By: Nadzeya Hryshalevich user 30 Mar 2021 at 9:01 a.m. CDT

13 Responses
Nadzeya Hryshalevich gravatar
Hello! We need to configure 2FA authentication with LDAP and RADIUS protocols. See the topology bellow: ``` +-------+ +----------------------+ | Gluu | ---------------- | RADIUS / LDAP client | +-------+ +----------------------+ | | | | +---------------------------------+ | +------------------------------------+ | User with Super Gluu App | | and Google authenticator App | +------------------------------------+ ``` The user has already registered his phone in gluu's system for push-notification and TOTP functionality So we have two scenarios that we want to implement for our clients The first one (RADIUS + Google Authenticator): 1. User tries to get access and provides login/password to RADIUS client 2. RADIUS client sends Access-Request with user's login and password to Gluu 3. Gluu checks login/password and if they are correct, Gluu answers with Access-Challenge 4. User provides OTP from Google authenticator App 5. RADIUS client sends this OTP to Gluu 6. Gluu checks OTP and if it is correct, Gluu sends Access-Accept 7. RADIUS client accepts the connection from the user The second one (RADIUS/LDAP + SuperGluu): 1. User tries to get access and provides login/password to RADIUS/LDAP client 2. RADIUS/LDAP client sends these credentials to Gluu 3. Gluu checks login/password and if they are correct, Gluu sends push-notification to user's phone 4. User accepts connection in Super Gluu App 5. Gluu recieves information from user's phone that the connection is accepted 6. Gluu sends RADIUS/LDAP client information that connection is accepted 7. RADIUS/LDAP client accepts the connection from the user The first scenario doesn't work with `radius.auth.scheme = twostep`, but RADIUS servers works correctly with `radius.auth.scheme = onestep` **2FA with RADIUS and Super Gluu** ``` nadzeya@laptop:~$ radtest jsmith 123456 gluu 1 admin138 Sent Access-Request Id 214 from 0.0.0.0:55292 to 172.17.18.111:1812 length 76 User-Name = "jsmith" User-Password = "123456" NAS-IP-Address = 127.0.1.1 NAS-Port = 1 Message-Authenticator = 0x00 Cleartext-Password = "123456" Received Access-Reject Id 214 from 172.17.18.111:1812 to 172.17.17.105:55292 length 20 (0) -: Expected Access-Accept got Access-Reject ``` The information from the log file: ``` [DEBUG] 2021-03-25 07:39:07.639 [Radius Auth Listener] RadiusServer - receive buffer size = 106496 [DEBUG] 2021-03-25 07:39:07.642 [Radius Auth Listener] DurationUtil - LDAP operation: search, duration: PT0.002208S, dn: ou=radius_clients,o=gluu, filter: (&(&(objectClass=oxRadiusClient))(oxRadiusClientIpAddress=*)), scope: SUB, batchOperationWraper: org.gluu.persist.ldap.impl.LdapBatchOperationWraper@73d7555, start: 0, searchLimit: 0, count: 0, controls: null, attributes: [oxRadiusClientSortPriority, oxRadiusClientIpAddress, oxRadiusClientSecret, inum, oxRadiusClientName] [DEBUG] 2021-03-25 07:39:07.643 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [300b055d-29a4-443a-acc5-e8eaf357447b] [DEBUG] 2021-03-25 07:39:07.644 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [172.17.18.56] [DEBUG] 2021-03-25 07:39:07.644 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [OPNsense] [DEBUG] 2021-03-25 07:39:07.644 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2021-03-25 07:39:07.644 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [Ehdt/KvJAbitqcYS6X6lTw==] [DEBUG] 2021-03-25 07:39:07.644 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [83e4a1ed-81d1-4a31-b74e-a538c530f86c] [DEBUG] 2021-03-25 07:39:07.645 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [172.17.0.0/16] [DEBUG] 2021-03-25 07:39:07.645 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [nadzya] [DEBUG] 2021-03-25 07:39:07.645 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2021-03-25 07:39:07.645 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [5r7Qxc5h6Jq8SeJiyoSNyg==] [INFO ] 2021-03-25 07:39:07.645 [Radius Auth Listener] GluuRadiusServer - Client ip: 172.17.17.105 [INFO ] 2021-03-25 07:39:07.646 [Radius Auth Listener] GluuRadiusServer - Client ip: 172.17.17.105 [DEBUG] 2021-03-25 07:39:07.646 [Radius Auth Listener] CidrSubnetMatcher - Match found for client with ip 172.17.17.105 [INFO ] 2021-03-25 07:39:07.646 [Radius Auth Listener] RadiusServer - received packet from /172.17.17.105:43043 on local address 0.0.0.0/0.0.0.0:1812: Access-Request, ID 170 User-Name: jsmith User-Password: 0x313233343536 NAS-IP-Address: 127.0.1.1 NAS-Port: 1 Message-Authenticator: 0x91ffeee24158986de35d2a43d7df8db6 [DEBUG] 2021-03-25 07:39:07.648 [Radius Auth Listener] SuperGluuAccessRequestFilter - Performing two-step authentication for user {jsmith} [DEBUG] 2021-03-25 07:39:07.804 [Radius Auth Listener] RequestAddCookies - CookieSpec selected: default [DEBUG] 2021-03-25 07:39:07.804 [Radius Auth Listener] RequestAuthCache - Auth cache not set in the context [DEBUG] 2021-03-25 07:39:07.804 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://gluu.solidex.minsk.by:443][total kept alive: 1; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2021-03-25 07:39:07.815 [Radius Auth Listener] CPool - Connection [id:0][route:{s}->https://gluu.solidex.minsk.by:443][state:null] expired @ Thu Mar 25 07:33:38 UTC 2021 [DEBUG] 2021-03-25 07:39:07.815 [Radius Auth Listener] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection [DEBUG] 2021-03-25 07:39:07.816 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection leased: [id: 1][route: {s}->https://gluu.solidex.minsk.by:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2021-03-25 07:39:07.816 [Radius Auth Listener] MainClientExec - Opening connection {s}->https://gluu.solidex.minsk.by:443 [DEBUG] 2021-03-25 07:39:07.816 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connecting to gluu.solidex.minsk.by/172.17.18.111:443 [DEBUG] 2021-03-25 07:39:07.816 [Radius Auth Listener] SSLConnectionSocketFactory - Connecting socket to gluu.solidex.minsk.by/172.17.18.111:443 with timeout 0 [DEBUG] 2021-03-25 07:39:07.817 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled protocols: [TLSv1.2, TLSv1.1, TLSv1] [DEBUG] 2021-03-25 07:39:07.817 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] [DEBUG] 2021-03-25 07:39:07.817 [Radius Auth Listener] SSLConnectionSocketFactory - Starting handshake [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] SSLConnectionSocketFactory - Secure session established [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] SSLConnectionSocketFactory - peer principal: EMAILADDRESS=mail@mail.com, CN=gluu.solidex.minsk.by, O=Solidex, L=Minsk, ST=CN, C=CN [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] SSLConnectionSocketFactory - issuer principal: EMAILADDRESS=mail@mail.com, CN=gluu.solidex.minsk.by, O=Solidex, L=Minsk, ST=CN, C=CN [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connection established 172.17.18.111:53308<->172.17.18.111:443 [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] MainClientExec - Executing request POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2021-03-25 07:39:07.831 [Radius Auth Listener] MainClientExec - Target auth state: UNCHALLENGED [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] MainClientExec - Proxy auth state: UNCHALLENGED [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> Content-Type: application/x-www-form-urlencoded [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> Content-Length: 1111 [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> Host: gluu.solidex.minsk.by [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> Connection: Keep-Alive [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8) [DEBUG] 2021-03-25 07:39:07.832 [Radius Auth Listener] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "POST /oxauth/restv1/token HTTP/1.1[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "Content-Length: 1111[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "Host: gluu.solidex.minsk.by[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8)[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "[\r][\n]" [DEBUG] 2021-03-25 07:39:07.833 [Radius Auth Listener] wire - http-outgoing-1 >> "__step=initiate_auth&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&__remote_ip=172.17.17.105&__password=123456&grant_type=password&scope=openid+super_gluu_ro_session&acr_values=super_gluu_ro&client_assertion=eyJraWQiOiI2MDI5OTc2MC02NjE3LTRkNTQtODU4Yy03OWU5MmUyNTA3Y2Ffc2lnX3JzNTEyIiwidHlwIjoiSldUIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxNzAxLmMzNWUwNmE4LWVkYTMtNDM2MC04YmEwLWQ1ODg0NGMzM2U2OSIsImF1ZCI6Imh0dHBzOi8vZ2x1dS5zb2xpZGV4Lm1pbnNrLmJ5L294YXV0aC9yZXN0djEvdG9rZW4iLCJpc3MiOiIxNzAxLmMzNWUwNmE4LWVkYTMtNDM2MC04YmEwLWQ1ODg0NGMzM2U2OSIsImV4cCI6MTYxNjY1ODI0NywiaWF0IjoxNjE2NjU3OTQ3LCJqdGkiOiJiNGQ2YmVmYS1hODAzLTRlYzMtYjYyMC1iNzFkNTgxOGQ4N2YifQ.DM-okzBO1shFcwEc3Jd3RyBWu5BTNQ6ZoUmHAv4NhQfz-0miyyUm1gkeJ1FFTt12XQfQwVfbjCPpWfpXQmvPHtE5F2e4HYwRzdHExBXpdqcwNooygIGYPCOg811kuNJgXG3xshmuYCK8uT9Kd1-hst0Ancg4Wu7ApsdsOb7MlOnFPkV43u6yWsdt5bvR1Pzb0cfpjSH1jErM91dSK0ZU6EK8F-xZDFCueN1WcyG2f6dfeaX8NCELouCBYhzkQLotwGGJIi4X837Eg4iHYvsDV42ubNcuK8VMsq64WxpYHMSMXkx9VjacziLgBmqyi5t7v5LbmHcFIhl0fEd0x7BHxA&__auth_scheme=twostep&client_id=1701.c35e06a8-eda3-4360-8ba0-d58844c33e69&username=jsmith" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "HTTP/1.1 401 Unauthorized[\r][\n]" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "Date: Thu, 25 Mar 2021 07:39:07 GMT[\r][\n]" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "Server: Apache/2.4.29 (Ubuntu)[\r][\n]" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2021-03-25 07:39:08.000 [Radius Auth Listener] wire - http-outgoing-1 << "Cache-Control: no-store[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "Content-Type: application/json[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "Pragma: no-cache[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "Content-Length: 599[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "Keep-Alive: timeout=5, max=100[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "[\r][\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "{[\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << " "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.",[\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << " "error": "invalid_client"[\n]" [DEBUG] 2021-03-25 07:39:08.001 [Radius Auth Listener] wire - http-outgoing-1 << "}" [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << HTTP/1.1 401 Unauthorized [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Date: Thu, 25 Mar 2021 07:39:07 GMT [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Server: Apache/2.4.29 (Ubuntu) [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << X-Xss-Protection: 1; mode=block [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << X-Content-Type-Options: nosniff [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Cache-Control: no-store [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Content-Type: application/json [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Pragma: no-cache [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Content-Length: 599 [DEBUG] 2021-03-25 07:39:08.002 [Radius Auth Listener] headers - http-outgoing-1 << Keep-Alive: timeout=5, max=100 [DEBUG] 2021-03-25 07:39:08.003 [Radius Auth Listener] headers - http-outgoing-1 << Connection: Keep-Alive [DEBUG] 2021-03-25 07:39:08.003 [Radius Auth Listener] MainClientExec - Connection can be kept alive for 5000 MILLISECONDS [DEBUG] 2021-03-25 07:39:08.003 [Radius Auth Listener] HttpAuthenticator - Authentication required [DEBUG] 2021-03-25 07:39:08.003 [Radius Auth Listener] HttpAuthenticator - gluu.solidex.minsk.by:443 requested authentication [DEBUG] 2021-03-25 07:39:08.003 [Radius Auth Listener] HttpAuthenticator - Response contains no authentication challenges [DEBUG] 2021-03-25 07:39:08.004 [Radius Auth Listener] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2021-03-25 07:39:08.004 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2021-03-25 07:39:08.004 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2021-03-25 07:39:08.004 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection [id: 1][route: {s}->https://gluu.solidex.minsk.by:443] can be kept alive for 5.0 seconds [DEBUG] 2021-03-25 07:39:08.004 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection released: [id: 1][route: {s}->https://gluu.solidex.minsk.by:443][total kept alive: 1; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2021-03-25 07:39:08.005 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: { "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.", "error": "invalid_client" } [DEBUG] 2021-03-25 07:39:08.005 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication failed for user {jsmith}. [INFO ] 2021-03-25 07:39:08.005 [Radius Auth Listener] RadiusServer - send response: Access-Reject, ID 170 ``` We really need your help with Gluu-RADIUS and Super Gluu. Also please, tell us **how to make Gluu-RADIUS to check TOTP with google authenticator? Unfortunately, it's not possible for us to use Radiator plugin** because of our client's requirements. And we want to enable LDAP + Super Gluu, but when we set super gluu authentication as default 2FA for the user, Gluu's LDAP server still doesn't send push notification to client's phone. Please, help us to make these two scenarios work. Thank you!

By Michael Schwartz staff 30 Mar 2021 at 12:13 p.m. CDT

Michael Schwartz gravatar
2FA for an LDAP client is definitely not supported. We don't expose any LDAP interface in the Gluu Server. Even if we did, you need an interception for the BIND operation. As far as I know, you'd need the Radiant Logic VDS to do this (a commercial product). The Gluu Radius server is very simple, and single threaded. That means that only one person can be authenticated at a time. It's not meant for high volume use cases. The way it works is that it uses the Resource Owner Password Credential Grant. Right now, you can only have one ROPW script active at a time. If you have multiple scripts active, both are run consectutively (and both must return True). In your stacktrace, the interesting log message is ``` [DEBUG] 2021-03-25 07:39:08.005 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: { "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.", "error": "invalid_client" } ``` Are you using the built in client named `Gluu RO OpenID Client` ? If so, can you check to make sure the client id and secret are correct?

By Nadzeya Hryshalevich user 30 Mar 2021 at 12:33 p.m. CDT

Nadzeya Hryshalevich gravatar
Thank you for your answer! Yes, we're using `Gluu RO OpenID Client`. The problem is that I cannot find information how to assign this client to user's profile. See information about the test user: ![](https://snipboard.io/rQH7We.jpg) And the `Gluu RO OpenID Client` configuration: ![](https://snipboard.io/RwJy6K.jpg) ``` OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** Gluu RO OpenID Client - **Client ID:** 1701.ac0d4ae8-93cb-447f-9944-e17b278848c2 - **ClientSecret:** XXXXXXXXXXX - **Application Type:** native - **Persist Client Authorizations:** true - **Pre-Authorization:** false - **Authentication method for the Token Endpoint:** private_key_jwt - **Logout Session Required:** false - **Include Claims In Id Token:** true - **Disabled:** false - **Login Redirect URIs:** [https://gluulan.solidex.minsk.by/] - **Scopes:** [openid, super_gluu_ro_session] - **Grant types:** [password] - **Response types:** [id_token] ``` Please, provide us any help or document that describes how to configure the client id and secret of `Gluu RO OpenID Client` to make RADIUS 2FA work Thank you for your help! P.S. And please, tell us, is it possible to configure RADIUS and TOTP and the second factor?

By Michael Schwartz staff 30 Mar 2021 at 1:10 p.m. CDT

Michael Schwartz gravatar
The client is used by all users. I think what you are saying is that you only want some users to have access to radius?In the `super_gluu_ro` you could perhaps lookup the person, and see if they have a certain user claim, and then based on that claim, allow access. We don't have an OOTB script for OTP and Radius. But you could look at the [Person Authn Interception script for OTP](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/otp) and adopt it to work in your ROPW script.

By Nadzeya Hryshalevich user 30 Mar 2021 at 1:27 p.m. CDT

Nadzeya Hryshalevich gravatar
Thank you for your quick answer! I just want to enable 2FA authentication with Gluu-RADIUS and Super Gluu, right now it's not important for us to configure this functionality for some or for all users. To make it simple, let's configure it for all users This is super_gluu_ro configuration and I cannot see any ability to lookup the person: ![](https://snipboard.io/h2j1GV.jpg) ![](https://snipboard.io/HFSIrN.jpg) I see the claims only when I change scope type to OpenID ![](https://snipboard.io/FEvRdi.jpg) Sorry if my questions seem like some sort of a primitive, but I was looking for this information in your docs and support portal and I can't find any instructions for configuration Gluu RADIUS and Super Gluu to make them work correctly together So I would be very grateful for your help!

By Dzouato Djeumen Rolain Bonaventure staff 30 Mar 2021 at 2:54 p.m. CDT

Dzouato Djeumen Rolain Bonaventure gravatar
Hello, Please can you attach your entire logs for radius server ? I only see the part when authentication fails. I will need more to determine while 2FA isn't working.

By Dzouato Djeumen Rolain Bonaventure staff 30 Mar 2021 at 2:57 p.m. CDT

Dzouato Djeumen Rolain Bonaventure gravatar
Also, please attach the python script logs.

By Nadzeya Hryshalevich user 31 Mar 2021 at 1:32 a.m. CDT

Nadzeya Hryshalevich gravatar
This is the entire `gluu-radius.log` file, including the moment when the service starts and when login fails ``` [INFO ] 2021-03-31 06:25:31.054 [main] ServerEntry - +---------------------------------------------------------+ [INFO ] 2021-03-31 06:25:31.054 [main] ServerEntry - + Gluu Radius Server + [INFO ] 2021-03-31 06:25:31.055 [main] ServerEntry - + Copyright (c) Gluu Inc. + [INFO ] 2021-03-31 06:25:31.055 [main] ServerEntry - +---------------------------------------------------------+ [INFO ] 2021-03-31 06:25:31.056 [main] ServerEntry - Starting application in server mode. Configuration file: /etc/gluu/conf/radius/gluu-radius.properties [INFO ] 2021-03-31 06:25:31.056 [main] ServerEntry - Initializing security components [INFO ] 2021-03-31 06:25:31.265 [main] ServerEntry - Security components initialization successful [INFO ] 2021-03-31 06:25:31.266 [main] ServerEntry - Registering bootstrap configuration service [DEBUG] 2021-03-31 06:25:31.269 [main] BootstrapConfigService - Persistence backend: ldap [INFO ] 2021-03-31 06:25:31.324 [main] ServerEntry - Bootstrap configuration service registered [INFO ] 2021-03-31 06:25:31.325 [main] ServerEntry - Initializing persistence layer [DEBUG] 2021-03-31 06:25:31.521 [main] LdapConnectionProvider - Using LDAP connection pool timeout: '30' [INFO ] 2021-03-31 06:25:31.521 [main] LdapConnectionProvider - Attempting to create connection pool: 1 [DEBUG] 2021-03-31 06:25:31.913 [main] LdapConnectionProvider - Adding support for password methods: [] [DEBUG] 2021-03-31 06:25:31.914 [main] LdapConnectionProvider - Using next binary attributes: [objectguid] [DEBUG] 2021-03-31 06:25:31.914 [main] LdapConnectionProvider - Using next binary certificateAttributes: [usercertificate] [DEBUG] 2021-03-31 06:25:31.943 [main] LdapEntryManagerFactory - Created connectionProvider 'org.gluu.persist.ldap.operation.impl.LdapConnectionProvider@16fb356' with code '0 (success)' [DEBUG] 2021-03-31 06:25:31.944 [main] LdapConnectionProvider - Using LDAP connection pool timeout: '30' [INFO ] 2021-03-31 06:25:31.944 [main] LdapConnectionProvider - Attempting to create connection pool: 1 [DEBUG] 2021-03-31 06:25:32.150 [main] LdapConnectionProvider - Adding support for password methods: [] [DEBUG] 2021-03-31 06:25:32.150 [main] LdapConnectionProvider - Using next binary attributes: [objectguid] [DEBUG] 2021-03-31 06:25:32.150 [main] LdapConnectionProvider - Using next binary certificateAttributes: [usercertificate] [DEBUG] 2021-03-31 06:25:32.151 [main] LdapEntryManagerFactory - Created bindConnectionProvider 'org.gluu.persist.ldap.operation.impl.LdapAuthConnectionProvider@23a9ba52' with code '0 (success)' [DEBUG] 2021-03-31 06:25:32.378 [main] DurationUtil - LDAP operation: lookup, duration: PT0.054764S, dn: cn=schema, attributes: [attributeTypes] [INFO ] 2021-03-31 06:25:32.425 [main] LdapEntryManagerFactory - Created LdapEntryManager: org.gluu.persist.ldap.operation.impl.LdapOperationServiceImpl@2516fc68 [INFO ] 2021-03-31 06:25:32.425 [main] ServerEntry - Persistence layer initialization successful [INFO ] 2021-03-31 06:25:32.426 [main] ServerEntry - Registering clients service [INFO ] 2021-03-31 06:25:32.427 [main] ServerEntry - Clients service registration successful [INFO ] 2021-03-31 06:25:32.427 [main] ServerEntry - Registering server configuration service [INFO ] 2021-03-31 06:25:32.427 [main] ServerEntry - Server configuration service registration failed [INFO ] 2021-03-31 06:25:32.428 [main] ServerEntry - Registering OpenID configuration service [DEBUG] 2021-03-31 06:25:32.443 [main] DurationUtil - LDAP operation: lookup, duration: PT0.001724S, dn: ou=oxradius,ou=configuration,o=gluu, attributes: [oxRadiusOpenidUsername, oxRadiusOpenIdBaseUrl, oxRadiusListenInterface, oxRadiusAuthenticationPort, oxRadiusAuthenticationTimeout, oxRadiusAccountingPort, oxRadiusAcrValue, oxRadiusOpenidPassword, oxRadiusAuthScope] [DEBUG] 2021-03-31 06:25:32.445 [main] BaseEntryManager - LdapProperty: acctPort, AttributeName: oxRadiusAccountingPort, AttributeValue: [1813] [DEBUG] 2021-03-31 06:25:32.445 [main] BaseEntryManager - LdapProperty: acrValue, AttributeName: oxRadiusAcrValue, AttributeValue: [super_gluu_ro] [DEBUG] 2021-03-31 06:25:32.445 [main] BaseEntryManager - LdapProperty: authPort, AttributeName: oxRadiusAuthenticationPort, AttributeValue: [1812] [DEBUG] 2021-03-31 06:25:32.446 [main] BaseEntryManager - LdapProperty: authenticationTimeout, AttributeName: oxRadiusAuthenticationTimeout, AttributeValue: [35000] [DEBUG] 2021-03-31 06:25:32.446 [main] BaseEntryManager - LdapProperty: listenInterface, AttributeName: oxRadiusListenInterface, AttributeValue: [0.0.0.0] [DEBUG] 2021-03-31 06:25:32.446 [main] BaseEntryManager - LdapProperty: openidBaseUrl, AttributeName: oxRadiusOpenIdBaseUrl, AttributeValue: [https://gluulan.solidex.minsk.by/] [DEBUG] 2021-03-31 06:25:32.447 [main] BaseEntryManager - LdapProperty: openidPassword, AttributeName: oxRadiusOpenidPassword, AttributeValue: [wZiEvuMzsiH/HTul58yVEQ==] [DEBUG] 2021-03-31 06:25:32.447 [main] BaseEntryManager - LdapProperty: openidUsername, AttributeName: oxRadiusOpenidUsername, AttributeValue: [1701.ac0d4ae8-93cb-447f-9944-e17b278848c2] [DEBUG] 2021-03-31 06:25:32.447 [main] BaseEntryManager - LdapProperty: scopes, AttributeName: oxRadiusAuthScope, AttributeValue: [inum=F0C4,ou=scopes,o=gluu, inum=63CD,ou=scopes,o=gluu] [DEBUG] 2021-03-31 06:25:32.606 [main] logging - Logging Provider: org.jboss.logging.Log4j2LoggerProvider [DEBUG] 2021-03-31 06:25:32.607 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlRootElementProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.610 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlRootElementProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.612 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBElementProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.614 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBElementProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.620 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlTypeProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.621 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlTypeProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.628 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.DocumentProvider, Method : DocumentProvider [DEBUG] 2021-03-31 06:25:32.643 [main] i18n - RESTEASY002330: Unable to retrieve config: expandEntityReferences defaults to false [DEBUG] 2021-03-31 06:25:32.644 [main] i18n - RESTEASY002335: Unable to retrieve config: enableSecureProcessingFeature defaults to true [DEBUG] 2021-03-31 06:25:32.644 [main] i18n - RESTEASY002325: Unable to retrieve config: disableDTDs defaults to true [DEBUG] 2021-03-31 06:25:32.645 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.DocumentProvider, Method : DocumentProvider [DEBUG] 2021-03-31 06:25:32.646 [main] i18n - RESTEASY002330: Unable to retrieve config: expandEntityReferences defaults to false [DEBUG] 2021-03-31 06:25:32.647 [main] i18n - RESTEASY002335: Unable to retrieve config: enableSecureProcessingFeature defaults to true [DEBUG] 2021-03-31 06:25:32.647 [main] i18n - RESTEASY002325: Unable to retrieve config: disableDTDs defaults to true [DEBUG] 2021-03-31 06:25:32.653 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlSeeAlsoProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.654 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlSeeAlsoProvider, Method : AbstractJAXBProvider [DEBUG] 2021-03-31 06:25:32.680 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.CollectionProvider, Method : CollectionProvider [DEBUG] 2021-03-31 06:25:32.681 [main] i18n - Provider : org.jboss.resteasy.plugins.providers.jaxb.CollectionProvider, Method : CollectionProvider [DEBUG] 2021-03-31 06:25:32.779 [main] BasicClientConnectionManager - Get connection for route {s}->https://gluulan.solidex.minsk.by:443 [DEBUG] 2021-03-31 06:25:32.790 [main] DefaultClientConnectionOperator - Connecting to gluulan.solidex.minsk.by:443 [DEBUG] 2021-03-31 06:25:32.902 [main] RequestAddCookies - CookieSpec selected: default [DEBUG] 2021-03-31 06:25:32.904 [main] RequestAuthCache - Auth cache not set in the context [DEBUG] 2021-03-31 06:25:32.904 [main] RequestTargetAuthentication - Target auth state: UNCHALLENGED [DEBUG] 2021-03-31 06:25:32.904 [main] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED [DEBUG] 2021-03-31 06:25:32.905 [main] DefaultHttpClient - Attempt 1 to execute request [DEBUG] 2021-03-31 06:25:32.905 [main] DefaultClientConnection - Sending request: GET /.well-known/openid-configuration HTTP/1.1 [DEBUG] 2021-03-31 06:25:32.905 [main] wire - >> "GET /.well-known/openid-configuration HTTP/1.1[\r][\n]" [DEBUG] 2021-03-31 06:25:32.907 [main] wire - >> "Accept: text/plain,application/json[\r][\n]" [DEBUG] 2021-03-31 06:25:32.907 [main] wire - >> "Host: gluulan.solidex.minsk.by[\r][\n]" [DEBUG] 2021-03-31 06:25:32.907 [main] wire - >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-31 06:25:32.907 [main] wire - >> "User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8)[\r][\n]" [DEBUG] 2021-03-31 06:25:32.908 [main] wire - >> "[\r][\n]" [DEBUG] 2021-03-31 06:25:32.908 [main] headers - >> GET /.well-known/openid-configuration HTTP/1.1 [DEBUG] 2021-03-31 06:25:32.908 [main] headers - >> Accept: text/plain,application/json [DEBUG] 2021-03-31 06:25:32.908 [main] headers - >> Host: gluulan.solidex.minsk.by [DEBUG] 2021-03-31 06:25:32.908 [main] headers - >> Connection: Keep-Alive [DEBUG] 2021-03-31 06:25:32.909 [main] headers - >> User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8) [DEBUG] 2021-03-31 06:25:32.915 [main] wire - << "HTTP/1.1 200 OK[\r][\n]" [DEBUG] 2021-03-31 06:25:32.917 [main] wire - << "Date: Wed, 31 Mar 2021 06:25:32 GMT[\r][\n]" [DEBUG] 2021-03-31 06:25:32.917 [main] wire - << "Server: Apache/2.4.29 (Ubuntu)[\r][\n]" [DEBUG] 2021-03-31 06:25:32.917 [main] wire - << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2021-03-31 06:25:32.918 [main] wire - << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2021-03-31 06:25:32.918 [main] wire - << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2021-03-31 06:25:32.918 [main] wire - << "Content-Type: application/json[\r][\n]" [DEBUG] 2021-03-31 06:25:32.918 [main] wire - << "Content-Length: 6064[\r][\n]" [DEBUG] 2021-03-31 06:25:32.918 [main] wire - << "Keep-Alive: timeout=5, max=100[\r][\n]" [DEBUG] 2021-03-31 06:25:32.919 [main] wire - << "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-31 06:25:32.919 [main] wire - << "[\r][\n]" [DEBUG] 2021-03-31 06:25:32.919 [main] DefaultClientConnection - Receiving response: HTTP/1.1 200 OK [DEBUG] 2021-03-31 06:25:32.920 [main] headers - << HTTP/1.1 200 OK [DEBUG] 2021-03-31 06:25:32.920 [main] headers - << Date: Wed, 31 Mar 2021 06:25:32 GMT [DEBUG] 2021-03-31 06:25:32.920 [main] headers - << Server: Apache/2.4.29 (Ubuntu) [DEBUG] 2021-03-31 06:25:32.920 [main] headers - << X-Xss-Protection: 1; mode=block [DEBUG] 2021-03-31 06:25:32.920 [main] headers - << X-Content-Type-Options: nosniff [DEBUG] 2021-03-31 06:25:32.921 [main] headers - << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2021-03-31 06:25:32.921 [main] headers - << Content-Type: application/json [DEBUG] 2021-03-31 06:25:32.921 [main] headers - << Content-Length: 6064 [DEBUG] 2021-03-31 06:25:32.921 [main] headers - << Keep-Alive: timeout=5, max=100 [DEBUG] 2021-03-31 06:25:32.921 [main] headers - << Connection: Keep-Alive [DEBUG] 2021-03-31 06:25:32.927 [main] DefaultHttpClient - Connection can be kept alive for 5000 MILLISECONDS [DEBUG] 2021-03-31 06:25:32.939 [main] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2021-03-31 06:25:32.940 [main] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2021-03-31 06:25:32.941 [main] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2021-03-31 06:25:32.942 [main] wire - << "{[\n]" [DEBUG] 2021-03-31 06:25:32.943 [main] wire - << " "request_parameter_supported" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.943 [main] wire - << " "token_revocation_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/revoke",[\n]" [DEBUG] 2021-03-31 06:25:32.943 [main] wire - << " "introspection_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/introspection",[\n]" [DEBUG] 2021-03-31 06:25:32.943 [main] wire - << " "claims_parameter_supported" : false,[\n]" [DEBUG] 2021-03-31 06:25:32.943 [main] wire - << " "issuer" : "https://gluulan.solidex.minsk.by",[\n]" [DEBUG] 2021-03-31 06:25:32.943 [main] wire - << " "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],[\n]" [DEBUG] 2021-03-31 06:25:32.944 [main] wire - << " "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],[\n]" [DEBUG] 2021-03-31 06:25:32.944 [main] wire - << " "authorization_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/authorize",[\n]" [DEBUG] 2021-03-31 06:25:32.944 [main] wire - << " "service_documentation" : "http://gluu.org/docs",[\n]" [DEBUG] 2021-03-31 06:25:32.944 [main] wire - << " "id_generation_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/id",[\n]" [DEBUG] 2021-03-31 06:25:32.944 [main] wire - << " "claims_supported" : [ "street_address", "country", "zoneinfo", "birthdate", "role", "gender", "formatted", "user_name", "phone_mobile_number", "preferred_username", "locale", "inum", "updated_at", "nickname", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],[\n]" [DEBUG] 2021-03-31 06:25:32.944 [main] wire - << " "scope_to_claims_mapping" : [ {[\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ][\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " "openid" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " "https://gluulan.solidex.minsk.by/oxauth/restv1/uma/scopes/scim_access" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.945 [main] wire - << " "permission" : [ "role" ][\n]" [DEBUG] 2021-03-31 06:25:32.946 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.946 [main] wire - << " "super_gluu_ro_session" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.946 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.946 [main] wire - << " "phone" : [ "phone_number_verified", "phone_number" ][\n]" [DEBUG] 2021-03-31 06:25:32.946 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " "revoke_session" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ][\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " "clientinfo" : [ "name", "inum" ][\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.947 [main] wire - << " "mobile_phone" : [ "phone_mobile_number" ][\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " "email" : [ "email_verified", "email" ][\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " "user_name" : [ "user_name" ][\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " "oxtrust-api-write" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.948 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " "oxd" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " "uma_protection" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " "oxtrust-api-read" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:32.949 [main] wire - << " "offline_access" : [ ][\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " } ],[\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",[\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],[\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " "tls_client_certificate_bound_access_tokens" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " "response_modes_supported" : [ "query", "form_post", "fragment" ],[\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " "backchannel_logout_session_supported" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.950 [main] wire - << " "token_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/token",[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "response_types_supported" : [ "token code", "token", "token id_token", "code", "id_token", "code id_token", "token code id_token" ],[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "request_uri_parameter_supported" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "backchannel_user_code_parameter_supported" : false,[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "grant_types_supported" : [ "authorization_code", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:uma-ticket", "client_credentials", "refresh_token", "password", "implicit" ],[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "ui_locales_supported" : [ "en", "bg", "de", "es", "fr", "it", "ru", "tr" ],[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "userinfo_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/userinfo",[\n]" [DEBUG] 2021-03-31 06:25:32.951 [main] wire - << " "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",[\n]" [DEBUG] 2021-03-31 06:25:32.952 [main] wire - << " "auth_level_mapping" : {[\n]" [DEBUG] 2021-03-31 06:25:32.952 [main] wire - << " "1" : [ "casa" ],[\n]" [DEBUG] 2021-03-31 06:25:32.952 [main] wire - << " "-1" : [ "simple_password_auth" ],[\n]" [DEBUG] 2021-03-31 06:25:32.952 [main] wire - << " "70" : [ "fido2" ],[\n]" [DEBUG] 2021-03-31 06:25:32.952 [main] wire - << " "60" : [ "super_gluu" ],[\n]" [DEBUG] 2021-03-31 06:25:32.952 [main] wire - << " "50" : [ "u2f" ],[\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " "40" : [ "otp" ][\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " },[\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " "require_request_uri_registration" : false,[\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],[\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " "frontchannel_logout_session_supported" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " "claims_locales_supported" : [ "en" ],[\n]" [DEBUG] 2021-03-31 06:25:32.953 [main] wire - << " "clientinfo_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/clientinfo",[\n]" [DEBUG] 2021-03-31 06:25:32.954 [main] wire - << " "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],[\n]" [DEBUG] 2021-03-31 06:25:32.954 [main] wire - << " "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],[\n]" [DEBUG] 2021-03-31 06:25:32.954 [main] wire - << " "session_revocation_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/revoke_session",[\n]" [DEBUG] 2021-03-31 06:25:32.954 [main] wire - << " "check_session_iframe" : "https://gluulan.solidex.minsk.by/oxauth/opiframe.htm",[\n]" [DEBUG] 2021-03-31 06:25:32.954 [main] wire - << " "scopes_supported" : [ "address", "openid", "clientinfo", "user_name", "profile", "uma_protection", "permission", "revoke_session", "oxtrust-api-write", "oxtrust-api-read", "https://gluulan.solidex.minsk.by/oxauth/restv1/uma/scopes/scim_access", "phone", "mobile_phone", "offline_access", "oxd", "super_gluu_ro_session", "email" ],[\n]" [DEBUG] 2021-03-31 06:25:32.954 [main] wire - << " "backchannel_logout_supported" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.955 [main] wire - << " "acr_values_supported" : [ "simple_password_auth", "casa", "u2f", "super_gluu", "fido2", "otp" ],[\n]" [DEBUG] 2021-03-31 06:25:32.955 [main] wire - << " "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],[\n]" [DEBUG] 2021-03-31 06:25:32.955 [main] wire - << " "device_authorization_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/device_authorization",[\n]" [DEBUG] 2021-03-31 06:25:32.955 [main] wire - << " "display_values_supported" : [ "page", "popup" ],[\n]" [DEBUG] 2021-03-31 06:25:32.955 [main] wire - << " "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],[\n]" [DEBUG] 2021-03-31 06:25:32.955 [main] wire - << " "claim_types_supported" : [ "normal" ],[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "end_session_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/end_session",[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "revocation_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/revoke",[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "backchannel_authentication_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/bc-authorize",[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "frontchannel_logout_supported" : true,[\n]" [DEBUG] 2021-03-31 06:25:32.956 [main] wire - << " "jwks_uri" : "https://gluulan.solidex.minsk.by/oxauth/restv1/jwks",[\n]" [DEBUG] 2021-03-31 06:25:32.957 [main] wire - << " "subject_types_supported" : [ "public", "pairwise" ],[\n]" [DEBUG] 2021-03-31 06:25:32.957 [main] wire - << " "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],[\n]" [DEBUG] 2021-03-31 06:25:32.957 [main] wire - << " "registration_endpoint" : "https://gluulan.solidex.minsk.by/oxauth/restv1/register",[\n]" [DEBUG] 2021-03-31 06:25:32.957 [main] wire - << " "id_token_token_binding_cnf_values_supported" : [ "tbh" ][\n]" [DEBUG] 2021-03-31 06:25:32.957 [main] wire - << "}[\n]" [DEBUG] 2021-03-31 06:25:32.957 [main] BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@213c3543 [DEBUG] 2021-03-31 06:25:32.958 [main] BasicClientConnectionManager - Connection can be kept alive for 5000 MILLISECONDS [DEBUG] 2021-03-31 06:25:32.972 [main] DefaultClientConnection - Connection 0.0.0.0:35742<->172.17.18.111:443 closed [INFO ] 2021-03-31 06:25:32.973 [main] ServerEntry - OpenID configuration service registration successful [INFO ] 2021-03-31 06:25:32.973 [main] ServerEntry - Registering cryptographic service [INFO ] 2021-03-31 06:25:33.074 [main] CryptoService - Auth signing keyId: 06e1074a-bf3c-494c-8069-a70cd7d07c8e_sig_rs512 [INFO ] 2021-03-31 06:25:33.230 [main] ServerEntry - Cryptographic service registration successful [INFO ] 2021-03-31 06:25:33.230 [main] ServerEntry - Starting radius server [DEBUG] 2021-03-31 06:25:33.234 [main] DurationUtil - LDAP operation: lookup, duration: PT0.001765S, dn: ou=oxradius,ou=configuration,o=gluu, attributes: [oxRadiusOpenidUsername, oxRadiusOpenIdBaseUrl, oxRadiusListenInterface, oxRadiusAuthenticationPort, oxRadiusAuthenticationTimeout, oxRadiusAccountingPort, oxRadiusAcrValue, oxRadiusOpenidPassword, oxRadiusAuthScope] [DEBUG] 2021-03-31 06:25:33.235 [main] BaseEntryManager - LdapProperty: acctPort, AttributeName: oxRadiusAccountingPort, AttributeValue: [1813] [DEBUG] 2021-03-31 06:25:33.235 [main] BaseEntryManager - LdapProperty: acrValue, AttributeName: oxRadiusAcrValue, AttributeValue: [super_gluu_ro] [DEBUG] 2021-03-31 06:25:33.235 [main] BaseEntryManager - LdapProperty: authPort, AttributeName: oxRadiusAuthenticationPort, AttributeValue: [1812] [DEBUG] 2021-03-31 06:25:33.235 [main] BaseEntryManager - LdapProperty: authenticationTimeout, AttributeName: oxRadiusAuthenticationTimeout, AttributeValue: [35000] [DEBUG] 2021-03-31 06:25:33.236 [main] BaseEntryManager - LdapProperty: listenInterface, AttributeName: oxRadiusListenInterface, AttributeValue: [0.0.0.0] [DEBUG] 2021-03-31 06:25:33.236 [main] BaseEntryManager - LdapProperty: openidBaseUrl, AttributeName: oxRadiusOpenIdBaseUrl, AttributeValue: [https://gluulan.solidex.minsk.by/] [DEBUG] 2021-03-31 06:25:33.236 [main] BaseEntryManager - LdapProperty: openidPassword, AttributeName: oxRadiusOpenidPassword, AttributeValue: [wZiEvuMzsiH/HTul58yVEQ==] [DEBUG] 2021-03-31 06:25:33.236 [main] BaseEntryManager - LdapProperty: openidUsername, AttributeName: oxRadiusOpenidUsername, AttributeValue: [1701.ac0d4ae8-93cb-447f-9944-e17b278848c2] [DEBUG] 2021-03-31 06:25:33.237 [main] BaseEntryManager - LdapProperty: scopes, AttributeName: oxRadiusAuthScope, AttributeValue: [inum=F0C4,ou=scopes,o=gluu, inum=63CD,ou=scopes,o=gluu] [DEBUG] 2021-03-31 06:25:33.241 [main] DurationUtil - LDAP operation: lookup, duration: PT0.001479S, dn: ou=oxradius,ou=configuration,o=gluu, attributes: [oxRadiusOpenidUsername, oxRadiusOpenIdBaseUrl, oxRadiusListenInterface, oxRadiusAuthenticationPort, oxRadiusAuthenticationTimeout, oxRadiusAccountingPort, oxRadiusAcrValue, oxRadiusOpenidPassword, oxRadiusAuthScope] [DEBUG] 2021-03-31 06:25:33.241 [main] BaseEntryManager - LdapProperty: acctPort, AttributeName: oxRadiusAccountingPort, AttributeValue: [1813] [DEBUG] 2021-03-31 06:25:33.242 [main] BaseEntryManager - LdapProperty: acrValue, AttributeName: oxRadiusAcrValue, AttributeValue: [super_gluu_ro] [DEBUG] 2021-03-31 06:25:33.242 [main] BaseEntryManager - LdapProperty: authPort, AttributeName: oxRadiusAuthenticationPort, AttributeValue: [1812] [DEBUG] 2021-03-31 06:25:33.242 [main] BaseEntryManager - LdapProperty: authenticationTimeout, AttributeName: oxRadiusAuthenticationTimeout, AttributeValue: [35000] [DEBUG] 2021-03-31 06:25:33.242 [main] BaseEntryManager - LdapProperty: listenInterface, AttributeName: oxRadiusListenInterface, AttributeValue: [0.0.0.0] [DEBUG] 2021-03-31 06:25:33.242 [main] BaseEntryManager - LdapProperty: openidBaseUrl, AttributeName: oxRadiusOpenIdBaseUrl, AttributeValue: [https://gluulan.solidex.minsk.by/] [DEBUG] 2021-03-31 06:25:33.243 [main] BaseEntryManager - LdapProperty: openidPassword, AttributeName: oxRadiusOpenidPassword, AttributeValue: [wZiEvuMzsiH/HTul58yVEQ==] [DEBUG] 2021-03-31 06:25:33.243 [main] BaseEntryManager - LdapProperty: openidUsername, AttributeName: oxRadiusOpenidUsername, AttributeValue: [1701.ac0d4ae8-93cb-447f-9944-e17b278848c2] [DEBUG] 2021-03-31 06:25:33.243 [main] BaseEntryManager - LdapProperty: scopes, AttributeName: oxRadiusAuthScope, AttributeValue: [inum=F0C4,ou=scopes,o=gluu, inum=63CD,ou=scopes,o=gluu] [DEBUG] 2021-03-31 06:25:33.246 [main] DurationUtil - LDAP operation: lookup, duration: PT0.001195S, dn: inum=F0C4,ou=scopes,o=gluu, attributes: [oxId, displayName] [DEBUG] 2021-03-31 06:25:33.246 [main] BaseEntryManager - LdapProperty: id, AttributeName: oxId, AttributeValue: [openid] [DEBUG] 2021-03-31 06:25:33.247 [main] DurationUtil - LDAP operation: lookup, duration: PT0.001034S, dn: inum=63CD,ou=scopes,o=gluu, attributes: [oxId, displayName] [DEBUG] 2021-03-31 06:25:33.248 [main] BaseEntryManager - LdapProperty: id, AttributeName: oxId, AttributeValue: [super_gluu_ro_session] [DEBUG] 2021-03-31 06:25:33.248 [main] BaseEntryManager - LdapProperty: name, AttributeName: displayName, AttributeValue: [super_gluu_ro_session] [INFO ] 2021-03-31 06:25:33.271 [Radius Auth Listener] RadiusServer - starting RadiusAuthListener on port 1812 [INFO ] 2021-03-31 06:25:33.272 [Radius Acct Listener] RadiusServer - starting RadiusAcctListener on port 1813 [INFO ] 2021-03-31 06:25:38.274 [main] ServerEntry - Radius server started [INFO ] 2021-03-31 06:25:38.275 [main] ServerEntry - Registering server shutdown hook [INFO ] 2021-03-31 06:25:38.280 [main] ServerEntry - Server shutdown hook registered [INFO ] 2021-03-31 06:25:38.280 [main] ServerEntry - Server initialization complete [DEBUG] 2021-03-31 06:25:38.280 [Thread-7] Runner - Performing background operations [DEBUG] 2021-03-31 06:25:38.285 [Thread-7] BasicClientConnectionManager - Get connection for route {s}->https://gluulan.solidex.minsk.by:443 [DEBUG] 2021-03-31 06:25:38.286 [Thread-7] DefaultClientConnectionOperator - Connecting to gluulan.solidex.minsk.by:443 [DEBUG] 2021-03-31 06:25:38.341 [Thread-7] RequestAddCookies - CookieSpec selected: default [DEBUG] 2021-03-31 06:25:38.342 [Thread-7] RequestAuthCache - Auth cache not set in the context [DEBUG] 2021-03-31 06:25:38.342 [Thread-7] RequestTargetAuthentication - Target auth state: UNCHALLENGED [DEBUG] 2021-03-31 06:25:38.342 [Thread-7] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED [DEBUG] 2021-03-31 06:25:38.342 [Thread-7] DefaultHttpClient - Attempt 1 to execute request [DEBUG] 2021-03-31 06:25:38.342 [Thread-7] DefaultClientConnection - Sending request: GET /oxauth/restv1/jwks HTTP/1.1 [DEBUG] 2021-03-31 06:25:38.342 [Thread-7] wire - >> "GET /oxauth/restv1/jwks HTTP/1.1[\r][\n]" [DEBUG] 2021-03-31 06:25:38.343 [Thread-7] wire - >> "Accept: application/json[\r][\n]" [DEBUG] 2021-03-31 06:25:38.343 [Thread-7] wire - >> "Host: gluulan.solidex.minsk.by[\r][\n]" [DEBUG] 2021-03-31 06:25:38.343 [Thread-7] wire - >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-31 06:25:38.343 [Thread-7] wire - >> "User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8)[\r][\n]" [DEBUG] 2021-03-31 06:25:38.344 [Thread-7] wire - >> "[\r][\n]" [DEBUG] 2021-03-31 06:25:38.344 [Thread-7] headers - >> GET /oxauth/restv1/jwks HTTP/1.1 [DEBUG] 2021-03-31 06:25:38.344 [Thread-7] headers - >> Accept: application/json [DEBUG] 2021-03-31 06:25:38.344 [Thread-7] headers - >> Host: gluulan.solidex.minsk.by [DEBUG] 2021-03-31 06:25:38.344 [Thread-7] headers - >> Connection: Keep-Alive [DEBUG] 2021-03-31 06:25:38.344 [Thread-7] headers - >> User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8) [DEBUG] 2021-03-31 06:25:38.349 [Thread-7] wire - << "HTTP/1.1 200 OK[\r][\n]" [DEBUG] 2021-03-31 06:25:38.349 [Thread-7] wire - << "Date: Wed, 31 Mar 2021 06:25:38 GMT[\r][\n]" [DEBUG] 2021-03-31 06:25:38.349 [Thread-7] wire - << "Server: Apache/2.4.29 (Ubuntu)[\r][\n]" [DEBUG] 2021-03-31 06:25:38.349 [Thread-7] wire - << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2021-03-31 06:25:38.350 [Thread-7] wire - << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2021-03-31 06:25:38.350 [Thread-7] wire - << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2021-03-31 06:25:38.350 [Thread-7] wire - << "Content-Type: application/json[\r][\n]" [DEBUG] 2021-03-31 06:25:38.350 [Thread-7] wire - << "Keep-Alive: timeout=5, max=100[\r][\n]" [DEBUG] 2021-03-31 06:25:38.350 [Thread-7] wire - << "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-31 06:25:38.350 [Thread-7] wire - << "Transfer-Encoding: chunked[\r][\n]" [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] wire - << "[\r][\n]" [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] DefaultClientConnection - Receiving response: HTTP/1.1 200 OK [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] headers - << HTTP/1.1 200 OK [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] headers - << Date: Wed, 31 Mar 2021 06:25:38 GMT [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] headers - << Server: Apache/2.4.29 (Ubuntu) [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] headers - << X-Xss-Protection: 1; mode=block [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] headers - << X-Content-Type-Options: nosniff [DEBUG] 2021-03-31 06:25:38.351 [Thread-7] headers - << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2021-03-31 06:25:38.352 [Thread-7] headers - << Content-Type: application/json [DEBUG] 2021-03-31 06:25:38.352 [Thread-7] headers - << Keep-Alive: timeout=5, max=100 [DEBUG] 2021-03-31 06:25:38.352 [Thread-7] headers - << Connection: Keep-Alive [DEBUG] 2021-03-31 06:25:38.352 [Thread-7] headers - << Transfer-Encoding: chunked [DEBUG] 2021-03-31 06:25:38.354 [Thread-7] DefaultHttpClient - Connection can be kept alive for 5000 MILLISECONDS [DEBUG] 2021-03-31 06:25:38.356 [Thread-7] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2021-03-31 06:25:38.356 [Thread-7] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2021-03-31 06:25:38.356 [Thread-7] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2021-03-31 06:25:38.356 [Thread-7] wire - << "2000[\r][\n]" [DEBUG] 2021-03-31 06:25:38.357 [Thread-7] wire - << "{[\n]" [DEBUG] 2021-03-31 06:25:38.357 [Thread-7] wire - << " "keys" : [ {[\n]" [DEBUG] 2021-03-31 06:25:38.357 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.357 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.357 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.357 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.358 [Thread-7] wire - << " "kid" : "7d29bbfd-43f3-456d-b2bb-f2992c722d48_sig_rs256",[\n]" [DEBUG] 2021-03-31 06:25:38.358 [Thread-7] wire - << " "x5c" : [ "MIIDBDCCAeygAwIBAgIhAMGZhDnx1d/IZ9CsLRY/KQ7B/anbsyDaB184x10MCV+NMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjEwMzI3MDgzMTM4WhcNMjEwMzI5MDgzMTQ3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WdaTh8YoJ4CO9ilFX2f4UOmvz4lnHGKaQjk1/QyUDsPFcNvFvBVnQEJGVICxS2selrQywrNPTaeUrGATIPP65kc0tLGW2R+8FVcdn5+WxHMJBVLXJ1u7Vx5cYxq5dla2Ge2Yn7L7+glpUtX+mrbNQDq0UzWpHT900mmS7jqHvKliSzpK8kYjrNS1WM346031GfNZE+keV4vsrOrodyjfgWvl+CcLnavjLFMug5ipr9nVry8zKXBQ4a1c3QoGELobLmTeKVMSIdVm0GVRCwUPkHSM3YXxavN1p9sinnwwE+vAZD1K1LS8yWjxVeDcqCbGGI8leSLjtkdfG+bNmW90wIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAJ2NPoskvZNm78Romr69oByOzozc08XGGT7sgOkXxj5MPmMRDXoRyp6Cj6Keg+P67JZmY4GmPk+lk+8QGDfI0AMmQLOmkJCsR/N8iYwLGtp1UkggHdylgD/r1rdBsOsjFp0YQ0W8Ui0nTj+i04rPFdRiqLCaf7Jhkvrf+WYlkhug0FaNRLOm7kW7a6uwd/OGZYyGD96B26T6ceXEOHGDz3UvXytzsyDNi507Q0zWggU6jLYsRpdaLtFKJ9V5IMHFCBkSHJ0TNGl4/mykTkqQApXjMFw6WZze8C9zeYvN8UXN149JcOZxGPIOCDdzN3KP1avIqLlzt74w6Jzb5SJYq2A=" ],[\n]" [DEBUG] 2021-03-31 06:25:38.358 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.358 [Thread-7] wire - << " "alg" : "RS256",[\n]" [DEBUG] 2021-03-31 06:25:38.358 [Thread-7] wire - << " "n" : "4WdaTh8YoJ4CO9ilFX2f4UOmvz4lnHGKaQjk1_QyUDsPFcNvFvBVnQEJGVICxS2selrQywrNPTaeUrGATIPP65kc0tLGW2R-8FVcdn5-WxHMJBVLXJ1u7Vx5cYxq5dla2Ge2Yn7L7-glpUtX-mrbNQDq0UzWpHT900mmS7jqHvKliSzpK8kYjrNS1WM346031GfNZE-keV4vsrOrodyjfgWvl-CcLnavjLFMug5ipr9nVry8zKXBQ4a1c3QoGELobLmTeKVMSIdVm0GVRCwUPkHSM3YXxavN1p9sinnwwE-vAZD1K1LS8yWjxVeDcqCbGGI8leSLjtkdfG-bNmW90w"[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " "kid" : "8dd6fec5-dc30-426f-8e8b-327fbd3fdedb_sig_rs384",[\n]" [DEBUG] 2021-03-31 06:25:38.359 [Thread-7] wire - << " "x5c" : [ "MIIDBDCCAeygAwIBAgIhAMATNDzfg3EigNJnZjoIyYxOnkZoLCCA58/WEb6ApmAjMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjEwMzI3MDgzMTQwWhcNMjEwMzI5MDgzMTQ3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OPd+haT24Xp1XucQtdTqFUQJPD4jAr7Du+Z/PmkrfKRZ25pkysXKPqVHpbRTf6ncYFPnT7adU/y29HpD6RKJV3ZvwzpaA5hdFBGbZsI3u4wWm4AjzIfYJ5acfHVeXpcZtFQ3+WwYSHkkjKrgITDCfDEgJb/a3pAB3jHnF+P2mxKLy2lOx0JsIo4anXanOJL7sAs/LRXF1aKWnSPYTVT8Gj96BneFLyRrVtJbJIFYduzjn/D7PrIaFyh15wa53FT1E4RX21V8Ch9YH45voMoS8kFabEJjUs0F8HYJ7oUbop2F0SYZN8EbdWW9JYcXs8o58dqcR9ARXjREFw0Spk+wwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAM9HYtHsu7EBuX2tXSgBSqECqYBSM15ND/aDbkmpLoJFSEiLVLXCDd+Y3Zo3AWbmQ63xOHp49TywlpTYmiJIUO+7NEJ1SPQhauknD83/WxUhE3/5JcBdFJLz+haKqql/d3E8ZE4j7hmjez4I6+BwJbPdTTVaiMS2biBVt6qkdI3+7maN9ID+WDkutikhYcaDhMYwJxfsVk0b6pyri77axK/1B/harwakOFXdTlfQtAK86mnkN6bvyvDQl3ZjDsfCgTIWaPDU5kOFnSll0pyRkOWywHVftueLVlH9Maagmvefg+SlSkBzgoKSwQdGsxgyk68rJUUOgo4UXsT1pziK6TM=" ],[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " "alg" : "RS384",[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " "n" : "0OPd-haT24Xp1XucQtdTqFUQJPD4jAr7Du-Z_PmkrfKRZ25pkysXKPqVHpbRTf6ncYFPnT7adU_y29HpD6RKJV3ZvwzpaA5hdFBGbZsI3u4wWm4AjzIfYJ5acfHVeXpcZtFQ3-WwYSHkkjKrgITDCfDEgJb_a3pAB3jHnF-P2mxKLy2lOx0JsIo4anXanOJL7sAs_LRXF1aKWnSPYTVT8Gj96BneFLyRrVtJbJIFYduzjn_D7PrIaFyh15wa53FT1E4RX21V8Ch9YH45voMoS8kFabEJjUs0F8HYJ7oUbop2F0SYZN8EbdWW9JYcXs8o58dqcR9ARXjREFw0Spk-ww"[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.360 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.361 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.361 [Thread-7] wire - << " "kid" : "bb19132c-27e6-4870-953d-a8745f236537_sig_rs512",[\n]" [DEBUG] 2021-03-31 06:25:38.361 [Thread-7] wire - << " "x5c" : [ "MIIDAzCCAeugAwIBAgIgFoUEzq5w5tMd2piK+gdioneHKl7pb7dAQw68F1UyF7cwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMTAzMjcwODMxNDBaFw0yMTAzMjkwODMxNDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfUjpA2SPMO9mRk/qAYpIFVBDXHWrX1gtUAVpS20ayE6WCWB1XKT2eUTq9ygkCz6v0UBTmblM3u6s9a++QBVhIyoqERmNv0KjP3nXJ+XEXN7h2ZELkOV7fGGSJMqNOEYdw3bcg82rgHCukaeyV3JhD9VS+FmUvrjPiAxcdqkOcgu8GxMyHYUhMVtvmXkFVxqkskA+3XzINiJuJdUO1Z+899HanKb073/+taIwrupitDeJ+WTfR1zrUG17Q4FMHuTE3R/Infw1djjlbU9fBAtpbfFHr/XE/nh/UwHofY4Gxj9lCWbhzQVFTmP5JJwJxmbdj/Er9vKaJsu9I7Dw2qJXlAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAdOzV5BihscsP7jszkRPX0Ty2HvZjjPxPn/qMMczF6vTWOQujlqE85/PHEARNkGSeSFYUNX9aLl+EePgz9P+HVoTvWMRbbgUcxyqC8fAS2YrDParYT7vNUgFwm130gxPFyasHLK9RMxl9cwdDVwv1sa2J2bxUQxDaRAYJX+NAJdp22BUd/hh/09ih3tpta9FXLR2Anf7tzQKb7SCineOzfrVrnNTeZPTqkmAMDpRSj0W+uIprpaGBbxn2si/2784d5L+WI4ueVzcVkY/AzAfZLfFjfCz6GWIBd1OKfzw4qrp2+FgnoOPYnQT/sI51+O3JYC8m/iXPmN6Ouj4dxSZIWQ==" ],[\n]" [DEBUG] 2021-03-31 06:25:38.361 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.361 [Thread-7] wire - << " "alg" : "RS512",[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "n" : "n1I6QNkjzDvZkZP6gGKSBVQQ1x1q19YLVAFaUttGshOlglgdVyk9nlE6vcoJAs-r9FAU5m5TN7urPWvvkAVYSMqKhEZjb9Coz951yflxFze4dmRC5Dle3xhkiTKjThGHcN23IPNq4BwrpGnsldyYQ_VUvhZlL64z4gMXHapDnILvBsTMh2FITFbb5l5BVcapLJAPt18yDYibiXVDtWfvPfR2pym9O9__rWiMK7qYrQ3iflk30dc61Bte0OBTB7kxN0fyJ38NXY45W1PXwQLaW3xR6_1xP54f1MB6H2OBsY_ZQlm4c0FRU5j-SScCcZm3Y_xK_bymibLvSOw8NqiV5Q"[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "kty" : "EC",[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "crv" : "P-256",[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "kid" : "b30f72db-838d-4352-95ff-c919208b8dc9_sig_es256",[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "x5c" : [ "MIIBdzCCAR6gAwIBAgIhALliJy7subXjbYzaWvuO0MVPYtfWxMWTwU97kS9/qz5aMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjEwMzI3MDgzMTQwWhcNMjEwMzI5MDgzMTQ3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGqnt1KUZC5NDulEQyYlt6VzYn7tQUodbCVHrtyyIu5jtsEexDOx0R9u0vdStaJKZHEXdX49iiT43ghnTo65UuqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0cAMEQCIAHeTFpQPRxlcoSuculkUUbqpt2ZxLDr+9gX+x6VPWljAiAFXlUjiHdbVbFClwSaTcLzXK/AbRSO2IYLHz5kuc5hKg==" ],[\n]" [DEBUG] 2021-03-31 06:25:38.362 [Thread-7] wire - << " "x" : "Gqnt1KUZC5NDulEQyYlt6VzYn7tQUodbCVHrtyyIu5g",[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "y" : "AO2wR7EM7HRH27S91K1okpkcRd1fj2KJPjeCGdOjrlS6",[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "alg" : "ES256"[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "kty" : "EC",[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "crv" : "P-384",[\n]" [DEBUG] 2021-03-31 06:25:38.363 [Thread-7] wire - << " "kid" : "435542c3-f97e-46e2-b4b4-b3c6ae971615_sig_es384",[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " "x5c" : [ "MIIBtDCCATqgAwIBAgIgOinji3kjweA7n38PcBNVoGvi9ePlLYfUPVWPkO3MT5IwCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMTAzMjcwODMxNDBaFw0yMTAzMjkwODMxNDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARsy8TkiKUiFXjovxlFApdNRzW/e1BRcjztD5fof52CXWGv/1aXKUMw7Y1FpRKY01ADZ8rRMhLHIuFPuvVCCEDcaN4m9g8ViQ/Owfuc/YXwRgD5P4TgaUmOBENHB5H3f8ujJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjEAlirS4RSorG7ATiY+FGQRH11eQVdg9WNbjJ4mvot9O+8wkCPR5SOIWFwUkVNwstP0AjA6cCfkKzm8HeYVwbN9QfKwjvAL+Q8nVYnsxcIg64rp1LskqdB1COcWQXzSR88QwW0=" ],[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " "x" : "bMvE5IilIhV46L8ZRQKXTUc1v3tQUXI87Q-X6H-dgl1hr_9WlylDMO2NRaUSmNNQ",[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " "y" : "A2fK0TISxyLhT7r1QghA3GjeJvYPFYkPzsH7nP2F8EYA-T-E4GlJjgRDRweR93_L",[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " "alg" : "ES384"[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.364 [Thread-7] wire - << " "kty" : "EC",[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "crv" : "P-521",[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "kid" : "3cc0b88e-d6da-40ef-9421-428a6c951c86_sig_es512",[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "x5c" : [ "MIIB/jCCAWCgAwIBAgIgJXHF3Bt4rnSBAaWW6004eOK93rF2T9vApsOv36KvlBYwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMTAzMjcwODMxNDBaFw0yMTAzMjkwODMxNDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFi2bSkrO+ySitwL2aQdaQ7687Fnlgxg9fh3fNvdf7eampyXkgIF9pT+ovTd/kFOzTrGehJu4Oah18rK3QHbUVdtwFKePO17Vt4Uz7PSR3oH+wB8Ga5QMD64tT1WfvGvO3pDjyuVc29w+xJRHXvl6rAnv5aM3xbasDe5pNv1Y9i84+B+KMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJCAJs7NyX/vnrlGLOInxMvozfvKGYdAXPBMDxuHMssk0GS8pNTMnZRap3NcLGAGdOA6UyaPvp2/dAtvPiyFLPhBul6AkFrEeF48Bd+V0fUff3kLooQOaLuPwNaw0gqxE5BubdkDqXPTKddzyc6wGYlRMfyDPs9Nwe6l7mpvxC1rdC48302iA==" ],[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "x" : "AWLZtKSs77JKK3AvZpB1pDvrzsWeWDGD1-Hd8291_t5qanJeSAgX2lP6i9N3-QU7NOsZ6Em7g5qHXysrdAdtRV23",[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "y" : "AUp487XtW3hTPs9JHegf7AHwZrlAwPri1PVZ-8a87ekOPK5Vzb3D7ElEde-XqsCe_lozfFtqwN7mk2_Vj2Lzj4H4",[\n]" [DEBUG] 2021-03-31 06:25:38.365 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "alg" : "ES512"[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "kid" : "46c4d626-aefc-4fbd-a878-8991868eceeb_sig_ps256",[\n]" [DEBUG] 2021-03-31 06:25:38.366 [Thread-7] wire - << " "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAJF1Gdp/tuV0ZgLTOp4Adht1oU9OUapEnRJEMXlDiI6uMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQCh" [DEBUG] 2021-03-31 06:25:38.367 [Thread-7] wire - << "HDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIxMDMyNzA4MzE0MVoXDTIxMDMyOTA4MzE0N1owITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw2z5kA/5jIcGNcHlGj63sf9IosKObLo92TWNmZYVtU6K1BCqg9c" [DEBUG] 2021-03-31 06:25:38.367 [Thread-7] wire - << "[\r][\n]" [DEBUG] 2021-03-31 06:25:38.367 [Thread-7] wire - << "1ece[\r][\n]" [DEBUG] 2021-03-31 06:25:38.368 [Thread-7] wire - << "ge3bnUoKMbyMv2mJdx+sejNU9TeCM+epyToRlHUilM4Zl3nE/Q4tyRW5y0WA2QX9bQaI477s6xunqIEU2e7q6t968wiG03AesVrL7lqI08V07oWGTbqXjdfbrtVK+TMmcPUHiRLrGxdzGGbY+s0ez4ZJh0pm3UYIM5Mej9BFZEjuk1UpzQo7wK9pmmh8HMKWmmgRBkooTNfOw/ySiuV1yStLZgjRwxZFRtgxiejgPsYGH+XL77Wx9qYylL76ZL4pqdbdxEGFG8wzRSTYiMzYov3oR+8N1f4PQECAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEAY6o3/JNZBJYvuA832igs2U/mCjwqif+SuZLKbJS26tgUFXr1jsIqvdM4Zp57giNMMn1+WmyBTg0BxXKRANixQfmjUUWGD65gYXYkrx90PtPCbtkzh9MQnylOxeTS+D3QeHz/e0G0eq4d5eAGiDWs4deNCT4APhWkRAE0ugZJVwwibwpwGQwPjHWQQ1fODUJFYuTsadjMWtgUkieNPD2SgzBa2yjYfQZ3NDobR0LK1ljDQJcBlFgaVhFhA4///tRBimeq7Z7ihpsCmX8YhZ7hbsGGEcX5oVYVmbXVEYz/sR2jXQKfZ2CsvAtxtr1m56xGbIj6BW2KgS72zxiYTFEDMA==" ],[\n]" [DEBUG] 2021-03-31 06:25:38.368 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.368 [Thread-7] wire - << " "alg" : "PS256",[\n]" [DEBUG] 2021-03-31 06:25:38.368 [Thread-7] wire - << " "n" : "vDbPmQD_mMhwY1weUaPrex_0iiwo5suj3ZNY2ZlhW1TorUEKqD1yB7dudSgoxvIy_aYl3H6x6M1T1N4Iz56nJOhGUdSKUzhmXecT9Di3JFbnLRYDZBf1tBojjvuzrG6eogRTZ7urq33rzCIbTcB6xWsvuWojTxXTuhYZNupeN19uu1Ur5MyZw9QeJEusbF3MYZtj6zR7PhkmHSmbdRggzkx6P0EVkSO6TVSnNCjvAr2maaHwcwpaaaBEGSihM187D_JKK5XXJK0tmCNHDFkVG2DGJ6OA-xgYf5cvvtbH2pjKUvvpkvimp1t3EQYUbzDNFJNiIzNii_ehH7w3V_g9AQ"[\n]" [DEBUG] 2021-03-31 06:25:38.369 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.369 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.369 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.369 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.369 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.369 [Thread-7] wire - << " "kid" : "abdb5108-d58d-4884-847e-02effc9b1592_sig_ps384",[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "x5c" : [ "MIIDazCCAh+gAwIBAgIgCdGMYfd9EaLkMV/0pGojvqNPmoOt01FNg0B6muW67GMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjEwMzI3MDgzMTQxWhcNMjEwMzI5MDgzMTQ3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRmnvl9u7g+x/DS6vlXiS7fCHTwaCGeOyMYg9dHrLoU8J88mLKqxj+/idoamJ4EBHopwALAWAzGfcvGzhmrKx4m+QD2wq5aOf0gN9nCODsyB6XyKfFORGsE1hgh9BNSdLvCtY+qGuLARWoGacdtMFA6tGTxTHL2p3i8dAxDPBzuPJL47QuOFWT945JhYItiANiDNIoNjHYLzx25t/QW1u2vosXvsgpKQ8c0Fs6XyzsOfrPCymRy+tjK+p8ZLFjJOaacY4X+n8+88WH8RQ3HaAnSEzSelk6LysXyucuKfO4QOV4QGmY/9lsjvzYuIIL8V4Ju+tasxGKjsRZMlbF7p/wIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwA4IBAQClw0iBHxs7xmMeBWQJCogaTBoTuiDYkugZlczBDLweDsS5jZ2jCVQVIpOt9YYe12hXgIRVMI1C7ZSMzuFVZcYzxtxXvFRLvm3V6J3Ms6ruWsJYtoplrfq7Ziw9UwBKC2krZ2dEfsIJ8sz/Dmm3SKUPNnNKjM3Ws/rmK/arCuBqegXoOqDE8PFfWhSX2JsQiwwiut1ksDF5EOKIPDq9BgoqfUmHmyZe/hoSr1jC1nc7kuA9l/dVukI1BSZ2Oc/7SiALnkK6T5bhx5IPaBBXTS2ZQ/ERRlIPbrGMXJv6BSYUIauvSpwM2wvcVKOsA0k5+jhvDw9HrifXupm6UN4DTFLZ" ],[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "alg" : "PS384",[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "n" : "sRmnvl9u7g-x_DS6vlXiS7fCHTwaCGeOyMYg9dHrLoU8J88mLKqxj-_idoamJ4EBHopwALAWAzGfcvGzhmrKx4m-QD2wq5aOf0gN9nCODsyB6XyKfFORGsE1hgh9BNSdLvCtY-qGuLARWoGacdtMFA6tGTxTHL2p3i8dAxDPBzuPJL47QuOFWT945JhYItiANiDNIoNjHYLzx25t_QW1u2vosXvsgpKQ8c0Fs6XyzsOfrPCymRy-tjK-p8ZLFjJOaacY4X-n8-88WH8RQ3HaAnSEzSelk6LysXyucuKfO4QOV4QGmY_9lsjvzYuIIL8V4Ju-tasxGKjsRZMlbF7p_w"[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.370 [Thread-7] wire - << " "use" : "sig",[\n]" [DEBUG] 2021-03-31 06:25:38.371 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.371 [Thread-7] wire - << " "kid" : "f36ed121-5aa5-461d-8d68-935b2c700dac_sig_ps512",[\n]" [DEBUG] 2021-03-31 06:25:38.371 [Thread-7] wire - << " "x5c" : [ "MIIDazCCAh+gAwIBAgIgX1AOD1lZP2OVM43LaJK3bqVrARJEq1ftpOlYJmFTojAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjEwMzI3MDgzMTQyWhcNMjEwMzI5MDgzMTQ3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE+zRAc8k9hCHrVw8h6yx2Kf1B6nuCM4uQKTyQNVGAxK2l39gvFtuztjjzQ8PqPUjlmabTZ9c8QstywzE3itzGoI2n65kxDiono2Syel7icWk7qSy5ILHUoBTPV98GsHMtQ1jy3GIRVGitWDpTNlggYoGcK87LZ+9RRRpY+4mYDtz71eGDWgRtd2mDtq6svaOeRh8CRlIJbZZPVGhZ/UBn1uEJHFO0HRyLBFKZb1A031M+wFm25oakNxlkNzSoRrU5zCyEcV8kh1iI4EgYURZYkGGRewE3eBOV8YstV1qa2N53ULUxLGEZXVmWQr0k7opFXIh+3AGUC+hujPuwHRZwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAA4IBAQBR3rAO0ZAzVgHlfnEPVXo2TgPqFJ0h+0NWonrnPIrA0xYRlQCd2G9gDz09C8+3vWqSHvttE7Zza4IEB3mJNWHc3IPSXM/NrR8Y9++2Y2GT68GkQUSpdsHqlaj9ORHRW7Efc3F+HkhaDm1NWpP/yphovZ7EzAISdQQkiG1+5Rt1l3Skb1sczITkrpWEy0wuk56CuRIw3DUukstzULs05MvXDveNhmz/nBFAWZ+Eu2nK+VJoFgm3+Zx5ia/vUshg07o8/vocQafYwCzONaPl8FZWk2K2RWjv1pct6A+IMvnDEocVtkDBB5SBla7jfe+OkxGizduFDhyL6sp4N1iCKEnH" ],[\n]" [DEBUG] 2021-03-31 06:25:38.371 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.371 [Thread-7] wire - << " "alg" : "PS512",[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " "n" : "rE-zRAc8k9hCHrVw8h6yx2Kf1B6nuCM4uQKTyQNVGAxK2l39gvFtuztjjzQ8PqPUjlmabTZ9c8QstywzE3itzGoI2n65kxDiono2Syel7icWk7qSy5ILHUoBTPV98GsHMtQ1jy3GIRVGitWDpTNlggYoGcK87LZ-9RRRpY-4mYDtz71eGDWgRtd2mDtq6svaOeRh8CRlIJbZZPVGhZ_UBn1uEJHFO0HRyLBFKZb1A031M-wFm25oakNxlkNzSoRrU5zCyEcV8kh1iI4EgYURZYkGGRewE3eBOV8YstV1qa2N53ULUxLGEZXVmWQr0k7opFXIh-3AGUC-hujPuwHRZw"[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " "use" : "enc",[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.372 [Thread-7] wire - << " "kid" : "68b7f46e-7346-4d1f-9144-4bf20e45e8ba_enc_rsa1_5",[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "x5c" : [ "MIIDAzCCAeugAwIBAgIgTVt0LmSlVb4DW95qoLAQOLjyI0+ObBIyMF3+5yVgUSIwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMTAzMjcwODMxNDJaFw0yMTAzMjkwODMxNDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6dIhq4IuHnry6QUdS2zqGAxYZ5wDaB922e0U/xp54haYOj+J5htfVsV4+X1nSMJrt+kmQUdyz7A3UXFKKhW5DbgQjZxgpqPnfs0ukPNhx54kbBd+WtEiqe4+FNrjSHitR7qLcBmKP/rSjfKgzKIzmQGHABULDv76ocNgr3QH6l2LDLgAv/vYVyZzdMvzEiy+urxEuFDZe7Xwx91VVBUi4J4ftYwfIZ0BBPttK7OY1FrWor6fVmMQRuvtdaAUHb0vKZv377QRCFGAIcpAeOsb0e3FQ2KjA5SoWKmxi+/QU6bS8rVlZKjKVXFJyf+fDCrdZT+Pp6fzqheZkhzgu6EF7AgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAcs5IsZbWgFLV0byrXSksq/qcyMCN1rAooPWnuszS7lwThEp4N6myTrwx2mprpsYby45lFgnmMG8tNSFzlND09bPxhkrOdLu7fmEBcydX0qEAlkwdxrPQF2SRZUZyn24ps4B6IgcbPLCFMJfUFM+U+p3UNdetqhEIxFtTbVZI0gyHT35iqQlVBzrmiPuFwXWUqTqDZwfQA1JSmIUqfXB9v90nRbWIvI05g2ccEiInuw96XSJ+hTPjFzcheAggANRCygwFtFqUuBtBYbzA6yUilsTTy/RLJuGE76gK1qdpK5bVbyyatKJVyHMB1D1qcoYoqlNRwI+6QJpUYwQZHtAd7g==" ],[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "alg" : "RSA1_5",[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "n" : "-nSIauCLh568ukFHUts6hgMWGecA2gfdtntFP8aeeIWmDo_ieYbX1bFePl9Z0jCa7fpJkFHcs-wN1FxSioVuQ24EI2cYKaj537NLpDzYceeJGwXflrRIqnuPhTa40h4rUe6i3AZij_60o3yoMyiM5kBhwAVCw7--qHDYK90B-pdiwy4AL_72Fcmc3TL8xIsvrq8RLhQ2Xu18MfdVVQVIuCeH7WMHyGdAQT7bSuzmNRa1qK-n1ZjEEbr7XWgFB29Lymb9--0EQhRgCHKQHjrG9HtxUNiowOUqFipsYvv0FOm0vK1ZWSoylVxScn_nwwq3WU_j6en86oXmZIc4LuhBew"[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " }, {[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "kty" : "RSA",[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "e" : "AQAB",[\n]" [DEBUG] 2021-03-31 06:25:38.373 [Thread-7] wire - << " "use" : "enc",[\n]" [DEBUG] 2021-03-31 06:25:38.374 [Thread-7] wire - << " "crv" : "",[\n]" [DEBUG] 2021-03-31 06:25:38.374 [Thread-7] wire - << " "kid" : "caeb1338-54a0-46a4-87e8-218c4655b009_enc_rsa-oaep",[\n]" [DEBUG] 2021-03-31 06:25:38.374 [Thread-7] wire - << " "x5c" : [ "MIIDAzCCAeugAwIBAgIgU81B2Qoz/ZplAqDVXo/qJjk9AGMcUP+AzmJxVLV04fowDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMTAzMjcwODMxNDNaFw0yMTAzMjkwODMxNDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCef3jNlyQGHuFrorFw+I0r0liDVH9CdHiy0TUEfrrcBAQoUH+2Nl1r+4ZwmGaMuBb/0Aha+RsBXfXXL+BgV1TgtuB2Xu+uaLLX3Eh6VtdqnQ3uft8vfTLcoQn4ibcVDu5rZeiRoO1kAQhSaTAxhhI2nkQdtQRdnL95HNBeGDEfmkMZH/gqRFDmxneahU+wF9k6Ca4F5kpdRPRU0FIKmcgM2vnpP53nN9flMjpQsxo609P6xj7Mt88FGd1KvMcLx3yyHplsp+fSGpMnT9YletFAHN/fkWgp1CwEAlp6P5UI2tCK2h0+xZxh8qiwOLkzkAkIxj/E+LLKHcN0KbLzzglnAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAOnWuvTngaH8om/9ExLqC2Cya3ip7QnGm+u//BHYw76/mDEkug2Arpo7Tbb3DUJgYtD+mNW/poW8QeQOt7sD0csYZDVFHpxRl6wmOfK1Sy4DJiBFt0qm9qs0qsgURSxn0nIzmUfD3HyWDJc6Qp0NokRSOynmikbAgL/3M4tSVMdbaww+jT2aQmLAaHNtQNXl1+joLmFwcOlUOY6suTLpYaxp3rnfDAJrP0poYCMy6+zgu9atMvYSu34Ut6TO/hGYU0RmMfCSUOcsK0QlUEWj2p+gPGJVqJhvVN0HC9xqUSJCidhOrurHzYMpD5NAGt2itZXoJE8fUDqcnQBhUmIcNFQ==" ],[\n]" [DEBUG] 2021-03-31 06:25:38.374 [Thread-7] wire - << " "exp" : 1617006707931,[\n]" [DEBUG] 2021-03-31 06:25:38.374 [Thread-7] wire - << " "alg" : "RSA-OAEP",[\n]" [DEBUG] 2021-03-31 06:25:38.374 [Thread-7] wire - << " "n" : "nn94zZckBh7ha6KxcPiNK9JYg1R_QnR4stE1BH663AQEKFB_tjZda_uGcJhmjLgW_9AIWvkbAV311y_gYFdU4Lbgdl7vrmiy19xIelbXap0N7n7fL30y3KEJ-Im3FQ7ua2XokaDtZAEIUmkwMYYSNp5EHbUEXZy_eRzQXhgxH5pDGR_4KkRQ5sZ3moVP" [DEBUG] 2021-03-31 06:25:38.375 [Thread-7] wire - << "sBfZOgmuBeZKXUT0VNBSCpnIDNr56T-d5zfX5TI6ULMaOtPT-sY-zLfPBRndSrzHC8d8sh6ZbKfn0hqTJ0_WJXrRQBzf35FoKdQsBAJaej-VCNrQitodPsWcYfKosDi5M5AJCMY_xPiyyh3DdCmy884JZw"[\n]" [DEBUG] 2021-03-31 06:25:38.375 [Thread-7] wire - << " } ][\n]" [DEBUG] 2021-03-31 06:25:38.375 [Thread-7] wire - << "}" [DEBUG] 2021-03-31 06:25:38.375 [Thread-7] wire - << "[\r][\n]" [DEBUG] 2021-03-31 06:25:38.375 [Thread-7] wire - << "0[\r][\n]" [DEBUG] 2021-03-31 06:25:38.376 [Thread-7] wire - << "[\r][\n]" [DEBUG] 2021-03-31 06:25:38.376 [Thread-7] BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@6949e15c [DEBUG] 2021-03-31 06:25:38.376 [Thread-7] BasicClientConnectionManager - Connection can be kept alive for 5000 MILLISECONDS [DEBUG] 2021-03-31 06:25:38.382 [Thread-7] DefaultClientConnection - Connection 0.0.0.0:35748<->172.17.18.111:443 closed [DEBUG] 2021-03-31 06:25:38.382 [Thread-7] Runner - Background operations complete [DEBUG] 2021-03-31 06:25:40.383 [Thread-7] Runner - Performing background operations [DEBUG] 2021-03-31 06:25:40.383 [Thread-7] Runner - Background operations complete [DEBUG] 2021-03-31 06:25:42.383 [Thread-7] Runner - Performing background operations [DEBUG] 2021-03-31 06:25:42.383 [Thread-7] Runner - Background operations complete [DEBUG] 2021-03-31 06:25:44.384 [Thread-7] Runner - Performing background operations [DEBUG] 2021-03-31 06:25:44.385 [Thread-7] Runner - Background operations complete [DEBUG] 2021-03-31 06:25:44.553 [Radius Auth Listener] RadiusServer - receive buffer size = 106496 [DEBUG] 2021-03-31 06:25:44.585 [Radius Auth Listener] DurationUtil - LDAP operation: search, duration: PT0.009857S, dn: ou=radius_clients,o=gluu, filter: (&(&(objectClass=oxRadiusClient))(oxRadiusClientIpAddress=*)), scope: SUB, batchOperationWraper: org.gluu.persist.ldap.impl.LdapBatchOperationWraper@55a7be0e, start: 0, searchLimit: 0, count: 0, controls: null, attributes: [oxRadiusClientSortPriority, oxRadiusClientIpAddress, oxRadiusClientSecret, inum, oxRadiusClientName] [DEBUG] 2021-03-31 06:25:44.589 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [e38ec395-5011-473f-a6f3-f0ef883e13ae] [DEBUG] 2021-03-31 06:25:44.589 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [10.200.0.0/16] [DEBUG] 2021-03-31 06:25:44.590 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [fortigate] [DEBUG] 2021-03-31 06:25:44.590 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2021-03-31 06:25:44.590 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [IGyqf23lsNiYcquN+9P07g==] [DEBUG] 2021-03-31 06:25:44.591 [Radius Auth Listener] BaseEntryManager - LdapProperty: inum, AttributeName: inum, AttributeValue: [38b7e6b4-6426-4061-9f65-e8154c1982b1] [DEBUG] 2021-03-31 06:25:44.591 [Radius Auth Listener] BaseEntryManager - LdapProperty: ipAddress, AttributeName: oxRadiusClientIpAddress, AttributeValue: [172.17.0.0/16] [DEBUG] 2021-03-31 06:25:44.591 [Radius Auth Listener] BaseEntryManager - LdapProperty: name, AttributeName: oxRadiusClientName, AttributeValue: [solidex] [DEBUG] 2021-03-31 06:25:44.591 [Radius Auth Listener] BaseEntryManager - LdapProperty: priority, AttributeName: oxRadiusClientSortPriority, AttributeValue: [1] [DEBUG] 2021-03-31 06:25:44.595 [Radius Auth Listener] BaseEntryManager - LdapProperty: secret, AttributeName: oxRadiusClientSecret, AttributeValue: [IGyqf23lsNiYcquN+9P07g==] [INFO ] 2021-03-31 06:25:44.603 [Radius Auth Listener] GluuRadiusServer - Client ip: 172.17.17.105 [INFO ] 2021-03-31 06:25:44.605 [Radius Auth Listener] GluuRadiusServer - Client ip: 172.17.17.105 [DEBUG] 2021-03-31 06:25:44.605 [Radius Auth Listener] CidrSubnetMatcher - Match found for client with ip 172.17.17.105 [INFO ] 2021-03-31 06:25:44.621 [Radius Auth Listener] RadiusServer - received packet from /172.17.17.105:44750 on local address 0.0.0.0/0.0.0.0:1812: Access-Request, ID 205 User-Name: jsmith User-Password: 0x313233343536 NAS-IP-Address: 127.0.1.1 NAS-Port: 1 Message-Authenticator: 0x6418a7f5c7ffd410dc5af492f3696c38 [DEBUG] 2021-03-31 06:25:44.668 [Radius Auth Listener] SuperGluuAccessRequestFilter - Performing two-step authentication for user {jsmith} [DEBUG] 2021-03-31 06:25:44.880 [Radius Auth Listener] RequestAddCookies - CookieSpec selected: default [DEBUG] 2021-03-31 06:25:44.881 [Radius Auth Listener] RequestAuthCache - Auth cache not set in the context [DEBUG] 2021-03-31 06:25:44.883 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://gluulan.solidex.minsk.by:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 100] [DEBUG] 2021-03-31 06:25:44.888 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://gluulan.solidex.minsk.by:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2021-03-31 06:25:44.889 [Radius Auth Listener] MainClientExec - Opening connection {s}->https://gluulan.solidex.minsk.by:443 [DEBUG] 2021-03-31 06:25:44.890 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connecting to gluulan.solidex.minsk.by/172.17.18.111:443 [DEBUG] 2021-03-31 06:25:44.890 [Radius Auth Listener] SSLConnectionSocketFactory - Connecting socket to gluulan.solidex.minsk.by/172.17.18.111:443 with timeout 0 [DEBUG] 2021-03-31 06:25:44.891 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled protocols: [TLSv1.2, TLSv1.1, TLSv1] [DEBUG] 2021-03-31 06:25:44.891 [Radius Auth Listener] SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] [DEBUG] 2021-03-31 06:25:44.892 [Radius Auth Listener] SSLConnectionSocketFactory - Starting handshake [DEBUG] 2021-03-31 06:25:44.907 [Radius Auth Listener] SSLConnectionSocketFactory - Secure session established [DEBUG] 2021-03-31 06:25:44.907 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 [DEBUG] 2021-03-31 06:25:44.907 [Radius Auth Listener] SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [DEBUG] 2021-03-31 06:25:44.909 [Radius Auth Listener] SSLConnectionSocketFactory - peer principal: EMAILADDRESS=mail@solidex.com, CN=gluulan.solidex.minsk.by, O=Solidex, L=Minsk, ST=CN, C=CN [DEBUG] 2021-03-31 06:25:44.910 [Radius Auth Listener] SSLConnectionSocketFactory - issuer principal: EMAILADDRESS=mail@solidex.com, CN=gluulan.solidex.minsk.by, O=Solidex, L=Minsk, ST=CN, C=CN [DEBUG] 2021-03-31 06:25:44.911 [Radius Auth Listener] DefaultHttpClientConnectionOperator - Connection established 172.17.18.111:35754<->172.17.18.111:443 [DEBUG] 2021-03-31 06:25:44.911 [Radius Auth Listener] MainClientExec - Executing request POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2021-03-31 06:25:44.911 [Radius Auth Listener] MainClientExec - Target auth state: UNCHALLENGED [DEBUG] 2021-03-31 06:25:44.912 [Radius Auth Listener] MainClientExec - Proxy auth state: UNCHALLENGED [DEBUG] 2021-03-31 06:25:44.912 [Radius Auth Listener] headers - http-outgoing-0 >> POST /oxauth/restv1/token HTTP/1.1 [DEBUG] 2021-03-31 06:25:44.912 [Radius Auth Listener] headers - http-outgoing-0 >> Content-Type: application/x-www-form-urlencoded [DEBUG] 2021-03-31 06:25:44.912 [Radius Auth Listener] headers - http-outgoing-0 >> Content-Length: 1115 [DEBUG] 2021-03-31 06:25:44.912 [Radius Auth Listener] headers - http-outgoing-0 >> Host: gluulan.solidex.minsk.by [DEBUG] 2021-03-31 06:25:44.913 [Radius Auth Listener] headers - http-outgoing-0 >> Connection: Keep-Alive [DEBUG] 2021-03-31 06:25:44.913 [Radius Auth Listener] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8) [DEBUG] 2021-03-31 06:25:44.913 [Radius Auth Listener] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate [DEBUG] 2021-03-31 06:25:44.913 [Radius Auth Listener] wire - http-outgoing-0 >> "POST /oxauth/restv1/token HTTP/1.1[\r][\n]" [DEBUG] 2021-03-31 06:25:44.913 [Radius Auth Listener] wire - http-outgoing-0 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" [DEBUG] 2021-03-31 06:25:44.913 [Radius Auth Listener] wire - http-outgoing-0 >> "Content-Length: 1115[\r][\n]" [DEBUG] 2021-03-31 06:25:44.914 [Radius Auth Listener] wire - http-outgoing-0 >> "Host: gluulan.solidex.minsk.by[\r][\n]" [DEBUG] 2021-03-31 06:25:44.914 [Radius Auth Listener] wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-31 06:25:44.914 [Radius Auth Listener] wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/11.0.8)[\r][\n]" [DEBUG] 2021-03-31 06:25:44.914 [Radius Auth Listener] wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" [DEBUG] 2021-03-31 06:25:44.914 [Radius Auth Listener] wire - http-outgoing-0 >> "[\r][\n]" [DEBUG] 2021-03-31 06:25:44.914 [Radius Auth Listener] wire - http-outgoing-0 >> "__step=initiate_auth&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&__remote_ip=172.17.17.105&__password=123456&grant_type=password&scope=openid+super_gluu_ro_session&acr_values=super_gluu_ro&client_assertion=eyJraWQiOiIwNmUxMDc0YS1iZjNjLTQ5NGMtODA2OS1hNzBjZDdkMDdjOGVfc2lnX3JzNTEyIiwidHlwIjoiSldUIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxNzAxLmFjMGQ0YWU4LTkzY2ItNDQ3Zi05OTQ0LWUxN2IyNzg4NDhjMiIsImF1ZCI6Imh0dHBzOi8vZ2x1dWxhbi5zb2xpZGV4Lm1pbnNrLmJ5L294YXV0aC9yZXN0djEvdG9rZW4iLCJpc3MiOiIxNzAxLmFjMGQ0YWU4LTkzY2ItNDQ3Zi05OTQ0LWUxN2IyNzg4NDhjMiIsImV4cCI6MTYxNzE3MjI0NCwiaWF0IjoxNjE3MTcxOTQ0LCJqdGkiOiJiZmQyZWM4MC1jNjhiLTQ0MjctYWY3MS02Zjc1ZTQwYzk3MDIifQ.EeKo3trOoaSqcVT_jnYgfh2ySSz5btB03cH1G9nMaNGOarlgdxlzd2ADZExbdh0O3HQvkm6HoG7Q_pV5l-gaItN_1VqfSuPaZSO3w-1KXK2DlZNnZIuWGGPYLvlHdG_R9FyoMJSWkBCLXQVIwkhjAQUlLsKYutGsHlvAAI9NJt7GM_7MVe34weITAsaVzwJmKdK2nfJ8SJ7bynsmoYM7RZPYiBIrVy2_qOAJWYWHE9cAbIHpaTriIK3-tMdfLtRjJMArRk7Xc021HFAKhAsM9PkEt6QN4JKUsEp5P7MATv0l2NfY9l3utWZD5HakpPm1kln_H3bSxOr5eTwNg_7_Og&__auth_scheme=twostep&client_id=1701.ac0d4ae8-93cb-447f-9944-e17b278848c2&username=jsmith" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "Date: Wed, 31 Mar 2021 06:25:44 GMT[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "Server: Apache/2.4.29 (Ubuntu)[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "X-Xss-Protection: 1; mode=block[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "X-Content-Type-Options: nosniff[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "Cache-Control: no-store[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "Content-Type: application/json[\r][\n]" [DEBUG] 2021-03-31 06:25:45.095 [Radius Auth Listener] wire - http-outgoing-0 << "Pragma: no-cache[\r][\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << "Content-Length: 599[\r][\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << "Keep-Alive: timeout=5, max=100[\r][\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << "Connection: Keep-Alive[\r][\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << "[\r][\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << "{[\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << " "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.",[\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << " "error": "invalid_client"[\n]" [DEBUG] 2021-03-31 06:25:45.096 [Radius Auth Listener] wire - http-outgoing-0 << "}" [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << Date: Wed, 31 Mar 2021 06:25:44 GMT [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << Server: Apache/2.4.29 (Ubuntu) [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << X-Xss-Protection: 1; mode=block [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << X-Content-Type-Options: nosniff [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << Strict-Transport-Security: max-age=31536000; includeSubDomains [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << Cache-Control: no-store [DEBUG] 2021-03-31 06:25:45.097 [Radius Auth Listener] headers - http-outgoing-0 << Content-Type: application/json [DEBUG] 2021-03-31 06:25:45.098 [Radius Auth Listener] headers - http-outgoing-0 << Pragma: no-cache [DEBUG] 2021-03-31 06:25:45.098 [Radius Auth Listener] headers - http-outgoing-0 << Content-Length: 599 [DEBUG] 2021-03-31 06:25:45.098 [Radius Auth Listener] headers - http-outgoing-0 << Keep-Alive: timeout=5, max=100 [DEBUG] 2021-03-31 06:25:45.098 [Radius Auth Listener] headers - http-outgoing-0 << Connection: Keep-Alive [DEBUG] 2021-03-31 06:25:45.099 [Radius Auth Listener] MainClientExec - Connection can be kept alive for 5000 MILLISECONDS [DEBUG] 2021-03-31 06:25:45.099 [Radius Auth Listener] HttpAuthenticator - Authentication required [DEBUG] 2021-03-31 06:25:45.099 [Radius Auth Listener] HttpAuthenticator - gluulan.solidex.minsk.by:443 requested authentication [DEBUG] 2021-03-31 06:25:45.099 [Radius Auth Listener] HttpAuthenticator - Response contains no authentication challenges [DEBUG] 2021-03-31 06:25:45.112 [Radius Auth Listener] i18n - Interceptor Context: org.jboss.resteasy.core.interception.ClientReaderInterceptorContext, Method : proceed [DEBUG] 2021-03-31 06:25:45.112 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey [DEBUG] 2021-03-31 06:25:45.112 [Radius Auth Listener] i18n - MessageBodyReader: org.jboss.resteasy.plugins.providers.StringTextStar [DEBUG] 2021-03-31 06:25:45.113 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection [id: 0][route: {s}->https://gluulan.solidex.minsk.by:443] can be kept alive for 5.0 seconds [DEBUG] 2021-03-31 06:25:45.113 [Radius Auth Listener] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://gluulan.solidex.minsk.by:443][total kept alive: 1; route allocated: 1 of 20; total allocated: 1 of 100] [DEBUG] 2021-03-31 06:25:45.114 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: { "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.", "error": "invalid_client" } [DEBUG] 2021-03-31 06:25:45.114 [Radius Auth Listener] SuperGluuAccessRequestFilter - Authentication failed for user {jsmith}. [INFO ] 2021-03-31 06:25:45.114 [Radius Auth Listener] RadiusServer - send response: Access-Reject, ID 205 [DEBUG] 2021-03-31 06:25:46.386 [Thread-7] Runner - Performing background operations [DEBUG] 2021-03-31 06:25:46.386 [Thread-7] Runner - Background operations complete ``` See the configuration file bellow (`gluu-radius.properties`): ``` # Gluu radius server configuration file # Enable / disable listening (true/false) radius.listen.enable = true # Authentication scheme # use `onestep` for single factor authentication # and `twostep` for two factor authentication (SuperGluu) radius.auth.scheme = twostep # radius.auth.scheme = onestep # location of salt file use for password encryption/decryption radius.config.saltfile = /etc/gluu/conf/salt # persistence configuration file radius.persist.config = /etc/gluu/conf/gluu.properties # JWT # keystore file radius.jwt.keyStoreFile = /etc/certs/gluu-radius.jks # keystore key regeneration interval (in days) # A value of `0` disables key regeneration radius.jwt.keygen.interval = 0 # keystore pin radius.jwt.keyStorePin = nk8f3F22K+bynAfHGfa3Pg== # certificate keyId for private jwt authentication radius.jwt.auth.keyId = 06e1074a-bf3c-494c-8069-a70cd7d07c8e_sig_rs512 # signing algorithm used for private jwt authentication radius.jwt.auth.signAlgorithm = RS512 # radius clients DN radius.clients_DN = ou=radius_clients,o=gluu # openid clients DN radius.openid_clients_DN = ou=clients,o=gluu ``` And here is the information from `/opt/gluu/jetty/identity/logs/oxtrust_script.log` file ``` 2021-03-31 06:30:17,436 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu-RO initiatate_authentication 2021-03-31 06:30:17,436 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu-RO using two-step authentication 2021-03-31 06:30:17,440 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu-RO. Generated session id. DN: 'oxId=9d634512-18cc-48bb-8b08-fe3d41a16c8b,ou=sessions,o=gluu' 2021-03-31 06:30:17,442 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - NetApi. Determining remote location for ip address '172.17.17.105' 2021-03-31 06:30:17,582 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - NetApi. Could not determine remote location. ip-api status: 'fail' 2021-03-31 06:30:17,583 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu-Push. Sending push notification to user 'jsmith' devices 2021-03-31 06:30:17,587 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu-Push. No device enrolled for user 'jsmith' 2021-03-31 06:30:17,587 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - User jsmith has no device enrolled for Super-Gluu authentication 2021-03-31 06:30:17,588 INFO [qtp831236296-13] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Send push notification to user 'jsmith' failed ``` I see this line in the last log file "Super-Gluu-Push. No device enrolled for user 'jsmith'" But I've already enrolled my phone for jsmith user through casa: ![](https://snipboard.io/8m1eN6.jpg) And I've turned on 2FA for jsmith user ![](https://snipboard.io/OuVYPa.jpg) I've tested it through casa portal and it works! Here you can see the last log file when jsmith authenticates through Casa: ``` 2021-03-31 07:03:32,632 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getPageForStep called 1 2021-03-31 07:03:32,636 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. isValidAuthenticationMethod called 2021-03-31 07:03:32,637 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. prepareForStep 1 2021-03-31 07:03:32,637 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. prepareUIParams. Reading UI branding params 2021-03-31 07:03:32,639 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 1 2021-03-31 07:03:32,640 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - extras are [casa_contextPath, casa_prefix, casa_faviconUrl, casa_extraCss, casa_logoUrl] 2021-03-31 07:03:44,583 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. authenticate for step 1 2021-03-31 07:03:44,594 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getAvailMethodsUser [super_gluu, otp] 2021-03-31 07:03:44,594 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getSuitableAcr. On mobile = False 2021-03-31 07:03:44,594 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getSuitableAcr. super_gluu was selected for user jsmith 2021-03-31 07:03:44,596 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Authenticate for step 1 2021-03-31 07:03:44,614 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Authenticate for step 1. auth_method: 'authenticate' 2021-03-31 07:03:44,616 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. determineSkip2FA with general policy EVERY_LOGIN 2021-03-31 07:03:44,617 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getNextStep called 1 2021-03-31 07:03:44,617 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 2 2021-03-31 07:03:44,618 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - extras are [super_gluu_auth_method, super_gluu_request, ACR, methods, trustedDevicesInfo, casa_contextPath, casa_prefix, casa_faviconUrl, casa_extraCss, casa_logoUrl] 2021-03-31 07:03:44,618 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getCountAuthenticationSteps called 2021-03-31 07:03:44,619 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getPageForStep called 2 2021-03-31 07:03:44,620 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. authmethod 'authenticate' 2021-03-31 07:03:44,620 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 2 2021-03-31 07:03:44,621 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - extras are [super_gluu_auth_method, super_gluu_request, ACR, methods, trustedDevicesInfo, casa_contextPath, casa_prefix, casa_faviconUrl, casa_extraCss, casa_logoUrl] 2021-03-31 07:03:44,649 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. isValidAuthenticationMethod called 2021-03-31 07:03:44,650 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. prepareForStep 2 2021-03-31 07:03:44,652 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. prepareForStep. ACR = super_gluu 2021-03-31 07:03:44,658 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getAvailMethodsUser [otp] 2021-03-31 07:03:44,658 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Prepare for step 2 2021-03-31 07:03:44,659 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Prepare for step 2. auth_method: 'authenticate' 2021-03-31 07:03:44,660 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Prepare for step 2. Adding req_ip and req_loc to super_gluu_request 2021-03-31 07:03:44,660 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Determine remote location. remote_ip: '172.17.17.105' 2021-03-31 07:03:44,806 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Determine remote location. Get response with status: 'fail' 2021-03-31 07:03:44,806 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '172.17.17.105' 2021-03-31 07:03:44,807 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Prepare for step 2. Prepared super_gluu_request: 2021-03-31 07:03:44,807 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - {"app":"https://gluulan.solidex.minsk.by/casa","licensed":false,"method":"authenticate","req_ip":"172.17.17.105","created":"2021-03-31T07:03:44Z","issuer":"https://gluulan.solidex.minsk.by","state":"481bf690-ae1d-409f-ae5d-21b9224850d6","username":"jsmith"} 2021-03-31 07:03:44,808 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Send push notification. Loading user 'jsmith' devices 2021-03-31 07:03:44,812 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Get target endpoint ARN. There is already created target endpoint ARN 2021-03-31 07:03:45,503 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Send push notification. send_android: '1', send_ios: '0' 2021-03-31 07:03:45,503 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 2 2021-03-31 07:03:45,504 INFO [qtp831236296-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - extras are [super_gluu_auth_method, super_gluu_request, ACR, methods, trustedDevicesInfo, casa_contextPath, casa_prefix, casa_faviconUrl, casa_extraCss, casa_logoUrl] 2021-03-31 07:03:50,914 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. authenticate for step 2 2021-03-31 07:03:50,922 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getAvailMethodsUser [otp] 2021-03-31 07:03:50,923 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Authenticate for step 2. Get auth_result: 'success' 2021-03-31 07:03:50,924 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Authenticate for step 2 2021-03-31 07:03:50,924 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Get session device status 2021-03-31 07:03:50,924 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Get session device status. session_device_status: '{'super_gluu_request': u'{"app":"https://gluulan.solidex.minsk.by/casa","licensed":false,"method":"authenticate","req_ip":"172.17.17.105","created":"2021-03-31T07:03:44Z","issuer":"https://gluulan.solidex.minsk.by","state":"481bf690-ae1d-409f-ae5d-21b9224850d6","username":"jsmith"}', 'device_id': u'1616950734243', 'user_inum': u'45d46de9-1813-4655-8279-438ed7711592', 'enroll': False, 'one_step': False}' 2021-03-31 07:03:50,928 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Super-Gluu. Authenticate for step 2. User 'jsmith' successfully authenticated with u2f_device '1616950734243' 2021-03-31 07:03:50,928 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. authenticate. 2FA authentication was successful 2021-03-31 07:03:50,928 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. authenticate. List of user's trusted devices was not updated 2021-03-31 07:03:50,929 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getNextStep called 2 2021-03-31 07:03:50,929 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 3 2021-03-31 07:03:50,929 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - extras are [ACR, methods, trustedDevicesInfo, casa_contextPath, casa_prefix, casa_faviconUrl, casa_extraCss, casa_logoUrl] 2021-03-31 07:03:50,930 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getCountAuthenticationSteps called 2021-03-31 07:03:50,931 INFO [qtp831236296-21] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 3 ``` Have I done everything correctly? I hope this information is correct and valuable! Thank you for your help!

By Nadzeya Hryshalevich user 31 Mar 2021 at 2:43 a.m. CDT

Nadzeya Hryshalevich gravatar
Finally I've done it! When I connected my phone with jsmith's account through oxauth, not casa portal, Gluu-RADIUS + Super Gluu worked correctly! Thanks everyone for your help! But what is the propose of Casa portal if Gluu-RADIUS + Super Gluu doesn't work when I register my device through Casa portal? We want our users to register their devices through this portal, not the Gluu server's main portal

By Dzouato Djeumen Rolain Bonaventure staff 31 Mar 2021 at 3:22 a.m. CDT

Dzouato Djeumen Rolain Bonaventure gravatar
No problem, From your log i was about to note that there was no device associated to the user. Glad you figured it out. As we mentionned before , this should not be used for high volume deployments, so keep that it mind. As for your question about casa, as far as oxAuth is concerned , each device is enrolled with a specific applicationId. It allows different applications in principle to enroll different devices and keep them separated. In this case , the Gluu UI (oxTrust) uses an application Id different from Casa which is a different one. If you want to use Gluu-Radius + Super Gluu with casa, please go to `Configuration` > `Other Scripts`, select the Resource Owner Password Credential tab and open the `super_gluu_ro` script. Under Custom Property section , locate the application_id property and change the value there to https://<server>/casa , where <server> is the fqdn of your server. Let me know if you need further assistance

By Nadzeya Hryshalevich user 31 Mar 2021 at 3:40 a.m. CDT

Nadzeya Hryshalevich gravatar
I've done everything that you suggested, and now it works! Thank you so much for your help! One more question. Can I create a group for users that I want to authenticate with gluu-radius and super gluu and separate them from other users? I mean, Gluu-RADIUS server will send Access-Reject for users that are not in this group. Is it possible?

By Dzouato Djeumen Rolain Bonaventure staff 31 Mar 2021 at 3:58 a.m. CDT

Dzouato Djeumen Rolain Bonaventure gravatar
In it's current state , I do not think that's possible. That said , you can modify the super_gluu_ro script to do just that. It should be relatively easy.

By Nadzeya Hryshalevich user 31 Mar 2021 at 3:59 a.m. CDT

Nadzeya Hryshalevich gravatar
Okay, thank you for your time and help! It was valuable for me! Have a nice day!

By Dzouato Djeumen Rolain Bonaventure staff 31 Mar 2021 at 4:02 a.m. CDT

Dzouato Djeumen Rolain Bonaventure gravatar
Thank you and have a nice day too. I will now close the ticket.