By: Michael Stoll user 06 Feb 2019 at 9:58 a.m. CST

2 Responses
Michael Stoll gravatar
Hey together, i have a problem with SCIM Client and UMA. I've got a Error status 401 Unauthorized returned from SCIM Client on my Spring Boot Application. Setup * Spring Boot Container running on Kubernetes with Gluu Scim Client v3.1.1 * Everything is building fine I try to get a created user(Michael) with the Java Scim Client. When i try it out the client gives me the following response: ``` 2019-02-06 15:15:49.817 ERROR 1 --- [nio-8004-exec-8] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is gluu.scim2.client.exception.ScimInitializationException: Error status 401 Unauthorized returned] with root cause org.jboss.resteasy.client.ClientResponseFailure: Error status 401 Unauthorized returned at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:570) ~[resteasy-jaxrs-3.0.12.Final.jar!/:?] at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:561) ~[resteasy-jaxrs-3.0.12.Final.jar!/:?] at org.jboss.resteasy.client.core.BaseClientResponse.checkFailureStatus(BaseClientResponse.java:555) ~[resteasy-jaxrs-3.0.12.Final.jar!/:?] at org.jboss.resteasy.client.core.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:37) ~[resteasy-jaxrs-3.0.12.Final.jar!/:?] at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:125) ~[resteasy-jaxrs-3.0.12.Final.jar!/:?] at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:88) ~[resteasy-jaxrs-3.0.12.Final.jar!/:?] at com.sun.proxy.$Proxy199.requestJwtAuthorizationRpt(Unknown Source) ~[?:?] at gluu.scim2.client.UmaScimClient.getAuthorizedRpt(UmaScimClient.java:158) ~[SCIM-Client-3.1.1.Final.jar!/:?] at gluu.scim2.client.UmaScimClient.obtainAuthorizedRpt(UmaScimClient.java:179) ~[SCIM-Client-3.1.1.Final.jar!/:?] at gluu.scim2.client.UmaScimClient.authorize(UmaScimClient.java:103) ~[SCIM-Client-3.1.1.Final.jar!/:?] at gluu.scim2.client.AbstractScimClient.isNeededToAuthorize(AbstractScimClient.java:55) ~[SCIM-Client-3.1.1.Final.jar!/:?] at gluu.scim2.client.AbstractScimClient.searchUsers(AbstractScimClient.java:361) ~[SCIM-Client-3.1.1.Final.jar!/:?] at de.vereint.ims.controllers.ProfileController.getOidcUser(ProfileController.kt:172) ~[classes!/:0.0.1] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_111] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_111] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_111] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_111] at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) ~[spring-webmvc-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.3.RELEASE.jar!/:5.1.3.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_111] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_111] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.13.jar!/:9.0.13] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111] ``` This is my Client Code(it's in kotlin): ``` fun getOidcUser(): ResponseEntity<Any> { val domain = "https://www.auth.vereint.community/identity/restv1" val umaAatClientId = "@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!8D08.0C31" val umaAatClientJksPath = "scim-rp.jks" val umaAatClientJksPassword = "secret" val umaAatClientKeyId = "e433d64b-6d65-448c-b718-e1fa400641e0" val client: ScimClient = ScimClientFactory.getClient(domain, null, umaAatClientId, umaAatClientJksPath, umaAatClientJksPassword, umaAatClientKeyId) val filter = "userName eq \"Michael\"" val response = client.searchUsers(filter, 1, 1, "", "", null) val results = response.entity.resources val user = results[0] as User return ResponseEntity.ok("User found: " + user.displayName) } ``` My file structure is as follows(hope that this is enough): ``` - project - src - main - kotlin - de.vereint.ims - controller - ProfileController.kt // this is the place where my test function is - ... - ImsApplication.kt - ressources - scim-rp.jks - ... ``` At least the logs from oxauth: ``` 2019-02-06 15:15:23,348 DEBUG [oxAuthScheduler_Worker-4] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2019-02-06 15:15:23,348 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:138) - Start AuthorizationGrant clean up 2019-02-06 15:15:23,350 TRACE [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.GrantService] (GrantService.java:176) - Removed token from LDAP, code: {sha256Hex}d1aca48bc6bcfde9260716156d97fc2a4b7b5411cf76e4cd894a3e517e8ad490 2019-02-06 15:15:23,352 TRACE [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.GrantService] (GrantService.java:167) - Removed grant, id: 7eb6f60f-b0fd-4dcc-bb6f-6db2aa2c9b69 2019-02-06 15:15:23,352 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:140) - End AuthorizationGrant clean up 2019-02-06 15:15:23,353 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:144) - Start Client clean up 2019-02-06 15:15:23,354 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:176) - End Client clean up 2019-02-06 15:15:23,356 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2019-02-06 15:15:23,356 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.oxauth.service.cdi.event.AuthConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2019-02-06 15:15:23,356 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2019-02-06 15:15:23,356 TRACE [ForkJoinPool.commonPool-worker-2] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:256) - Attempting to use ldapEntryManager: org.gluu.site.ldap.OperationsFacade@26c84006 2019-02-06 15:15:23,357 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:180) - Start U2F request clean up 2019-02-06 15:15:23,357 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:207) - End U2F request clean up 2019-02-06 15:15:23,357 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:211) - Start U2F request clean up 2019-02-06 15:15:23,357 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:239) - End U2F request clean up 2019-02-06 15:15:23,358 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:243) - Start metric entries clean up 2019-02-06 15:15:23,359 DEBUG [ForkJoinPool.commonPool-worker-1] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:253) - End metric entries clean up 2019-02-06 15:15:23,433 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2019-02-06 15:15:23,433 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.UpdateScriptEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2019-02-06 15:15:23,442 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2019-02-06 15:15:49,488 TRACE [qtp212628335-14] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:88) - Get request to: 'https://www.auth.vereint.community/oxauth/restv1/token' 2019-02-06 15:15:49,489 DEBUG [qtp212628335-14] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:94) - Starting token endpoint authentication 2019-02-06 15:15:49,489 DEBUG [qtp212628335-14] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:97) - Starting JWT token endpoint authentication 2019-02-06 15:15:49,491 DEBUG [qtp212628335-14] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7 2019-02-06 15:15:49,502 TRACE [qtp212628335-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:130) - Authenticating ... (interactive: false, skipPassword: true, credentials.username: @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7) 2019-02-06 15:15:49,502 DEBUG [qtp212628335-14] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:496) - ConfigureSessionClient: username: '@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7', credentials: '1845323777' 2019-02-06 15:15:49,502 TRACE [qtp212628335-14] [org.xdi.oxauth.service.ClientService] (ClientService.java:195) - Get client from cache by Dn 'inum=@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7,ou=clients,o=@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE,o=gluu' 2019-02-06 15:15:49,502 DEBUG [qtp212628335-14] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7 2019-02-06 15:15:49,506 INFO [qtp212628335-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:205) - Authentication success for Client: '@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7' 2019-02-06 15:15:49,506 TRACE [qtp212628335-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:148) - Authentication successfully for '@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7' 2019-02-06 15:15:49,508 DEBUG [qtp212628335-14] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:98) - Attempting to request access token: grantType = client_credentials, code = null, redirectUri = null, username = null, refreshToken = null, clientId = @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7, ExtraParams = {client_assertion_type=[urn:ietf:params:oauth:client-assertion-type:jwt-bearer], client_assertion=[eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiIsImtpZCI6IjZlNTc5YzE5LTJmYmUtNGI4Ni1iZjc4LTQ3MDFiODliOTQ3NyJ9.eyJpc3MiOiJAITZERjUuQUVCQy4yREVCLjdDMjchMDAwMSE3REE2LkM3QkUhMDAwOCE3ODNGLkI0RDciLCJzdWIiOiJAITZERjUuQUVCQy4yREVCLjdDMjchMDAwMSE3REE2LkM3QkUhMDAwOCE3ODNGLkI0RDciLCJhdWQiOiJodHRwczovL3d3dy5hdXRoLnZlcmVpbnQuY29tbXVuaXR5L294YXV0aC9yZXN0djEvdG9rZW4iLCJqdGkiOiIxYmZkMmZiMC04MDUzLTRmMDQtODJmYS05ZDkyZmRiMGNkNDUiLCJleHAiOjE1NDk0NjY0NDksImlhdCI6MTU0OTQ2NjE0OX0.MIGIAkIAt6MPsllBpqNN0Dm7MLVFNLLXkjVCAOhyNNw8XKH34VijNgtN54LCXy7PH12T1_mwQt7SFkkPBqxVwAdQ1xLyaVECQgEMpmCDHm2FYDvLKARs5lHA6EwRLW0beZ63jg6aqMBYxfGNKaBFUop1GuGRAwTwEC-Ia0Ll8c6ZcIknlh8dAy5wMg], grant_type=[client_credentials], client_id=[@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7], scope=[uma_protection]}, isSecure = true, codeVerifier = null, ticket = null 2019-02-06 15:15:49,508 DEBUG [qtp212628335-14] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:118) - Starting to validate request parameters 2019-02-06 15:15:49,509 TRACE [qtp212628335-14] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:124) - Request parameters are right 2019-02-06 15:15:49,509 DEBUG [qtp212628335-14] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:126) - Grant type: 'client_credentials' 2019-02-06 15:15:49,509 DEBUG [qtp212628335-14] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:132) - Get sessionClient: 'org.xdi.oxauth.model.session.SessionClient@d476f16' 2019-02-06 15:15:49,509 DEBUG [qtp212628335-14] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:136) - Get client from session: '@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7' 2019-02-06 15:15:49,512 DEBUG [qtp212628335-14] [org.xdi.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:39) - Checking scopes policy for: uma_protection 2019-02-06 15:15:49,513 DEBUG [qtp212628335-14] [org.xdi.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:59) - Granted scopes: [uma_protection] 2019-02-06 15:15:49,515 DEBUG [qtp212628335-14] [org.xdi.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:117) - Saving grant: 261ede4e-d373-4c34-a35e-370ab69ee6a9, code_challenge: null 2019-02-06 15:15:49,530 TRACE [qtp212628335-12] [org.xdi.oxauth.uma.service.UmaValidationService] (UmaValidationService.java:105) - Validate authorization: Bearer a415d859-39e9-4399-b610-7b621503aef3 2019-02-06 15:15:49,532 DEBUG [qtp212628335-12] [org.xdi.oxauth.service.UserService] (UserService.java:84) - Getting user information from LDAP: userId = null 2019-02-06 15:15:49,534 DEBUG [qtp212628335-12] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7 2019-02-06 15:15:49,540 DEBUG [qtp212628335-12] [org.xdi.oxauth.service.UserService] (UserService.java:84) - Getting user information from LDAP: userId = null 2019-02-06 15:15:49,540 TRACE [qtp212628335-12] [org.xdi.oxauth.service.ClientService] (ClientService.java:195) - Get client from cache by Dn 'inum=@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7,ou=clients,o=@!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE,o=gluu' 2019-02-06 15:15:49,540 DEBUG [qtp212628335-12] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!783F.B4D7 2019-02-06 15:15:49,540 TRACE [qtp212628335-12] [org.xdi.oxauth.uma.service.UmaScopeService] (UmaScopeService.java:202) - Uma scope ids: [https://www.auth.vereint.community/oxauth/restv1/uma/scopes/scim_access], ldapFilter: (|(oxId=https://www.auth.vereint.community/oxauth/restv1/uma/scopes/scim_access)) 2019-02-06 15:15:49,799 TRACE [qtp212628335-19] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:88) - Get request to: 'https://www.auth.vereint.community/oxauth/restv1/token' 2019-02-06 15:15:49,799 DEBUG [qtp212628335-19] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:94) - Starting token endpoint authentication 2019-02-06 15:15:49,800 DEBUG [qtp212628335-19] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:97) - Starting JWT token endpoint authentication 2019-02-06 15:15:49,802 DEBUG [qtp212628335-19] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6DF5.AEBC.2DEB.7C27!0001!7DA6.C7BE!0008!8D08.0C31 2019-02-06 15:15:49,802 INFO [qtp212628335-19] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:369) - JWT authentication failed: {} org.xdi.oxauth.model.exception.InvalidJwtException: Cannot verify the JWT at org.xdi.oxauth.model.token.ClientAssertion.<init>(ClientAssertion.java:50) ~[classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.processJwtAuth(AuthenticationFilter.java:345) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:98) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] Caused by: org.xdi.oxauth.model.exception.InvalidJwtException: Invalid authentication method at org.xdi.oxauth.model.token.ClientAssertion.load(ClientAssertion.java:127) ~[classes/:?] at org.xdi.oxauth.model.token.ClientAssertion.<init>(ClientAssertion.java:44) ~[classes/:?] ... 29 more 2019-02-06 15:15:49,803 DEBUG [qtp212628335-19] [org.xdi.oxauth.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:70) - Looking for the error with id: invalid_client 2019-02-06 15:15:49,803 DEBUG [qtp212628335-19] [org.xdi.oxauth.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:75) - Found error, id: invalid_client 2019-02-06 15:15:53,304 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2019-02-06 15:15:53,304 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.ConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2019-02-06 15:15:53,304 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2019-02-06 15:15:53,356 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started ``` Please tell me if you need further informations. Thanks for your support. Greetings Michael

By Jose Gonzalez staff 14 Feb 2019 at 6:37 a.m. CST

Jose Gonzalez gravatar
Hi, Are you still having this issue? Is there any reason you are still with Gluu 3.1.1 (current is 3.1.5 and 3.1.6 soon to be released) If you could make a small pack with: oxauth.log, oxauth_Script.log and oxtrust.log for a relevant time frame where a single SCIM request is issued, we might look into it. Please ensure logs are set in TRACE level.

By Michael Stoll user 16 Feb 2019 at 6:25 a.m. CST

Michael Stoll gravatar
Hey, sorry for the late response. i will try it again tomorrow. The reason for using v3.1.1 was that i just clicked on the wrong documentation while installing it. I've installed 3.1.5 today. I'll update the issue tomorrow if i have new informations :) Thanks for your respone.