oxd-python demosite installation issue

By: Chris Abel user 30 Mar 2017 at 1:23 p.m. CDT

20 Responses
Chris Abel gravatar
Hello, I'm trying to set up the demo site for testing purposes located here: https://github.com/GluuFederation/oxd-python/tree/master/demosite I have set up my oxd license and followed the instructions to the T. The demosite page loads up, but I get an internal error when I click the "Go to Authorization Page". My apache error.log looks like this: ``` [Thu Mar 30 14:08:40.383917 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_name' in section: 'client' [Thu Mar 30 14:08:40.384318 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_jwks_uri' in section: 'client' [Thu Mar 30 14:08:40.384520 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_token_endpoint_auth_method' in section: 'client' [Thu Mar 30 14:08:40.384716 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_id' in section: 'client' [Thu Mar 30 14:08:40.384967 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_secret' in section: 'client' [Thu Mar 30 14:08:40.385158 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'grant_types' in section: 'client' [Thu Mar 30 14:08:40.385321 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'acr_values' in section: 'client' [Thu Mar 30 14:08:40.385480 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'contacts' in section: 'client' [Thu Mar 30 14:08:40.385865 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_logout_uris' in section: 'client' [Thu Mar 30 14:08:40.386043 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_request_uris' in section: 'client' [Thu Mar 30 14:08:40.386198 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'client_sector_identifier_uri' in section: 'client' [Thu Mar 30 14:08:40.386349 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'response_types' in section: 'client' [Thu Mar 30 14:08:40.386499 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'scope' in section: 'client' [Thu Mar 30 14:08:40.386648 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'ui_locales' in section: 'client' [Thu Mar 30 14:08:40.386878 2017] [:error] [pid 30437] WARNING:oxdpython.configurer:No option 'claims_locales' in section: 'client' [Thu Mar 30 14:08:40.508385 2017] [:error] [pid 30437] ERROR:oxdpython.client:OxD Server Error: internal_error [Thu Mar 30 14:08:40.508580 2017] [:error] [pid 30437] Description:Unknown internal server error occurs. [Thu Mar 30 14:08:40.509587 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] [2017-03-30 14:08:40,508] ERROR in app: Exception on /authorize/ [GET] [Thu Mar 30 14:08:40.509726 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] Traceback (most recent call last): [Thu Mar 30 14:08:40.509809 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app [Thu Mar 30 14:08:40.509866 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] response = self.full_dispatch_request() [Thu Mar 30 14:08:40.509918 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request [Thu Mar 30 14:08:40.509969 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] rv = self.handle_user_exception(e) [Thu Mar 30 14:08:40.510018 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1517, in handle_user_exception [Thu Mar 30 14:08:40.510064 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] reraise(exc_type, exc_value, tb) [Thu Mar 30 14:08:40.510105 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request [Thu Mar 30 14:08:40.510148 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] rv = self.dispatch_request() [Thu Mar 30 14:08:40.510189 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request [Thu Mar 30 14:08:40.510230 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] return self.view_functions[rule.endpoint](**req.view_args) [Thu Mar 30 14:08:40.510271 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/var/www/openid-demo/oxd-python/demosite/demosite.py", line 27, in authorize [Thu Mar 30 14:08:40.510312 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] auth_url = oxc.get_authorization_url() [Thu Mar 30 14:08:40.510356 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/var/www/openid-demo/oxd-python/oxdpython/client.py", line 132, in get_authorization_url [Thu Mar 30 14:08:40.510398 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] self.register_site() [Thu Mar 30 14:08:40.510439 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/var/www/openid-demo/oxd-python/oxdpython/client.py", line 105, in register_site [Thu Mar 30 14:08:40.510480 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] self.oxd_id = self.__clear_data(response).oxd_id [Thu Mar 30 14:08:40.510521 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] File "/var/www/openid-demo/oxd-python/oxdpython/client.py", line 64, in __clear_data [Thu Mar 30 14:08:40.510561 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] raise RuntimeError(error) [Thu Mar 30 14:08:40.510601 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] RuntimeError: OxD Server Error: internal_error [Thu Mar 30 14:08:40.510641 2017] [:error] [pid 30437] [remote 10.131.0.227:60651] Description:Unknown internal server error occurs. ``` Any help would be greatly appreciated.
OS Version : N/A
closed

Answers

By Michael Schwartz Account Admin 30 Mar 2017 at 3:32 p.m. CDT

Copy
Michael Schwartz gravatar
* What OpenID Provider are you trying to authenticate against? * Does that OP support dynamic client registration?

By Chris Abel user 30 Mar 2017 at 3:39 p.m. CDT

Copy
Chris Abel gravatar
- I'm using Gluu as my OpenID Provider. - Yes?

By William Lowe user 30 Mar 2017 at 3:44 p.m. CDT

Copy
William Lowe gravatar
Hi Chris, 1. Can you provide the config files you are using for python? 2. Did the client register on the Gluu Server? (check `OpenID Connect` > `Clients`) 3. Do you see the client config file in `/opt/oxd-server/conf/` ? 4. Do you see any relevant logs for oxd or on the Gluu Server? Thanks, Will

By Chris Abel user 30 Mar 2017 at 3:50 p.m. CDT

Copy
Chris Abel gravatar
Sure: here is demosite.cfg (I don't believe there are any other config files): ``` [oxd] host = localhost port = 8099 id = [client] authorization_redirect_uri = https://openid-demo.domain/callback post_logout_redirect_uri = https://openid-demo.domain.org/ op_host = https://sso.domain.org application_type = web ``` Here is /opt/oxd-server/conf/oxd-conf.json: ``` { "port":8099, "localhost_only":false, "time_out_in_seconds":0, "use_client_authentication_for_pat":true, "use_client_authentication_for_aat":true, "trust_all_certs":true, "trust_store_path":"", "trust_store_password":"", "license_id":"id", "public_password":"password", "license_password":"password", "support-google-logout": true, "state_expiration_in_minutes":5, "nonce_expiration_in_minutes":5 } ``` I do not see a client added to OpenID Connect > Clients I also can't find any logs outside of the apache error log. I'm also not sure where to look for them.

By Michael Schwartz Account Admin 30 Mar 2017 at 3:52 p.m. CDT

Copy
Michael Schwartz gravatar
`authorization_redirect_uri` is missing. This is required for OpenID Connect client registration.

By Chris Abel user 30 Mar 2017 at 4:02 p.m. CDT

Copy
Chris Abel gravatar
Opps looks like my config file didn't paste correctly. I do have the authorization_redirect_uri. This is what my demosite.cfg looks like: ``` [oxd] host = localhost port = 8099 id = [client] authorization_redirect_uri = https://openid-demo.domain/callback post_logout_redirect_uri = https://openid-demo.domain.org/ op_host = https://sso.domain.org application_type = web ```

By Michael Schwartz Account Admin 30 Mar 2017 at 9:08 p.m. CDT

Copy
Michael Schwartz gravatar
[https://gluu.org/docs/oxd/libraries/python/](https://gluu.org/docs/oxd/libraries/python/) Under configuration it says "The minimal configuration required to get oxd-python working" Also under [https://gluu.org/docs/oxd/protocol/#register-site](https://gluu.org/docs/oxd/protocol/#register-site) notice that "authorization_redirect_uri" is the only param listed as "REQUIRED".

By Michael Schwartz Account Admin 30 Mar 2017 at 9:10 p.m. CDT

Copy
Michael Schwartz gravatar
Something is definitely going wrong during client registration, because I don't see the `id` in your config file, and I suspect that you won't find the respective client config document under `/opt/oxd-server/conf`

By Chris Abel user 31 Mar 2017 at noon CDT

Copy
Chris Abel gravatar
Thanks for your response Michael, In /opt/oxd-server/conf, I have these 3 files: log4j.xml oxd-conf.json oxd-default-site-config.json This is what my oxd-conf.json file looks like (I removed the oxd license information): ``` { "port":8099, "localhost_only":false, "time_out_in_seconds":0, "use_client_authentication_for_pat":true, "use_client_authentication_for_aat":true, "trust_all_certs":true, "trust_store_path":"", "trust_store_password":"", "license_id":"id", "public_key":"key", "public_password":"password", "license_password":"password", "support-google-logout": true, "state_expiration_in_minutes":5, "nonce_expiration_in_minutes":5 } ``` and this is what my oxd-default-site-config.json file looks like: ``` { "op_host":"https://sso.domain.org", "authorization_redirect_uri":"", "post_logout_redirect_uri":"", "redirect_uris":[""], "response_types":["code"], "grant_type":["authorization_code"], "acr_values":[""], "scope":["openid", "profile", "email"], "ui_locales":["en"], "claims_locales":["en"], "client_jwks_uri":"", "contacts":[] } ``` My config file does not have anything listed after id... I wasn't sure what was supposed to go there. Does the oxd license id go there?

By Michael Schwartz Account Admin 31 Mar 2017 at 12:05 p.m. CDT

Copy
Michael Schwartz gravatar
Client registration definitely never happened. You'd see a 4th config file with the data returned from registration for the respective `ox-id` You might want to try the demo cgi app. The flask app maybe is a little harder to use.

By Chris Abel user 31 Mar 2017 at 12:10 p.m. CDT

Copy
Chris Abel gravatar
Thanks Michael, I already tried the demo cgi app and ran into an issue with the ./setupDemo.py file. It through the following error: ``` Traceback (most recent call last): File "./setupDemo.py", line 6, in <module> from appLog import * File "/var/www/openid-demo/oxd-python/demo-cgi/appLog.py", line 6, in <module> fh = logging.FileHandler(LOG_FN) File "/usr/lib/python2.7/logging/__init__.py", line 903, in __init__ StreamHandler.__init__(self, self._open()) File "/usr/lib/python2.7/logging/__init__.py", line 928, in _open stream = open(self.baseFilename, self.mode) IOError: [Errno 2] No such file or directory: '/var/log/sampleapp/app.log' ``` Someone from Gluu recommended that I try the demosite instead.

By Michael Schwartz Account Admin 31 Mar 2017 at 12:16 p.m. CDT

Copy
Michael Schwartz gravatar
This demo assumes some knowledge of Python.

By Chris Abel user 31 Mar 2017 at 12:27 p.m. CDT

Copy
Chris Abel gravatar
I do know some Python...

By Michael Schwartz Account Admin 31 Mar 2017 at 12:53 p.m. CDT

Copy
Michael Schwartz gravatar
See [step 3](https://github.com/GluuFederation/oxd-python/tree/master/demo-cgi)

By Chris Abel user 31 Mar 2017 at 1:09 p.m. CDT

Copy
Chris Abel gravatar
Ok, I've created the directory and files. Sorry about that, I thought I had already done that part. I'm now getting this: ``` Traceback (most recent call last): File "./setupDemo.py", line 8, in <module> db = shelve.open(DB_FILENAME, "n") File "/usr/lib/python2.7/shelve.py", line 239, in open return DbfilenameShelf(filename, flag, protocol, writeback) File "/usr/lib/python2.7/shelve.py", line 223, in __init__ Shelf.__init__(self, anydbm.open(filename, flag), protocol, writeback) File "/usr/lib/python2.7/anydbm.py", line 82, in open raise error, "db type could not be determined" anydbm.error: db type could not be determined ``` All I did to create these needed files was use touch. example: touch /var/log/openiddemo/sessionDB. Do I need to do anything special fro the DB setup?

By Michael Schwartz Account Admin 31 Mar 2017 at 1:26 p.m. CDT

Copy
Michael Schwartz gravatar
This is a python question, not a Gluu Server question.

By Chris Abel user 31 Mar 2017 at 2:37 p.m. CDT

Copy
Chris Abel gravatar
IMHO, it's a lack of documentation/bug issue, not a python question. I've read through your documentation at least 10 times and watched your video at least 5 times through. The video doesn't even mention anything about the constants.py file. The documentation asks to "check the filesystem paths to make sure they are ok". To me, that means to make sure I have rights to write into the system path that I've specified in constants.py. It doesn't actually say that app.log should be created. Perhaps the following in setupDemo.py is needed: ``` os.system("/bin/touch %s" % LOG_FN) ``` Shall I create a bug report? setupDemo.py does indeed create the database with shelve, so no need to create the file. With my corrections, setupDemo.py now works. Unfortunately, I'm still getting an issue when I try to log in: ``` [Fri Mar 31 15:35:10.514620 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: Traceback (most recent call last):, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.514890 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: File "/var/www/www.domain.org/cgi-bin/redirect-to-login.cgi", line 12, in <module>, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515029 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: , referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515105 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: auth_url = oxc.get_authorization_url(), referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515212 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: File "/usr/local/lib/python2.7/dist-packages/oxdpython/client.py", line 132, in get_authorization_url, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515327 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: , referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515396 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: self.register_site(), referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515495 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: File "/usr/local/lib/python2.7/dist-packages/oxdpython/client.py", line 105, in register_site, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515595 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: , referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515670 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: self.oxd_id = self.__clear_data(response).oxd_id, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515767 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: File "/usr/local/lib/python2.7/dist-packages/oxdpython/client.py", line 64, in __clear_data, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515866 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: , referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.515926 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: raise RuntimeError(error), referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.516002 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: RuntimeError, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.516058 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: : , referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.516122 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: OxD Server Error: internal_error, referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.516177 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: Description:Unknown internal server error occurs., referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.516230 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] AH01215: , referer: https://www.domain.org/cgi-bin/home.cgi [Fri Mar 31 15:35:10.521045 2017] [cgi:error] [pid 7693] [client 10.131.0.227:51645] End of script output before headers: redirect-to-login.cgi, referer: https://www.domain.org/cgi-bin/home.cgi ```

By Michael Schwartz Account Admin 31 Mar 2017 at 2:46 p.m. CDT

Copy
Michael Schwartz gravatar
Yes, it's not a step-by-step howto. And support is not a place where we can provide really granular help. If you want to create a pull request, we'll review it.

By Chris Abel user 31 Mar 2017 at 3:08 p.m. CDT

Copy
Chris Abel gravatar
Ok, I will. Do you have any ideas what is going on with my current issue?

By Michael Schwartz Account Admin 31 Mar 2017 at 3:49 p.m. CDT

Copy
Michael Schwartz gravatar
`End of script output before headers` seems like the reason.

Post an answer