Hi Joel, Please use Gluu v2.4.3 and also SCIM-Client v2.4.3. Thanks, Val

Hi, I am in the process of switching to v2.4.3, I will comeback with more information when it is done. Joel

Hi Joel, Just a few reminders which could be useful: > scim-rp-openid-keys.json must only be used with scim_rp_client_id (they are both for "rp" = Requesting Party). > > Right after installation you just need to get the value of scim_rp_client_id and the file scim-rp-openid-keys.json to use with SCIM-Client. Also, make sure you also using SCIM-Client v2.4.3.Final if you are using CE v2.4.3. > > Other checks: > > If you changed client parameter values you may also need to clear/clean your client's target or tmp folder. > > Enable "SCIM Support" in oxTrust ("Configuration" -> "Organization Configuration" -> "System Configuration"). > > Import the SSL cert of your domain to your client's JVM cacerts certificate store. >

Hi, I have installed and setup version 2.43 of the server. After following your checklist, I am getting a different error now (which, I suppose, is progress :)) ``` Exception in thread "main" gluu.scim.client.exception.ScimInitializationException: Could not get accessToken at gluu.scim.client.auth.UmaScimClientImpl.initUmaAuthentication(UmaScimClientImpl.java:95) at gluu.scim.client.auth.UmaScimClientImpl.init(UmaScimClientImpl.java:74) at gluu.scim.client.BaseScimClientImpl.retrievePerson(BaseScimClientImpl.java:82) at gluu.scim.client.auth.UmaScimClientImpl.retrievePerson(UmaScimClientImpl.java:223) at gluu.scim.client.ScimClient.retrievePerson(ScimClient.java:51) at test.Main.main(Main.java:98) Caused by: gluu.scim.client.exception.ScimInitializationException: Failed to get RPT token. Error: {"error":"server_error","error_description":"The AM server encountered an unexpected condition which prevented it from fulfilling the request."} at gluu.scim.client.auth.UmaScimClientImpl.initUmaRpt(UmaScimClientImpl.java:164) at gluu.scim.client.auth.UmaScimClientImpl.initUmaAuthentication(UmaScimClientImpl.java:91) ... 5 more Caused by: org.jboss.resteasy.client.ClientResponseFailure: Error status 500 Internal Server Error returned at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:523) at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:514) at org.jboss.resteasy.client.core.BaseClientResponse.checkFailureStatus(BaseClientResponse.java:508) at org.jboss.resteasy.client.core.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:38) at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:120) at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:88) at com.sun.proxy.$Proxy30.createRPT(Unknown Source) at gluu.scim.client.auth.UmaScimClientImpl.initUmaRpt(UmaScimClientImpl.java:161) ... 6 more ``` EDIT: I went in to the oxauth.log and this is the error that its generating: ``` 2016-06-16 09:59:33,142 ERROR [xdi.oxauth.uma.ws.rs.CreateRptWS] Exception happened java.security.SignatureException: The shared secret is null at org.xdi.oxauth.model.jws.HMACSigner.generateSignature(HMACSigner.java:41) at org.xdi.oxauth.model.jws.AbstractJwsSigner.sign(AbstractJwsSigner.java:41) at org.xdi.oxauth.model.token.JwtSigner.sign(JwtSigner.java:80) at org.xdi.oxauth.uma.ws.rs.CreateRptWS.createJwr(CreateRptWS.java:127) at org.xdi.oxauth.uma.ws.rs.CreateRptWS.getRpt(CreateRptWS.java:97) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) at org.jboss.seam.resteasy.ResteasyContextInjectionInterceptor.aroundInvoke(ResteasyContextInjectionInterceptor.java:59) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185) at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103) at org.xdi.oxauth.uma.ws.rs.CreateRptWS_$$_javassist_seam_61.getRpt(CreateRptWS_$$_javassist_seam_61.java) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167) at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126) at org.jboss.seam.resteasy.ResteasyResourceAdapter$1.process(ResteasyResourceAdapter.java:145) at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) at org.jboss.seam.resteasy.ResteasyResourceAdapter.getResource(ResteasyResourceAdapter.java:120) at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:63) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) ```

Did you do a clean re-install of everything? Can you also post: 1. How you are importing SCIM-Client. 2. Your code including the actual values of the parameters.

It was not a clean re-install, I followed the upgrading guide in the [gluu docs](https://www.gluu.org/docs/deployment/upgrading/) and used the backup script to keep the configurations. I am importing SCIM-Client2.4.3 Final through the .jar file at the moment. I am doing this through eclipse with: Properties>Build Path>Libraries>Add External Jar This is my code: ``` public static void main(String args[]) { try { ResteasyProviderFactory instance=ResteasyProviderFactory.getInstance(); RegisterBuiltin.register(instance); instance.registerProvider(ResteasyJacksonProvider.class); String domain = "https://mydomain.com/identity/seam/resource/restv1"; String metadataUrl = "https://mydomain.com/.well-known/uma-configuration"; String clientJwks = FileUtils.readFileToString(new File("C:\\Users\\qw006351\\Downloads\\files\\scim-rp-openid-keys.json")); String clientKeyId = "6ba318d9-0f40-481b-8151-6cc7f495ef3a"; //and SCIM_RP_CLIENT_ID = "@!265F.3B43.7141.B1FC!0001!73CF.6474!0008!64C4.0ABC" //System.out.println(clientJwks); ScimResponse res; ScimClient client = ScimClient.umaInstance(domain, metadataUrl, SCIM_RP_CLIENT_ID, clientJwks, clientKeyId); res = client.retrievePerson("gluutest", MediaType.APPLICATION_JSON); System.out.println(res.getResponseBodyString()); } catch (HttpException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } } ``` (The only thing I have changed in the parameters are the URL)

I suggest you do a clean install first.

By clean install do you mean removing the software and all configurations entirely (i.e. not using the backup to automatically import the old configurations)?

Yes, and doing so will also re-generate all the UMA/SCIM parameters as well as the SSL cert.

Okay, I will do this and keep you posted.

Hi Val, I am having difficulty installing the certificates onto the new Gluu Server installation. I have three certificates: mydomain.crt QuoVadisOVIntermediateCertificate.crt QuoVadisOVRootCertificate.crt I have read up on installing them and have tried most of what I have read, from using mydomain.crt and the intermediate crt concatenated with the root crt to concatenating all three. I have also tried each method in two different directories on the server: /etc/certs/ and /etc/ssl/certs/java/. Is there another directory I should be copying these files into, or another method of concatenating or using the files? Thanks, Joel

Joel, Please feel free to open a new ticket for cert issue.