Hi, In openID Connect is there a oxAuth client that we need to install on client side? I am testing openID Connect with gluu server v2.0

Right now you'll have to call the OpenID Connect APIs from within your application. Depending on what language your using, you'll need to implement those client libraries. [Here's a list of libraries for various languages](http://openid.net/developers/libraries/). Here's our [java libraries](https://github.com/GluuFederation/oxAuth).

In regards to your first question, the OpenID Connect IDP can specify the authentication mechanism. You can see the interfaces [here](http://www.gluu.org/docs/admin-guide/interception-scripts/authentication/).

Mohamed, You could also try using this Apache module: [https://github.com/pingidentity/mod_auth_openidc](https://github.com/pingidentity/mod_auth_openidc/)

Ok, i will check those thank you william

Hi, i installed the mod_auth_openidc and i got these error in the browser when i accessed the "OIDCRedirectURI" for testing openID connect authentication: `Error: mod_auth_openidc Description: You've hit an OpenID Connect Redirect URI with no parameters, this is an invalid request; you should not open this URL in your browser directly, or have the server administrator use a different OIDCRedirectURI setting.` can you give me a hint about this error? Thank you

Can you add the JSON for the client that was registered? Or alternately, the LDIF for the client entry in the Gluu LDAP server. If you could send the request and response that would be helpful. Please include configuration for mod-oic-module you used, and any log files, like oxAuth log files or log files from the apache module if it provides any.. Hard for us to diagnose the exact problem. We didn't write the apache module you're using...

LDIF client: `######################### # OX Clients Definition ######################### dn: inum=@!00EB.2A19.32E4.4E23!0008!9764.F1F2,ou=clients,o=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3,o=gluu objectClass: oxAuthClient objectClass: top displayName: oxTrust Admin GUI inum: @!00EB.2A19.32E4.4E23!0008!9764.F1F2 oxAuthClientSecret: zWVaEG0H4+4HllzQu2L0hQ== oxAuthAppType: web oxAuthResponseType: code oxAuthResponseType: id_token oxAuthResponseType: token oxAuthScope: inum=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3!0009!F0C4,ou=scopes,o=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3,o=gluu oxAuthScope: inum=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3!0009!10B2,ou=scopes,o=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3,o=gluu oxAuthScope: inum=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3!0009!764C,ou=scopes,o=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3,o=gluu oxAuthScope: inum=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3!0009!43F1,ou=scopes,o=@!00EB.2A19.32E4.4E23!0001!5A40.2DD3,o=gluu oxAuthRedirectURI: https://alaska.aduneo.com/identity/scim/auth oxAuthRedirectURI: https://alaska.aduneo.com/identity/authentication/authcode oxAuthPostLogoutRedirectURI: https://alaska.aduneo.com/identity/authentication/finishlogout oxAuthTokenEndpointAuthMethod: client_secret_basic oxAuthIdTokenSignedResponseAlg: HS256 oxAuthTrustedClient: true` auth_openid.conf: `OIDCRedirectURI https://<ServerName>/protected/ OIDCCryptoPassphrase <Password> OIDCProviderMetadataURL https://<gluu server Name>/.well-known/openid-configuration OIDCProviderIssuer https://<gluu server Name> OIDCClientID <Inum generated by gluu server> OIDCClientSecret <Password> <Location /protected/> AuthType openid-connect Require valid-user </Location>` Please let me know if this is not enough

Mohamed and Will, I have a suggestion... There is a mailing list ( mod_auth_openidc@googlegroups.com ) in https://github.com/pingidentity/mod_auth_openidc/ How about sending an email to that list on this issue? Kind regards, Zico

Mohamed, I am closing this ticket for now. Please don't hesitate to create a new one if required. Kind regards, Zico