By: scl family user 06 Aug 2018 at 7:18 a.m. CDT

23 Responses
scl family gravatar
I am using dockerized version of gluu server in my ubuntu machine and want to develop custom Biometric 2Fa authentication using gluu. I have done below steps:- 1. I have put xhtml file in oxauth > custom >pages >idemia>idemia.xhtml. and img and css in oxauth > custom > static> img (for images) and oxauth > custom > static> stylesheet(for css) 2. Made a custom script which contains below method ``` def getPageForStep(self, configurationAttributes, step): if step == 2: return "/auth/idemia/idemia.xhtml" return "" ``` 3. Enabled customScript by below steps: Configuration > manage custom script > paste my script > enabled > update 4. Then, manage authentication > Default authentication method ``` Default acr :- my script oxTrust acr :- my script ``` 5. Restart all services of gluu. Then i tried to login in gluu server .After entering username and password when i clicked on login button , got error ``` "HTTP ERROR 404 Problem accessing /oxauth/auth/idemia/idemia.htm. Reason: /auth/idemia/idemia.xhtml Not Found in ExternalContext as a Resource " ```

By Thomas Gasmyr Mougang staff 06 Aug 2018 at 7:37 a.m. CDT

Thomas Gasmyr Mougang gravatar
Hi, Can you share all the files to reproduce that issue?

By scl family user 06 Aug 2018 at 7:45 a.m. CDT

scl family gravatar
``` # oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. # Copyright (c) 2018, Gluu # # Author: Idemia from org.xdi.service.cdi.util import CdiUtil from org.xdi.oxauth.security import Identity from org.xdi.model.custom.script.type.auth import PersonAuthenticationType from org.xdi.oxauth.service import UserService, AuthenticationService from org.xdi.oxauth.util import ServerUtil from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays import java import random class PersonAuthentication(PersonAuthenticationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis def init(self, configurationAttributes): print "Idemia Device. Initialization" return True def destroy(self, configurationAttributes): print "Idemia Device. Destroy" print "Idemia Device. Destroyed successfully" return True def getApiVersion(self): return 1 def isValidAuthenticationMethod(self, usageType, configurationAttributes): return True def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes): return None def authenticate(self, configurationAttributes, requestParameters, step): userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) session_attributes = identity.getSessionId().getSessionAttributes() if step == 1: print "Idemia Device. Step 1 Password Authentication" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = authenticationService.authenticate(user_name, user_password) if not logged_in: return False return True elif step == 2: # Retrieve the session attribute print "Idemia Device. Step 2 Authentication" return True return False def prepareForStep(self, configurationAttributes, requestParameters, step): if step == 1: print "Idemia Device. Prepare for Step 1" return True elif step == 2: print "Idemia Device. Prepare for Step 2" return True return False def getExtraParametersForStep(self, configurationAttributes, step): if step == 2: return None return None def getCountAuthenticationSteps(self, configurationAttributes): return 2 def getPageForStep(self, configurationAttributes, step): if step == 2: return "/auth/idemia/idemia.xhtml" return "" def logout(self, configurationAttributes, requestParameters): return True ```

By scl family user 06 Aug 2018 at 7:45 a.m. CDT

scl family gravatar
``` <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8" /> <meta name="author" content="Kodinger" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <title>Gluu Demo</title> <link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css" /> <link rel="stylesheet" type="text/css" href="css/my-login.css" /></head> <body class="my-login-page"> <section class="h-100"> <div class="container h-100"> <div class="row justify-content-md-center h-100"> <div class="card-wrapper"> <div class="brand2"> <img src="img/logo.jpg" alt="" /> </div> <div class="card fat"> <div class="card-body"> <h4 class="card-title">Place your Finger </h4> <div class="brand"> <img src="img/finger.jpg" alt="" /> </div> <div class="form-group no-margin"> <button type="button" onclick="CaptureFingerprint()" class="btn btn-primary btn-block"> Capture </button> </div> <div class="form-group margin-top20 "> <button type="button" action="#{authenticator.authenticate}" class="btn btn-primary btn-block"> Submit </button> </div> <div class="margin-top20 text-center"> Single SignOn </div> </div> </div> <div class="footer"> Copyright © 2018 — Idemia </div> </div> </div> </div> </section> <script src="bootstrap/js/bootstrap.min.js"></pre> <script src="js/main.js"></pre> </body></html> ```

By Michael Schwartz Account Admin 06 Aug 2018 at 11:18 a.m. CDT

Michael Schwartz gravatar
Assigning to Sahil, who is in India, closer to your time zone. He's pretty good at authentication scripts. Maybe you can do some screensharing to get this kickstared.

By scl family user 07 Aug 2018 at 12:18 a.m. CDT

scl family gravatar
Please Do

By scl family user 07 Aug 2018 at 1:20 a.m. CDT

scl family gravatar
I am waiting for your help.

By Michael Schwartz Account Admin 07 Aug 2018 at 9:27 a.m. CDT

Michael Schwartz gravatar
It's assigned. There is no SLA on community support.

By Sahil Arora user 07 Aug 2018 at 9:30 a.m. CDT

Sahil Arora gravatar
I am working on it, will have update on this asap.

By Sahil Arora user 07 Aug 2018 at 6:21 p.m. CDT

Sahil Arora gravatar
Hi, You will need to modify your "idemia.xhtml" file in the valid xhtml format, Please refer page [this](https://github.com/GluuFederation/oxAuth/blob/version_3.1.3/Server/src/main/webapp/auth/duo/duologin.xhtml) as example. Additionally, when calling the page from script use this ``` return "/idemia/idemia.xhtml" ``` Please make these changed, and let us know. In case of any issues, do share the oxauth and oxauth_script logs from /opt/gluu/jetty/oxauth/logs

By scl family user 08 Aug 2018 at 1:41 a.m. CDT

scl family gravatar
Still not working and "idemia.xhtml" is a valid html page I am running this on my local server . It is working fine.

By scl family user 08 Aug 2018 at 1:59 a.m. CDT

scl family gravatar
oxauth_script logs

By scl family user 08 Aug 2018 at 1:59 a.m. CDT

scl family gravatar
``` 2018-08-08 06:24:00,647 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroy 2018-08-08 06:24:00,671 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroyed successfully 2018-08-08 06:24:02,796 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialization 2018-08-08 06:24:02,796 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialized successfully 2018-08-08 06:24:17,335 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Initialization 2018-08-08 06:24:18,909 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Initialized successfully 2018-08-08 06:24:18,943 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Destroy 2018-08-08 06:24:18,944 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Destroyed successfully 2018-08-08 06:24:18,979 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Initialization 2018-08-08 06:24:19,022 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Initialized successfully 2018-08-08 06:24:19,076 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Idemia Device. Destroy 2018-08-08 06:24:19,076 INFO [oxAuthScheduler_Worker-3] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Idemia Device. Destroyed successfully 2018-08-08 06:24:29,221 INFO [qtp1190524793-28] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Prepare for step 1 2018-08-08 06:24:39,142 INFO [qtp1190524793-23] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Authenticate for step 1 2018-08-08 06:24:39,540 INFO [qtp1190524793-89] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Prepare for step 2 2018-08-08 06:24:39,581 INFO [qtp1190524793-89] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Prepare for step 2. duo_sig_request: ERR|The Duo integration key passed to sign_request() is invalid. 2018-08-08 06:56:00,537 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroy 2018-08-08 06:56:00,538 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroyed successfully 2018-08-08 06:56:00,605 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialization 2018-08-08 06:56:00,605 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialized successfully 2018-08-08 06:56:01,279 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Idemia Device. Initialization 2018-08-08 06:56:01,282 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Destroy 2018-08-08 06:56:01,283 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Destroyed successfully 2018-08-08 06:56:01,308 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Initialization 2018-08-08 06:56:01,308 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Cred-manager client registration. Initialized successfully 2018-08-08 06:56:01,309 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Destroy 2018-08-08 06:56:01,309 INFO [oxAuthScheduler_Worker-5] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Duo. Destroyed successfully 2018-08-08 06:56:03,622 INFO [qtp1190524793-6528] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Idemia Device. Prepare for Step 1 2018-08-08 06:56:38,018 INFO [qtp1190524793-23] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Idemia Device. Step 1 Password Authentication 2018-08-08 06:56:38,035 INFO [qtp1190524793-23] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Idemia Device. Step 2 page ```

By scl family user 08 Aug 2018 at 2 a.m. CDT

scl family gravatar
Now error is chnaged "Error Encountered An unexpected error has occured at 2018-08-08 06:56:38 AM"

By scl family user 08 Aug 2018 at 2:01 a.m. CDT

scl family gravatar
``` # oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. # Copyright (c) 2018, Gluu # # Author: Idemia from org.xdi.service.cdi.util import CdiUtil from org.xdi.oxauth.security import Identity from org.xdi.model.custom.script.type.auth import PersonAuthenticationType from org.xdi.oxauth.service import UserService, AuthenticationService from org.xdi.oxauth.util import ServerUtil from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays import java import random class PersonAuthentication(PersonAuthenticationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis def init(self, configurationAttributes): print "Idemia Device. Initialization" return True def destroy(self, configurationAttributes): print "Idemia Device. Destroy" print "Idemia Device. Destroyed successfully" return True def getApiVersion(self): return 1 def isValidAuthenticationMethod(self, usageType, configurationAttributes): return True def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes): return None def authenticate(self, configurationAttributes, requestParameters, step): userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) session_attributes = identity.getSessionId().getSessionAttributes() if step == 1: print "Idemia Device. Step 1 Password Authentication" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = authenticationService.authenticate(user_name, user_password) if not logged_in: return False return True elif step == 2: # Retrieve the session attribute print "Idemia Device. Step 2 Authentication" return True return False def prepareForStep(self, configurationAttributes, requestParameters, step): if step == 1: print "Idemia Device. Prepare for Step 1" return True elif step == 2: print "Idemia Device. Prepare for Step 2" return True return False def getExtraParametersForStep(self, configurationAttributes, step): if step == 2: return None return None def getCountAuthenticationSteps(self, configurationAttributes): return 2 def getPageForStep(self, configurationAttributes, step): if step == 2: print "Idemia Device. Step 2 page" return "/idemia.xhtml" return "" def logout(self, configurationAttributes, requestParameters): return True ```

By Michael Schwartz Account Admin 08 Aug 2018 at 10:48 a.m. CDT

Michael Schwartz gravatar
Are you posting the script log? You need to say what log your providing... Did you review this [docs page](https://gluu.org/docs/ce/3.1.3/authn-guide/customauthn/) ? Also, you should learn how to use the [remote debugger in Eclipse](https://gluu.org/docs/ce/3.1.3/developer-guide/script-debugging/). Support != training. Or if you want to engage professional services, let us know.

By Sahil Arora user 09 Aug 2018 at 6:42 a.m. CDT

Sahil Arora gravatar
Can you please share oxauth.logs as well. You would see errors related to xhtml page in that log file.

By scl family user 09 Aug 2018 at 7:05 a.m. CDT

scl family gravatar
Thanks Sahil Its working now.

By Sahil Arora user 09 Aug 2018 at 7:10 a.m. CDT

Sahil Arora gravatar
Good to know. Can you please share what was the issue?

By scl family user 09 Aug 2018 at 7:11 a.m. CDT

scl family gravatar
Dear Michael, I had posted "oxauth_script " logs and I mentioned it You can look above messages. I am not from web development background So I had just posted all files so that you can tell me where i did mistake . I know "Support != training ". Anyway Thanks

By scl family user 09 Aug 2018 at 7:16 a.m. CDT

scl family gravatar
Dear Sahil Actually the xhtml file was not valid . Server need JSF html page .

By scl family user 09 Aug 2018 at 7:17 a.m. CDT

scl family gravatar
So I am learning JSF2.2.

By scl family user 10 Aug 2018 at 3:38 a.m. CDT

scl family gravatar
Dear Sahil, I have one question that How to pass data from javascript to custum python script.

By Michael Schwartz Account Admin 10 Aug 2018 at 9:32 a.m. CDT

Michael Schwartz gravatar
You can do this in the context. See [Saving and Passing Values](https://gluu.org/docs/ce/3.1.3/authn-guide/customauthn/#saving-and-passing-values) Take a look at the [Duo xhtml page](https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/webapp/auth/duo/duologin.xhtml) for an example