi1iMGJjLTQ0N2M4ODdhNWI3YSJ9.WCNNWsEEonVw9ZdJDOO369lRRgAcjW_qEj4aPbdH0qofLOhHHq8__Lxw47L8_4ZESv507A3x0d3UOXQw_DkZQ3V54wB-v5msnTfHHsKpYPcTDvsbWiJGrDTr3ZNhnZGHwTV_F01yXpqSNdvx9F71F-LqpQBUUJKnURhjxA-FCpAUKJvAcVDTyOIh3eflRN2iRECIMPXP5YTnNfwKGGP6igmYKi04jI78Rq1g7R7wa5E1jbtwdW-0i32Hu6c1sQVCTtAKen43OyyWvgb-siprq447fPjmpgSVoRfU7Hn_Bpx0Nj3XBAHRuUulI6mS507kUoEfYiV8hxTwtSljjImIFA&__auth_scheme=onestep&client_id=0008-cc1b6751-cf0b-480b-9da2-ac6895002cfc&username=testuser" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "HTTP/1.1 401 Unauthorized[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "Date: Wed, 30 Oct 2019 14:39:40 GMT[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "Server: Apache[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "WWW-Authenticate: Basic realm="oxAuth"[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "Content-Type: application/json;charset=iso-8859-1[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "Content-Length: 628[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "Connection: close[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] wire - http-outgoing-6 << "[\r][\n]" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << HTTP/1.1 401 Unauthorized [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << Date: Wed, 30 Oct 2019 14:39:40 GMT [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << Server: Apache [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << X-Xss-Protection: 1; mode=block [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << X-Content-Type-Options: nosniff [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << WWW-Authenticate: Basic realm="oxAuth" [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << Content-Type: application/json;charset=iso-8859-1 [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << Content-Length: 628 [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] headers - http-outgoing-6 << Connection: close [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] HttpAuthenticator - Authentication required [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] HttpAuthenticator - gluu.server.test.loc:443 requested authentication [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic] [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available [DEBUG] 2019-10-30 10:39:40.146 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] wire - http-outgoing-6 << "{"reason":"Unable to authenticate client.","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.","error":"invalid_client"}" [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] DefaultManagedHttpClientConnection - http-outgoing-6: Close connection [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] MainClientExec - Connection discarded [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection released: [id: 6][route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: {"reason":"Unable to authenticate client.","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.","error":"invalid_client"} [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication failed for user {testuser} [DEBUG] 2019-10-30 10:39:40.147 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication scheme is neither one-step nor two-step [INFO ] 2019-10-30 10:39:40.147 [Radius Auth Listener] RadiusServer - send response: Access-Reject, ID 141 [DEBUG] 2019-10-30 10:39:40.686 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:40.687 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:42.687 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:42.688 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:44.688 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:44.688 [Thread-7] Runner - Background operations complete [DEBUG] 2019-10-30 10:39:46.689 [Thread-7] Runner - Performing background operations [DEBUG] 2019-10-30 10:39:46.689 [Thread-7] Runner - Background operations complete ```

By Dzouato Djeumen Rolain Bonaventure staff 04 Nov 2019 at 6:45 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Sir, The link containing the logs has dissapeared/ expired. Can you re-run the steps I asked you to generate logs ? Also this time , please zip or tar the entire log directories. Both `/opt/gluu/jetty/oxauth/logs` and `/opt/gluu/radius/logs`. Thanks.

By Hamdi Bahrini user 04 Nov 2019 at 8:25 a.m. CST

Copy
Hamdi Bahrini gravatar
Helllo Rolain, The contents of the JWKS field is the same and the screenshot of the openid client still available. The gluu-radius.jks and the logs tar (oxauth & radius): ``` https://filebin.net/loumt6672y5p4qfe ```

By Dzouato Djeumen Rolain Bonaventure staff 04 Nov 2019 at 12:04 p.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Looks from your logs that you have been using an older version of Gluu Radius. I'll check with our team to see why it's being bundled with your distribution. That said , here is the newest version of Gluu Radius. 1. [Download](https://ox.gluu.org/maven/org/gluu/super-gluu-radius-server/4.0.0-SNAPSHOT/super-gluu-radius-server-4.0.0-SNAPSHOT.jar) this file and copy it to `/opt/gluu/radius` . Rename it to `super-gluu-radius-server.jar`. 2. [Download](https://ox.gluu.org/maven/org/gluu/super-gluu-radius-server/4.0.0-SNAPSHOT/super-gluu-radius-server-4.0.0-SNAPSHOT-distribution.zip) this file and copy it to `/opt/gluu/radius` then unzip it. Make sure you rename the existing `libs` directory to something like `libs.tmp` for backup before you override. Once you are done , clear all of your logs , then retry again. Thanks for your patience.

By Hamdi Bahrini user 04 Nov 2019 at 11:35 p.m. CST

Copy
Hamdi Bahrini gravatar
Hello Rolain, I did all the steps but when i tried to clear logs using this [command](https://gluu.org/docs/ce/operation/logs/#clearing-logs) i got: ``` The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. ``` what is the command to do it ? (should I run it from the container) also, the gluu-radius service did not want to launch again /op/gluu/radius/logs/gluu-radius.log ``` [ERROR] 2019-11-05 00:10:18.454 [main] ServerEntry - Failed to start application org.apache.commons.cli.UnrecognizedOptionException: Unrecognized option: -Dradius.home=/opt/jetty at org.apache.commons.cli.DefaultParser.handleUnknownToken(DefaultParser.java:360) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleLongOptionWithEqual(DefaultParser.java:440) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:569) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:243) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:120) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:76) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:60) ~[commons-cli-1.4.jar:1.4] at org.gluu.radius.ServerEntry.main(ServerEntry.java:66) [super-gluu-radius-server.jar:?] ```

By Dzouato Djeumen Rolain Bonaventure staff 05 Nov 2019 at 11:53 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Sir, 1. To clear the logs , please stop the `oxauth` and `gluu-radius` services. Then run the following commands: `rm -rf /opt/gluu/jetty/oxauth/logs/*` and `rm -rf /opt/gluu/radius/logs/*`. Then start the `oxauth` and `gluu-radius` services. 2. The error is actually interesting as it confirms you are using an old version of gluu radius. But first , clear the logs , and then retry. Once again , thanks for your input.

By Hamdi Bahrini user 05 Nov 2019 at 12:20 p.m. CST

Copy
Hamdi Bahrini gravatar
Hello Rolain, I did all the steps, gluu-radius still not working Thank you for your help /op/gluu/radius/logs/gluu-radius.log ``` [ERROR] 2019-11-05 13:13:14.067 [main] ServerEntry - Failed to start application org.apache.commons.cli.UnrecognizedOptionException: Unrecognized option: -Dradius.home=/opt/jetty at org.apache.commons.cli.DefaultParser.handleUnknownToken(DefaultParser.java:360) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleLongOptionWithEqual(DefaultParser.java:440) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:569) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:243) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:120) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:76) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:60) ~[commons-cli-1.4.jar:1.4] at org.gluu.radius.ServerEntry.main(ServerEntry.java:66) [super-gluu-radius-server.jar:?] [ERROR] 2019-11-05 13:13:30.736 [main] ServerEntry - Failed to start application org.apache.commons.cli.UnrecognizedOptionException: Unrecognized option: -Dradius.home=/opt/jetty at org.apache.commons.cli.DefaultParser.handleUnknownToken(DefaultParser.java:360) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleLongOptionWithEqual(DefaultParser.java:440) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:569) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:243) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:120) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:76) ~[commons-cli-1.4.jar:1.4] at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:60) ~[commons-cli-1.4.jar:1.4] at org.gluu.radius.ServerEntry.main(ServerEntry.java:66) [super-gluu-radius-server.jar:?] ```

By Dzouato Djeumen Rolain Bonaventure staff 05 Nov 2019 at 12:33 p.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Thanks very much for your input. I think this will go a long way to solving this issue. Hang in there, I'll be shortly with you with a solution.

By Dzouato Djeumen Rolain Bonaventure staff 11 Nov 2019 at 6:46 p.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello sir, Here are the steps to have the service running once more. 1. Make a backup of `/etc/init.d/gluu-radius`. 2. Download and copy the attached file `gluu-radius.svc` to `/etc/init.d/` in your Gluu container instance. Rename it to `gluu-radius`. Run `chmod +x /etc/init.d/gluu-radius`. 3. Make a backup of `/etc/default/gluu-radius`. 4. Download and copy the attached file `gluu-radius.default` to `/etc/default/` in your Gluu container instance. Rename it to `gluu-radius`. Once you are done , restart the service and you should be good to go.
gluu-radius.default gluu-radius.svc

By Hamdi Bahrini user 11 Nov 2019 at 11:47 p.m. CST

Copy
Hamdi Bahrini gravatar
Hello Rolain, Thank you for your help, its working again, but i still get an Access-Reject response. /op/gluu/radius/logs/gluu-radius.log ``` [DEBUG] 2019-11-12 00:29:00.357 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:00.358 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:02.359 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:02.359 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:04.359 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:04.360 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:06.367 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:06.367 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:08.367 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:08.368 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:10.368 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:10.369 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:12.369 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:12.369 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:14.393 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:14.393 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:16.393 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:16.394 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:18.394 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:18.394 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:20.395 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:20.396 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:22.397 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:22.397 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:24.399 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:24.399 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:24.795 [Radius Auth Listener] RadiusServer - receive buffer size = 106496 [DEBUG] 2019-11-12 00:29:24.804 [Radius Auth Listener] DurationUtil - LDAP operation: search, duration: PT0.008S, dn: ou=radius_clients,o=gluu, filter: (&(&(objectClass=oxRadiusClient))(oxRadiusClientIpAddress=*)), scope: SUB, batchOperationWraper: org.gluu.persist.ldap.impl.LdapBatchOperationWraper@3129a2f6, start: 0, searchLimit: 0, count: 0, controls: null, attributes: [oxRadiusClientSortPriority, oxRadiusClientIpAddress, oxRadiusClientSecret, inum, oxRadiusClientName] [DEBUG] 2019-11-12 00:29:24.805 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [c4c488e5-d67d-4501-9844-59b1168b489b] [DEBUG] 2019-11-12 00:29:24.805 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [192.168.56.2] [DEBUG] 2019-11-12 00:29:24.805 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [proxy-radius] [DEBUG] 2019-11-12 00:29:24.805 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2019-11-12 00:29:24.806 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [U1eeujF9ofs=] [INFO ] 2019-11-12 00:29:24.806 [Radius Auth Listener] GluuRadiusServer - Client ip: 192.168.56.2 [INFO ] 2019-11-12 00:29:24.807 [Radius Auth Listener] RadiusServer - received packet from /192.168.56.2:50746 on local address 0.0.0.0/0.0.0.0:1812: Access-Request, ID 221 User-Name: testuser User-Password: 0x5061737377307264 NAS-IP-Address: 192.168.56.2 NAS-Port: 0 Message-Authenticator: 0xf3b2b86c65e3617cf53b8f2967c1b643 [DEBUG] 2019-11-12 00:29:24.810 [Radius Auth Listener] SuperGluuAccessRequestFilter - Performing one-step authentication for user {testuser} [DEBUG] 2019-11-12 00:29:24.882 [Radius Auth Listener] RequestAddCookies - CookieSpec selected: default [DEBUG] 2019-11-12 00:29:24.882 [Radius Auth Listener] RequestAuthCache - Auth cache not set in the context [DEBUG] 2019-11-12 00:29:24.883 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2019-11-12 00:29:24.883 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection leased: [id: 2][route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2019-11-12 00:29:24.883 [Radius Auth Listener] MainClientExec - Opening connection {s}->https://gluu.server.test.loc:443 [DEBUG] 2019-11-12 00:29:24.883 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connecting to gluu.server.test.loc/192.168.56.7:443 [DEBUG] 2019-11-12 00:29:24.883 [Radius Auth Listener] SSLConnectionSocketFactory - Connecting socket to gluu.server.test.loc/192.168.56.7:443 with timeout 0 [DEBUG] 2019-11-12 00:29:24.884 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2] [DEBUG] 2019-11-12 00:29:24.884 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] [DEBUG] 2019-11-12 00:29:24.884 [Radius Auth Listener] SSLConnectionSocketFactory - Starting handshake [DEBUG] 2019-11-12 00:29:24.898 [Radius Auth Listener] SSLConnectionSocketFactory - Secure session established [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] SSLConnectionSocketFactory - peer principal: EMAILADDRESS=bahrini.hamdi@gmail.com, CN=gluu.server.test.loc, O=hamdi, L=montreal, ST=qc, C=ca [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] SSLConnectionSocketFactory - issuer principal: EMAILADDRESS=bahrini.hamdi@gmail.com, CN=gluu.server.test.loc, O=hamdi, L=montreal, ST=qc, C=ca [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connection established 192.168.56.7:59624<->192.168.56.7:443 [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] MainClientExec - Executing request POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] MainClientExec - Target auth state: UNCHALLENGED [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] MainClientExec - Proxy auth state: UNCHALLENGED [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> Content-Type: application/x-www-form-urlencoded [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> Content-Length: 1112 [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> Host: gluu.server.test.loc [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> Connection: Keep-Alive [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_222) [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] headers - http-outgoing-2 >> Accept-Encoding: gzip,deflate [DEBUG] 2019-11-12 00:29:24.899 [Radius Auth Listener] wire - http-outgoing-2 >> "POST /oxauth/restv1/token HTTP/1.1[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "Content-Length: 1112[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "Host: gluu.server.test.loc[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_222)[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "Accept-Encoding: gzip,deflate[\r][\n]" [DEBUG] 2019-11-12 00:29:24.900 [Radius Auth Listener] wire - http-outgoing-2 >> "[\r][\n]" [DEBUG] 2019-11-12 00:29:24.901 [Radius Auth Listener] wire - http-outgoing-2 >> "__step=initiate_auth&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&__remote_ip=192.168.56.2&__password=Passw0rd&grant_type=password&scope=openid+super_gluu_ro_session&acr_values=super_gluu_ro&client_assertion=eyJraWQiOiJmODM1NWU3ZS0yMjU4LTQ0NTMtYTBjZS04YjkzNWExNWI3Zjlfc2lnX3JzNTEyIiwidHlwIjoiSldUIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIwMDA4LWNjMWI2NzUxLWNmMGItNDgwYi05ZGEyLWFjNjg5NTAwMmNmYyIsImF1ZCI6Imh0dHBzOi8vZ2x1dS5zZXJ2ZXIudGVzdC5sb2Mvb3hhdXRoL3Jlc3R2MS90b2tlbiIsImlzcyI6IjAwMDgtY2MxYjY3NTEtY2YwYi00ODBiLTlkYTItYWM2ODk1MDAyY2ZjIiwiZXhwIjoxNTczNTM2ODY0LCJpYXQiOjE1NzM1MzY1NjQsImp0aSI6IjNmYzBiM2JjLTNjZjgtNDk3NS05YzIwLTBmYWNjYjNkZDJlYSJ9.nEGZNLrisnxFI6edx4YqcQKMytk2DBoC78iYIzqFGia45q21_0rW7divk2-m6QLLi8_B-mmXT0Kqw-BuScbet14dBSlIeBgIUTkEd88ByaruuL9VQYCvPqOgt7nNW6ArgNfQTRqSDWbfOrysNktkFNlzDzlQpL9gJp5Yn9IGq0r1Q5aaaJuTnRIrUiNjWMhXRDUDE2v1j-cY9D9ZrB9c8NXbqyHaPjc1n9W2vnN8FZd0p2XwETx2Xy2N5066CzkHeySlUU6YvTVeO3wv-osUv7H8FoQM2kntRGiodbyKdihnhHq7zP9fAgXWTuY5z6qbn-EYFWX06ehSdVKvPps5aQ&__auth_scheme=onestep&client_id=0008-cc1b6751-cf0b-480b-9da2-ac6895002cfc&username=testuser" [DEBUG] 2019-11-12 00:29:24.934 [Radius Auth Listener] wire - http-outgoing-2 << "HTTP/1.1 401 Unauthorized[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "Date: Tue, 12 Nov 2019 05:29:24 GMT[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "Server: Apache[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "WWW-Authenticate: Basic realm="oxAuth"[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "Content-Type: application/json;charset=iso-8859-1[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "Content-Length: 628[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "Connection: close[\r][\n]" [DEBUG] 2019-11-12 00:29:24.935 [Radius Auth Listener] wire - http-outgoing-2 << "[\r][\n]" [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << HTTP/1.1 401 Unauthorized [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << Date: Tue, 12 Nov 2019 05:29:24 GMT [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << Server: Apache [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << X-Xss-Protection: 1; mode=block [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << X-Content-Type-Options: nosniff [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << WWW-Authenticate: Basic realm="oxAuth" [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << Content-Type: application/json;charset=iso-8859-1 [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << Content-Length: 628 [DEBUG] 2019-11-12 00:29:24.936 [Radius Auth Listener] headers - http-outgoing-2 << Connection: close [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] HttpAuthenticator - Authentication required [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] HttpAuthenticator - gluu.server.test.loc:443 requested authentication [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic] [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available [DEBUG] 2019-11-12 00:29:24.937 [Radius Auth Listener] TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available [DEBUG] 2019-11-12 00:29:24.938 [Radius Auth Listener] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2019-11-12 00:29:24.938 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2019-11-12 00:29:24.938 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2019-11-12 00:29:24.939 [Radius Auth Listener] wire - http-outgoing-2 << "{"reason":"Unable to authenticate client.","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.","error":"invalid_client"}" [DEBUG] 2019-11-12 00:29:24.939 [Radius Auth Listener] DefaultManagedHttpClientConnection - http-outgoing-2: Close connection [DEBUG] 2019-11-12 00:29:24.940 [Radius Auth Listener] MainClientExec - Connection discarded [DEBUG] 2019-11-12 00:29:24.940 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection released: [id: 2][route: {s}->https://gluu.server.test.loc:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2019-11-12 00:29:24.941 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: {"reason":"Unable to authenticate client.","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.","error":"invalid_client"} [DEBUG] 2019-11-12 00:29:24.941 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication failed for user {testuser} [INFO ] 2019-11-12 00:29:24.941 [Radius Auth Listener] RadiusServer - send response: Access-Reject, ID 221 [DEBUG] 2019-11-12 00:29:26.399 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:26.400 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:28.400 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:28.400 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:30.400 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:30.400 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:32.401 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:32.401 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:34.401 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:34.401 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:36.402 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:36.402 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:38.406 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:38.406 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:40.427 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:40.427 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:42.432 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:42.432 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:44.439 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:44.439 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:46.441 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:46.441 [Thread-7] Runner - Background operations complete [DEBUG] 2019-11-12 00:29:48.441 [Thread-7] Runner - Performing background operations [DEBUG] 2019-11-12 00:29:48.441 [Thread-7] Runner - Background operations complete ```

By Dzouato Djeumen Rolain Bonaventure staff 12 Nov 2019 at 12:28 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
This is a step in the positive direction though. Let me further investigate. Can you send me your `oxauth_script.log` file ? Thank you.

By Hamdi Bahrini user 12 Nov 2019 at 12:48 a.m. CST

Copy
Hamdi Bahrini gravatar
The oxauth_script.log file ``` https://filebin.net/s5tv8l3992rkxjei ``` Thank you

By Dzouato Djeumen Rolain Bonaventure staff 12 Nov 2019 at 1:46 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Still no clue from `oxauth_script.log` , Please can you once more clear all of your oxauth logs , perform authentication , then send me the `oxauth.log` and any relevant log. Thank you once more.

By Hamdi Bahrini user 12 Nov 2019 at 1:18 p.m. CST

Copy
Hamdi Bahrini gravatar
Hello Rolain, ``` https://filebin.net/9rt4d98hf98kjogn ``` Thank you for your help

By Dzouato Djeumen Rolain Bonaventure staff 13 Nov 2019 at 1:33 p.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
I am strongly suspecting the OpenID client used for authentication is misconfigured. Please go to the configuration of the OpenID Client `Gluu RO OpenID Client` and send me a screenshot of the `Standard Settings` page. The clue lies there.

By Hamdi Bahrini user 13 Nov 2019 at 7:43 p.m. CST

Copy
Hamdi Bahrini gravatar
Standard settings OpenID client ``` https://ibb.co/6strR2X ``` Thank you

By Dzouato Djeumen Rolain Bonaventure staff 13 Nov 2019 at 10:17 p.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
I guess I was right. I was looking pretty much in the wrong direction. Please change the `Authentication method for the Token Endpoint` to `private_key_jwt`. It should just work afterwards. Someone must have changed that particular setting. Thanks for your patience.

By Hamdi Bahrini user 13 Nov 2019 at 10:47 p.m. CST

Copy
Hamdi Bahrini gravatar
Hello Rolain, It works !!! thanks for your help..I remember that I tried all authentication methods, but that was before you found I was using an older version of gluu-radius. So I had two problems, an older version of gluu-radius and the wrong authentication method. Thanks again ``` Sent Access-Request Id 176 from 0.0.0.0:35520 to 192.168.56.7:1812 length 78 User-Name = "testuser" User-Password = "Passw0rd" NAS-IP-Address = 192.168.56.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Passw0rd" Received Access-Accept Id 176 from 192.168.56.7:1812 to 0.0.0.0:0 length 20 ```

Post an answer