By: VIKTOR SALMIN user 09 Sep 2024 at 9:39 a.m. CDT

6 Responses
VIKTOR SALMIN gravatar
After I deployed gluu, obtain SSA and tried to submit it I've got "Parser is unable to parse the response" Our company choose IAM, and I try to test Gluu. After deploy flex-pgsql-compose.yml I choose ssa.jwt on {domain}/admin/ and get: Parser is unable to parse the response Error from logs ``` flex_1 | 09-09 13:34:09.472 ERROR [qtp1791868405-20] configapi.security.service.OpenIdAuthorizationService OpenIdAuthorizationService.java:144- Insufficient scopes! Required scope:[https://jans.io/oauth/jans-auth-server/config/adminui/license.write] - however token scopes:[jans_stat, openid, https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly, https://jans.io/oauth/jans-auth-server/config/adminui/license.write, https://jans.io/oauth/config/stats.readonly, https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly] flex_1 | 09-09 13:34:09.473 ERROR [qtp1791868405-20] configapi.security.service.OpenIdAuthorizationService OpenIdAuthorizationService.java:187- oAuth authorization error:Insufficient scopes! , Required scope: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write], however token scopes: [jans_stat, openid, https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly, https://jans.io/oauth/jans-auth-server/config/adminui/license.write, https://jans.io/oauth/config/stats.readonly, https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly] flex_1 | 09-09 13:34:09.473 ERROR [qtp1791868405-20] jans.configapi.filters.AuthorizationFilter AuthorizationFilter.java:94- ======AUTHORIZATION FAILED =================== ``` Are other token scopes interfering? But then how do I get rid of them? I didn't select them. I did everything according to the guide https://docs.gluu.org/v5.0.0-20/install/software-statements/ssa/ Steps to reproduce the behavior: Deploy ghcr.io/gluufederation/flex/monolith:5.1.5_dev with docker or docker-compose Get SSA JWT on https://cloud.gluu.org/agama-lab Go to {domain}/admin/ Upload ssa.jwt See error ![](https://private-user-images.githubusercontent.com/737444/365677863-23e38d7d-4480-4665-a412-aebc7a9f28b6.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjU4OTMwNjksIm5iZiI6MTcyNTg5Mjc2OSwicGF0aCI6Ii83Mzc0NDQvMzY1Njc3ODYzLTIzZTM4ZDdkLTQ0ODAtNDY2NS1hNDEyLWFlYmM3YTlmMjhiNi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwOTA5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDkwOVQxNDM5MjlaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1lMzAzYTRlYzZiMjQ2ZWE1ZDgwZmYwNmNkZjQ2ZWVjNGJhMzI2Nzg0N2M5ZmZhMWVhZmIzMmQyMjQ0YThhMWI4JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.OR_87mFLZRSQc0LpYI-0IY3wqf3BnHCYLaausa_aVEE)

By Michael Schwartz Account Admin 09 Sep 2024 at 10:03 a.m. CDT

Michael Schwartz gravatar
You can just generate a new SSA in Agama Lab. Can you paste a screenshot of what it looks like when you create the SSA?

By VIKTOR SALMIN user 09 Sep 2024 at 10:16 a.m. CDT

VIKTOR SALMIN gravatar
Hi! Tank you for the response. I've just generate new SSA. Here are screenshots from Agama Lab: ![](https://i.ibb.co/f4J0MnJ/Screenshot-2024-09-09-at-17-12-25.png) ![](https://i.ibb.co/VWYqYwm/Screenshot-2024-09-09-at-17-13-37.png)

By Michael Schwartz Account Admin 09 Sep 2024 at 11:22 a.m. CDT

Michael Schwartz gravatar
It looks ok. Are you still blocked?

By VIKTOR SALMIN user 09 Sep 2024 at 11:28 a.m. CDT

VIKTOR SALMIN gravatar
Yes, still "Parser is unable to parse the response" oAuth authorization error Insufficient scopes!, Required scope: [ https: //jans.io/oauth/jans-auth-server/config/adminui/license.write], however token scopes: [jans_stat, openid, https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly, https://jans.io/oauth/jans-auth-server/config/adminui/license.write, https://jans.io/oauth/config/stats.readonly, https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly]

By Michael Schwartz Account Admin 09 Sep 2024 at 11:30 a.m. CDT

Michael Schwartz gravatar
Ok, checking on our side why the admin ui needs write access...

By Md Safin al Wasi staff 09 Sep 2024 at 12:22 p.m. CDT

Md Safin al Wasi gravatar
We've found the problem. ` https: //jans.io/oauth/jans-auth-server/config/adminui/license.write` if you check, there is a space character in the middle of the scope string. We're checking why this is the issue.