Hi Mr Khan, Indeed this doc is what I was trying to understand. In fact, how can I update the scim-rp-openid-keys.json file just with the content of setup.properties.last for example, which fields of json file should I update to get the things working? Thanks in advance

Leonardo, What version of the Gluu Server are you using? Are you trying to figure out how to update from 2.4.1 to 2.4.2 ? A little more context on what you're doing would be helpful. thx, Mike

Hi Leonardo, Just for clarification, the example makes use of Gluu's SCIM-Client Java library which you can import via Maven: ``` <repositories> <repository> <id>gluu</id> <name>Gluu repository</name> <url>http://ox.gluu.org/maven</url> </repository> </repositories> ... <dependency> <groupId>gluu.scim.client</groupId> <artifactId>SCIM-Client</artifactId> <version>2.4.2.Final</version> </dependency> ``` As for ```scim-rp-openid-keys.json```, you can just use it straight away without modification since the install script has automatically generated it.

Hi Valentino and Michael, Thanks for your responses. First of all, I'm using the latest CE edition of Gluu (2.4.2) and I've installed all components. I constructed a simple project using the suggested dependencies by Valentino and compilation was successful. I also did the compilation of SCIM-Client previously and that worked just fine. I took the file scim-rp-openid-keys.json generated in installation and have pointed my code to use this file as in example extracted from https://gluu.org/docs/integrate/scimuma-howto/. I've executed the command "cat setup.properties.last | grep "scim_rs_client_id\|scim_rp_client_id" as suggested in documentation and the return was scim_rp_client_id=@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0008!7A0D.9C82 scim_rs_client_id=@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0008!2DEC.BD57 After that, I've modified the example code, assigning the value of variable "umaAatClientId" to the value of scim_rp_client_id (above output) and umaAatClientKeyId to "" (empty). When I run the code, the error noticed on oxauth.log was * 2016-03-30 13:25:40,574 INFO [org.xdi.oxauth.auth.AuthenticationFilter] JWT authentication failed: Invalid cryptographic segment org.xdi.oxauth.model.exception.InvalidJwtException: Invalid cryptographic segment at org.xdi.oxauth.model.token.ClientAssertion.load(ClientAssertion.java:106) at org.xdi.oxauth.model.token.ClientAssertion.<init>(ClientAssertion.java:39) at org.xdi.oxauth.auth.AuthenticationFilter.processJwtAuth(AuthenticationFilter.java:309) at org.xdi.oxauth.auth.AuthenticationFilter.access$100(AuthenticationFilter.java:59) at org.xdi.oxauth.auth.AuthenticationFilter$1.process(AuthenticationFilter.java:82) at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:73) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) * This error is the same of running testcases of scim-client component. I'm also send to you a gist with the content of my scim-rp-openid-keys.json. Thanks in advance. [Gist of scim-rp-openid-keys.json](https://gist.github.com/leogsilva/f5001e4a6efbdf93bd26370032830619) Leonardo

Hi Leonardo, Can you try our patched oxAuth *.war: [http://ox.gluu.org/maven/org/xdi/oxauth-server/2.4.2.Final/oxauth-server-2.4.2.Final.war](http://ox.gluu.org/maven/org/xdi/oxauth-server/2.4.2.Final/oxauth-server-2.4.2.Final.war) To install: 1. Login to your Gluu chroot environment. 2. Stop Tomcat with /opt/tomcat/bin/shutdown.sh. 3. Delete all oxauth* files in /opt/tomcat/webapps. 4. Put the new oxauth.war above (don't forget to rename). 5. Restart the Gluu server. You may encounter an LDAP persistence error during UMA ticket invalidation, but this does not affect SCIM. These issues will be fixed in Release v2.4.3. Reminders: 1. If your app is accessing the Gluu server from another machine, please make sure that you add the SSL certificate to the JVM's key store. Instructions [here](http://www.grim.se/guide/jre-cert). 2. Don't forget to enable SCIM Support in oxTrust. Regards, Val

If this is a big, the new release will be out next week... 2.4.3

Hi guys, Nice to know that next week will be released out the 2.4.3 version. The patch works like a charm. I got the following output * SCIM1 {"id":"@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0000!A8F2.DE1E.D7FB","externalId":"","userName":"admin","name":{"givenName":"Admin","familyName":"User","middleName":"","honorificPrefix":"","honorificSuffix":""},"displayName":"Default Admin User","nickName":"","profileUrl":"","emails":[],"addresses":[],"PhoneNumbers":[],"ims":[],"photos":[],"userType":"","title":"","locale":"","password":"Hidden for Privacy Reasons","groups":[{"display":"Gluu Manager Group","value":"@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0003!60B7"},{"display":"cf.users","value":"@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0003!0DD1.434C"}],"roles":[],"entitlements":[],"x509Certificates":[],"meta":{"created":"","lastModified":"","version":"","location":""},"customAttributes":[{"name":"UAAEmailAddress","values":["admin@home.com"]}]} SCIM2: {"id":"@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0000!A8F2.DE1E.D7FB","externalId":"","userName":"admin","name":{"givenName":"Admin","familyName":"User","middleName":"","honorificPrefix":"","honorificSuffix":""},"displayName":"Default Admin User","nickName":"","profileUrl":"","emails":[],"addresses":[],"PhoneNumbers":[],"ims":[],"photos":[],"userType":"","title":"","locale":"","password":"Hidden for Privacy Reasons","groups":[{"display":"Gluu Manager Group","value":"@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0003!60B7"},{"display":"cf.users","value":"@!D0FB.1A8B.760A.CEE8!0001!BADF.837B!0003!0DD1.434C"}],"roles":[],"entitlements":[],"x509Certificates":[],"meta":{"created":"","lastModified":"","version":"","location":""},"customAttributes":[{"name":"UAAEmailAddress","values":["admin@home.com"]}]} * Thanks a lot. Leonardo

Thanks for confirmation, Leo. Closing out this ticket.