Invalid session error message

By: Kuppusamy Venkatasubramanian user 27 Sep 2020 at 11:33 p.m. CDT

10 Responses
Kuppusamy Venkatasubramanian gravatar
Wanted to test authorization code flow using sample OXD java application from Github at this location - https://github.com/GluuFederation/oxd-java-sample This was tested in a Gluu in a VM with 2 vCPU and 8 GB RAM. Able to see the first step where the autorization URL is displayed and when i click on to get authenticated, there was error as "Error session invalid" (Image: OXD_004.png) Since the user hasn't logged in before getting the tokens, the application is supposed to prompt for a login. The logs have been uploaded in dropbox under https://www.dropbox.com/sh/23lc4g7xja70xyr/AADNqMHyoGff_ZJzAklKY5UCa?dl=0 At the oxd java sample application, there is error as below" [INFO] Started ServerConnector@703fc3be{SSL,[ssl, http/1.1]}{0.0.0.0:1234} [INFO] Started @67542ms [INFO] Started Jetty Server [WARNING] /static/bootstrap.min.css java.nio.channels.ClosedChannelException at org.eclipse.jetty.util.IteratingCallback.close (IteratingCallback.java:427) at org.eclipse.jetty.server.HttpConnection.onClose (HttpConnection.java:491) at org.eclipse.jetty.io.ssl.SslConnection.onClose (SslConnection.java:224) at org.eclipse.jetty.io.SelectorManager.connectionClosed (SelectorManager.java:310) at org.eclipse.jetty.io.ManagedSelector.lambda$destroyEndPoint$0 (ManagedSelector.java:505) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob (QueuedThreadPool.java:672) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run (QueuedThreadPool.java:590) at java.lang.Thread.run (Thread.java:834) The gluu server version is 4.2 using the bundled OXD server. Pls. help to check.
Ubuntu 20.0
closed

Answers

By Arnab Dutta staff 28 Sep 2020 at 4:32 a.m. CDT

Copy
Arnab Dutta gravatar
Hi Kuppusamy, Thanks for reporting. I will try to recreate the issue and let you know. Regards, Arnab

By Arnab Dutta staff 28 Sep 2020 at 6:52 a.m. CDT

Copy
Arnab Dutta gravatar
Hi Kuppusamy, I have checked the authorization code flow using sample OXD java application. It worked for me. From your logs it seems Gluu is facing problem when saving/retriving data to ldap. Could you try below steps to solve the issue: 1. Please check is the issue is resolved after restarting Gluu server. 2. We had a production release of Gluu server on `2020-09-25` to fix all the issues found in Gluu - 4.2.0. If this issue is not resolved after restarting the server then I will advise to do the latest installation of Gluu server (if you have installed it before 25th September). Please let me know if there is any concern or queries. Regards, Arnab

By Kuppusamy Venkatasubramanian user 28 Sep 2020 at 8:14 a.m. CDT

Copy
Kuppusamy Venkatasubramanian gravatar
I stopped and started the components as below: systemctl stop oxauth systemctl stop oxauth-rp systemctl stop idp systemctl stop passport systemctl stop fido2 systemctl stop scim systemctl stop casa systemctl stop gluu-radius systemctl stop opendj systemctl stop oxd-server systemctl stop apache2 systemctl stop identity systemctl start opendj systemctl start oxauth systemctl start oxauth-rp systemctl start idp systemctl start passport systemctl start fido2 systemctl start scim systemctl start casa systemctl start gluu-radius systemctl start identity systemctl start oxd-server systemctl start apache2 Still encoutering the same issue. I followed the steps to integrate oxd server as given in the link here - https://gluu.org/docs/oxd/configuration/ldap/ I can connect to opendj and create user using the oxTrust.

By Arnab Dutta staff 28 Sep 2020 at 9:01 a.m. CDT

Copy
Arnab Dutta gravatar
`I followed the steps to integrate oxd server as given in the link here - https://gluu.org/docs/oxd/configuration/ldap/` Good Point! I would like to mention that while installing Gluu server if you select `oxd` server installation then it provides an option to use Gluu storage as oxd db which will configure Gluu ldap automatically to oxd (Image attached). I think you should have selected that option instead of manually configuring oxd with ldap. Anyway if you have installed Gluu server before `2020-09-25` then I would recommend to upgrade it to the latest installation to include all the fixes done (as described in point# 2). Do you think this is possible?
inst_oxd.png

By Kuppusamy Venkatasubramanian user 29 Sep 2020 at 4:36 a.m. CDT

Copy
Kuppusamy Venkatasubramanian gravatar
Today i created a new VM with 2 vCPU and 8 GB RAM. Installed Glu using the documentation https://gluu.org/docs/gluu-server/4.2/installation-guide/install-ubuntu/ Still getting session invalid error at the authentication phase. The logs are available here - https://www.dropbox.com/sh/ikz1hmab2u6ij66/AACtua5w7w1avN3l7_AlUW5Ia?dl=0 I selected OXD storage to Gluu server during installation.

By Arnab Dutta staff 29 Sep 2020 at 5:29 a.m. CDT

Copy
Arnab Dutta gravatar
Could you also share 1. oxd-server.log 2. screen shot of Site Registration page of sample OXD java application (ref: https://www.gluu.org/docs/oxd/tutorials/java/#site-registration) . I saw following info in log : `2020-09-29 07:36:31,713 INFO [qtp534906248-14] [org.gluu.oxauth.service.SessionIdService] (SessionIdService.java:198) - Acr is changed. Session acr: simple_password_auth(level: -1), current acr: auth_ldap_server(level: null)` So either register a new client using `simple_password_auth` as `acr` (using sample OXD java application) or set `auth_ldap_server` as Default Authentication mode on gluu server and test (Go to Configuration --> Manage Authentication --> Default Authentication Method --> Authentication Mode).

By Kuppusamy Venkatasubramanian user 29 Sep 2020 at 6:17 a.m. CDT

Copy
Kuppusamy Venkatasubramanian gravatar
I have uploaded the logs and site registration details here - https://www.dropbox.com/sh/ikz1hmab2u6ij66/AACtua5w7w1avN3l7_AlUW5Ia?dl=0 After changing the acr to simple_password_auth, login page is displayed but upon entering username/password, there is consent screen displayed. But upon clicking allow, there is error as uploaded.

By Arnab Dutta staff 29 Sep 2020 at 7:02 a.m. CDT

Copy
Arnab Dutta gravatar
`After changing the acr to simple_password_auth, login page is displayed but upon entering username/password, there is consent screen displayed. But upon clicking allow, there is error as uploaded.` Below is the authotrizationUrl obtained from log. Here `acr_values` is still `auth_ldap_server`. In the attached `Site Registration` Image acr_valures is still `auth_ldap_server`. Please change it there and click on `save` button to register a new site and follow the entire flow. https://osboxes/oxauth/restv1/authorize?response_type=code&client_id=8f0b93e9-5643-4409-8dbb-3af00221e9ca&redirect_uri=https://localhost:1234/oidc/tokens.xhtml&scope=openid+uma_protection+oxd&state=foh9edtfg90kd9fnueu0sf7ono&nonce=bkgdonigep9ecknp17hh8bq5qc&acr_values=auth_ldap_server&prompt=login Please let me know if you think it is not clear. Also update `oxd-server.log` and `oxauth.log` in dropbox if you again face error.

By Kuppusamy Venkatasubramanian user 29 Sep 2020 at 9:51 p.m. CDT

Copy
Kuppusamy Venkatasubramanian gravatar
Now i am able to get authenticated and can get tokens. Thanks

By Arnab Dutta staff 29 Sep 2020 at 11:25 p.m. CDT

Copy
Arnab Dutta gravatar
That's great! Closing this ticket.

Post an answer