passport pod cannot get /identity/restv1/passport/config

By: Matti Lehmus Account Admin 01 Feb 2019 at 5:22 a.m. CST

48 Responses
Matti Lehmus gravatar
## Expected return json about the config returns 401 on un-authorized access as should (from alpha environment we can see this which works well. EC2 server installation.) ## what actually happends string returned: "Passport configuration was disabled." When browsing to "In oxTrust navigate to Configuration > Organization configuration > System configuration" ([guide](https://gluu.org/docs/ce/3.1.4/authn-guide/passport/)) it can be seen that the configuration is enabled. (see attached picture) Also log entries from passport node: ``` 2019-02-01T11:12:26+0000 [WARN] Error: Received unexpected HTTP status code of 503 2019-02-01T11:12:26+0000 [INFO] An attempt to get passport configurations will be tried again soon 2019-02-01T11:12:32+0000 [INFO] ::ffff:100.106.0.0 - - [01/Feb/2019:11:12:32 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.10" 2019-02-01T11:12:52+0000 [INFO] ::ffff:100.106.0.0 - - [01/Feb/2019:11:12:52 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.10" 2019-02-01T11:12:57+0000 [INFO] ::ffff:100.106.0.0 - - [01/Feb/2019:11:12:57 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.10" 2019-02-01T11:13:22+0000 [INFO] ::ffff:100.106.0.0 - - [01/Feb/2019:11:13:22 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.10" 2019-02-01T11:13:22+0000 [INFO] ::ffff:100.106.0.0 - - [01/Feb/2019:11:13:22 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.10" 2019-02-01T11:13:24+0000 [WARN] Error: Received unexpected HTTP status code of 503 2019-02-01T11:13:24+0000 [INFO] An attempt to get passport configurations will be tried again soon ``` In turn: /passport/passportstrategies (this is directed to passport pod) returns NULL ### environment info URL redirects: ``` /oxauth -> oxauth pod /identity -> oxtrust pod /passport -> passport pod ```
Docker 314.0
closed

Answers

By Mohib Zico Account Admin 01 Feb 2019 at 6:01 a.m. CST

Copy
Mohib Zico gravatar
Hi Matti, Thanks for the report, we will look into it.

By Isman Firmansyah staff 04 Feb 2019 at 11:45 a.m. CST

Copy
Isman Firmansyah gravatar
Hi Matti, ``` 2019-02-01T11:13:24+0000 [WARN] Error: Received unexpected HTTP status code of 503 2019-02-01T11:13:24+0000 [INFO] An attempt to get passport configurations will be tried again soon ``` The error is thrown when oxPassport has not been enabled yet. Once you have configure oxPassport via oxTrust UI (as per docs guide), you may see the following logs: ``` 2019-02-04T17:43:12+0000 [INFO] getStrategies. Passport strategies were received 2019-02-04T17:43:12+0000 [INFO] Github Strategy details received 2019-02-04T17:43:12+0000 [INFO] reloadConfiguration. Passport strategies have been parsed 2019-02-04T17:43:12+0000 [INFO] /opt/gluu/node/passport/server/idp-metadata/your_idp_name2.xml saved successfully 2019-02-04T17:43:12+0000 [INFO] /opt/gluu/node/passport/server/idp-metadata/your_idp_name2.xml saved successfully ```

By Surendra Khatana user 05 Feb 2019 at 1:48 a.m. CST

Copy
Surendra Khatana gravatar
Hi, Passport support has been already enabled by following Gluu v3.14 documentation @ https://gluu.org/docs/ce/3.1.4/authn-guide/passport/ Please let us know if there is any additional setting that needs to be turned on. I can share the screenshots of the passport configuration if needed. Regards Suren

By Surendra Khatana user 06 Feb 2019 at 8 a.m. CST

Copy
Surendra Khatana gravatar
Any updates on this please ? Regards Suren

By Mohib Zico Account Admin 06 Feb 2019 at 8:22 a.m. CST

Copy
Mohib Zico gravatar
Hi Surendra, We are trying to develop an environment locally to test this issue, please give us some time. We will inform you as soon as we can!

By Isman Firmansyah staff 11 Feb 2019 at 6:42 a.m. CST

Copy
Isman Firmansyah gravatar
Hi Surendra, There's no additional setting that need to be enabled apart from what's mentioned in docs, but sometime you may need to logout and login to see the effect (after enabling oxPassport). I wasn't unable to reproduce the issue with oxPassport.This is a log from one of our Kubernetes deployment test: ``` 2019-02-11T12:35:28+0000 [INFO] getStrategies. Passport strategies were received 2019-02-11T12:35:28+0000 [INFO] Github Strategy details received 2019-02-11T12:35:28+0000 [INFO] reloadConfiguration. Passport strategies have been parsed 2019-02-11T12:35:28+0000 [INFO] /opt/gluu/node/passport/server/idp-metadata/your_idp_name2.xml saved successfully 2019-02-11T12:35:28+0000 [INFO] /opt/gluu/node/passport/server/idp-metadata/your_idp_name2.xml saved successfully 2019-02-11T12:35:35+0000 [INFO] ::ffff:172.17.0.1 - - [11/Feb/2019:12:35:35 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.13" 2019-02-11T12:35:47+0000 [INFO] ::ffff:172.17.0.1 - - [11/Feb/2019:12:35:47 +0000] "GET /passport HTTP/1.1" 200 1019 "-" "kube-probe/1.13" ``` What I would suggest is checking the connectivity between oxPassport and oxAuth/oxTrust, for example: ``` kubectl exec <name-of-oxpassport-pod> nslookup oxtrust kubernetes.default ```

By Matti Lehmus Account Admin 11 Feb 2019 at 6:51 a.m. CST

Copy
Matti Lehmus gravatar
``` exec oxpassport-5457b58f6b-8h872 -- nslookup oxtrust kubernetes.default Server: 100.64.0.1 Address 1: 100.64.0.1 kubernetes.default.svc.cluster.local Name: oxtrust Address 1: 100.67.233.156 oxtrust.mydata.svc.cluster.local ```

By Matti Lehmus Account Admin 11 Feb 2019 at 7:01 a.m. CST

Copy
Matti Lehmus gravatar
The problem here is that the URL the passport pod is trying is returning: ``` $ curl -v https://domain.example.com/identity/restv1/passport/config * Trying 35.156.75.197... * TCP_NODELAY set * Connected to domain.example.com (35.156.75.197) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=domain.example.com * start date: Jan 11 00:00:00 2019 GMT * expire date: Feb 11 12:00:00 2020 GMT * subjectAltName: host "domain.example.com" matched cert's "domain.example.com" * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon * SSL certificate verify ok. > GET /identity/restv1/passport/config HTTP/1.1 > Host: domain.example.com > User-Agent: curl/7.58.0 > Accept: */* > < HTTP/1.1 503 Service Unavailable < Content-Type: application/json < Server: Jetty(9.4.9.v20180320) < Content-Length: 35 < Connection: keep-alive < * Connection #0 to host domain.example.com left intact Passport configuration was disabled ```

By Isman Firmansyah staff 11 Feb 2019 at 11:07 a.m. CST

Copy
Isman Firmansyah gravatar
If Passport support is enabled in oxTrust UI, it supposed to be saved into LDAP. Can you check the LDAP entry? For example: ``` /opt/opendj/bin/ldapsearch -D "cn=directory manager" -p 1636 --useSSL -w PASSWORD -b 'o=gluu' -s sub "gluuPassportEnabled=*" gluuPassportEnabled ``` or you can use any LDAP client. If Passport is enabled, the search result would be `gluuPassportEnabled: enabled`.

By Isman Firmansyah staff 11 Feb 2019 at 6:34 p.m. CST

Copy
Isman Firmansyah gravatar
Also it's worth to check oxAuth and/or oxTrust logs to check whether there's issue with Passport Resource Server Client. Can you show us the oxAuth/oxTrust logs, please? Thanks,

By Matti Lehmus Account Admin 12 Feb 2019 at 12:38 a.m. CST

Copy
Matti Lehmus gravatar
``` kubectl exec opendj-init-0 -- /opt/opendj/bin/ldapsearch -D "cn=directory manager" -p 1636 --useSSL -w <password-given-in-genereate-config.yml> -b 'o=gluu' -s sub "gluuPassportEnabled=*" gluuPassportEnabled The server is using the following certificate: Subject DN: EMAILADDRESS=address, CN=domain, O=Suomen Tilaajavastuu Oy, L=HELSINKI, ST=FI, C=FI Issuer DN: EMAILADDRESS=address, CN=domain, O=Suomen Tilaajavastuu Oy, L=HELSINKI, ST=FI, C=FI Validity: Tue Jan 22 07:03:37 GMT 2019 through Wed Jan 22 07:03:37 GMT 2020 Do you wish to trust this certificate and continue connecting to the server? Please enter "yes" or "no":yes ``` Never returns an answer (directly from opendj-init pod) Same with the opendj-repl

By Matti Lehmus Account Admin 12 Feb 2019 at 12:42 a.m. CST

Copy
Matti Lehmus gravatar
logs from opendj-init: ``` 2019-01-29 07:51:16,223 [INFO] [wait-for-it] - Hi world, waiting for config backend to be ready before running /opt/scripts/entrypoint.sh 2019-01-29 07:51:16,341 [INFO] [wait-for-it] - Config backend is ready. 2019-01-29 07:51:16,341 [INFO] [wait-for-it] - Now executing the arguments passed to /opt/scripts/wait-for-it: /opt/scripts/entrypoint.sh INFO - 2019-01-29 07:51:16,838 - Syncing OpenDJ certs. INFO - 2019-01-29 07:51:19,587 - Checking certificate's Subject Alt Name (SAN) [29/Jan/2019:07:51:22 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.134 msg=Gluu-OpenDJ 3.0.1-gluu (build 20180801142102, revision number c5ad2e4846d8aeb501ffdfe5ae2dfd35136dfa68) starting up [29/Jan/2019:07:51:24 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.21 msg=Installation Directory: /opt/opendj [29/Jan/2019:07:51:24 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.23 msg=Instance Directory: /opt/opendj [29/Jan/2019:07:51:24 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.17 msg=JVM Information: 1.8.0_171-b11 by Oracle Corporation, 64-bit architecture, 1862270976 bytes heap size [29/Jan/2019:07:51:25 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.18 msg=JVM Host: opendj-init-0.opendj.mydata.svc.cluster.local, running Linux 4.4.148-k8s amd64, 8374288384 bytes physical memory size, number of processors available 2 [29/Jan/2019:07:51:25 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.19 msg=JVM Arguments: "-Dorg.opends.server.scriptName=start-ds" [29/Jan/2019:07:51:25 +0000] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend site containing 2 entries has started [29/Jan/2019:07:51:26 +0000] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend userRoot containing 1462 entries has started [29/Jan/2019:07:51:26 +0000] category=EXTENSIONS severity=NOTICE msgID=org.opends.messages.extension.221 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: opendj-init-0.opendj.mydata.svc.cluster.local [29/Jan/2019:07:51:26 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.204 msg=Replication server RS(21271) started listening for new connections on address 0.0.0.0 port 8989 [29/Jan/2019:07:51:27 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(29215) has connected to replication server RS(2305) for domain "cn=schema" at opendj-repl-0.opendj.mydata.svc.cluster.local/100.100.0.7:8989 with generation ID 8408 [29/Jan/2019:07:51:27 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(11791) has connected to replication server RS(21271) for domain "o=site" at opendj-init-0.opendj.mydata.svc.cluster.local/100.106.0.1:8989 with generation ID 18513 [29/Jan/2019:07:51:27 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(13749) has connected to replication server RS(2305) for domain "cn=admin data" at opendj-repl-0.opendj.mydata.svc.cluster.local/100.100.0.7:8989 with generation ID 171065 [29/Jan/2019:07:51:27 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(29820) has connected to replication server RS(2305) for domain "o=gluu" at opendj-repl-0.opendj.mydata.svc.cluster.local/100.100.0.7:8989 with generation ID 2629918 [29/Jan/2019:07:51:28 +0000] category=PROTOCOL severity=NOTICE msgID=org.opends.messages.protocol.276 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444 [29/Jan/2019:07:51:28 +0000] category=PROTOCOL severity=NOTICE msgID=org.opends.messages.protocol.276 msg=Started listening for new connections on LDAPS Connection Handler 0.0.0.0 port 1636 [29/Jan/2019:07:51:28 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.135 msg=The Directory Server has started successfully [29/Jan/2019:07:51:28 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.139 msg=The Directory Server has sent an notification generated by class org.opends.server.core.DirectoryServer ( type org.opends.server.DirectoryServerStarted, ID org.opends.messages.core-135): The Directory Server has started successfully ``` logs from opendj-repl ``` 2019-01-29 11:25:37,437 [INFO] [wait-for-it] - Hi world, waiting for config backend to be ready before running /opt/scripts/entrypoint.sh 2019-01-29 11:25:37,567 [INFO] [wait-for-it] - Config backend is ready. 2019-01-29 11:25:37,567 [INFO] [wait-for-it] - Now executing the arguments passed to /opt/scripts/wait-for-it: /opt/scripts/entrypoint.sh INFO - 2019-01-29 11:25:38,207 - Syncing OpenDJ certs. INFO - 2019-01-29 11:25:41,014 - Checking certificate's Subject Alt Name (SAN) INFO - 2019-01-29 11:26:04,166 - Checking connection to opendj-init-0.opendj.mydata.svc.cluster.local:1636. INFO - 2019-01-29 11:26:07,731 - Enabling OpenDJ replication of o=gluu between opendj-init-0.opendj.mydata.svc.cluster.local:1636 and opendj-repl-0.opendj.mydata.svc.cluster.local:1636. WARNING - 2019-01-29 11:26:15,125 - There are no base DNs available to enable replication between the two servers. INFO - 2019-01-29 11:26:15,126 - Initializing OpenDJ replication of o=gluu between opendj-init-0.opendj.mydata.svc.cluster.local:1636 and opendj-repl-0.opendj.mydata.svc.cluster.local:1636. INFO - 2019-01-29 11:26:25,517 - Enabling OpenDJ replication of o=site between opendj-init-0.opendj.mydata.svc.cluster.local:1636 and opendj-repl-0.opendj.mydata.svc.cluster.local:1636. WARNING - 2019-01-29 11:26:32,300 - There are no base DNs available to enable replication between the two servers. INFO - 2019-01-29 11:26:32,300 - Initializing OpenDJ replication of o=site between opendj-init-0.opendj.mydata.svc.cluster.local:1636 and opendj-repl-0.opendj.mydata.svc.cluster.local:1636. [29/Jan/2019:11:26:58 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.134 msg=Gluu-OpenDJ 3.0.1-gluu (build 20180801142102, revision number c5ad2e4846d8aeb501ffdfe5ae2dfd35136dfa68) starting up [29/Jan/2019:11:27:00 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.21 msg=Installation Directory: /opt/opendj [29/Jan/2019:11:27:01 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.23 msg=Instance Directory: /opt/opendj [29/Jan/2019:11:27:01 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.17 msg=JVM Information: 1.8.0_171-b11 by Oracle Corporation, 64-bit architecture, 1862270976 bytes heap size [29/Jan/2019:11:27:01 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.18 msg=JVM Host: opendj-repl-0.opendj.mydata.svc.cluster.local, running Linux 4.4.148-k8s amd64, 8374288384 bytes physical memory size, number of processors available 2 [29/Jan/2019:11:27:01 +0000] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.19 msg=JVM Arguments: "-Dorg.opends.server.scriptName=start-ds" [29/Jan/2019:11:27:01 +0000] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend site containing 2 entries has started [29/Jan/2019:11:27:02 +0000] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend userRoot containing 1570 entries has started [29/Jan/2019:11:27:02 +0000] category=EXTENSIONS severity=NOTICE msgID=org.opends.messages.extension.221 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: opendj-repl-0.opendj.mydata.svc.cluster.local [29/Jan/2019:11:27:02 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.204 msg=Replication server RS(2305) started listening for new connections on address 0.0.0.0 port 8989 [29/Jan/2019:11:27:03 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(9022) has connected to replication server RS(2305) for domain "cn=schema" at opendj-repl-0.opendj.mydata.svc.cluster.local/100.100.0.5:8989 with generation ID 8408 [29/Jan/2019:11:27:03 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(8248) has connected to replication server RS(2305) for domain "o=site" at opendj-repl-0.opendj.mydata.svc.cluster.local/100.100.0.5:8989 with generation ID 18513 [29/Jan/2019:11:27:03 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(7364) has connected to replication server RS(2305) for domain "cn=admin data" at opendj-repl-0.opendj.mydata.svc.cluster.local/100.100.0.5:8989 with generation ID 171065 [29/Jan/2019:11:27:03 +0000] category=SYNC severity=NOTICE msgID=org.opends.messages.replication.62 msg=Directory server DS(28972) has connected to replication server RS(21271) for domain "o=gluu" at opendj-init-0.opendj.mydata.svc.cluster.local/100.106.0.1:8989 with generation ID 2629918 [29/Jan/2019:11:27:03 +0000] category=PROTOCOL severity=NOTICE msgID=org.opends.messages.protocol.276 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444 [29/Jan/2019:11:27:03 +0000] category=PROTOCOL severity=NOTICE msgID=org.opends.messages.protocol.276 msg=Started listening for new connections on LDAPS Connection Handler 0.0.0.0 port 1636 [29/Jan/2019:11:27:03 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.135 msg=The Directory Server has started successfully [29/Jan/2019:11:27:03 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.139 msg=The Directory Server has sent an notification generated by class org.opends.server.core.DirectoryServer ( type org.opends.server.DirectoryServerStarted, ID org.opends.messages.core-135): The Directory Server has started successfully ```

By Matti Lehmus Account Admin 12 Feb 2019 at 12:45 a.m. CST

Copy
Matti Lehmus gravatar
oxtrust: ``` 2019-02-12 06:41:23,471 INFO [qtp1514322932-23] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2019-02-12 06:41:23,555 ERROR [qtp1514322932-23] [org.gluu.oxtrust.service.uma.BaseUmaProtectionService] (BaseUmaProtectionService.java:75) - Failed to check UMA PAT token status org.gluu.oxtrust.exception.UmaProtectionException: Failed to obtain valid UMA PAT token at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken(BaseUmaProtectionService.java:110) ~[classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getPatToken(BaseUmaProtectionService.java:58) ~[classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isExistPatToken(BaseUmaProtectionService.java:73) [classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabledUmaAuthentication(BaseUmaProtectionService.java:68) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService.isEnabled(PassportUmaProtectionService.java:68) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService.processAuthorization(PassportUmaProtectionService.java:80) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService$Proxy$_$$_WeldClientProxy.processAuthorization(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter.filter(AuthorizationProcessingFilter.java:80) [classes/:?] at org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter$Proxy$_$$_WeldClientProxy.filter(Unknown Source) [classes/:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:263) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: org.jboss.resteasy.client.ClientResponseFailure: RESTEASY003150: Error status 404 Not Found returned at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:584) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:575) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.BaseClientResponse.checkFailureStatus(BaseClientResponse.java:569) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:39) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:128) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:89) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at com.sun.proxy.$Proxy176.getMetadata(Unknown Source) ~[?:?] at org.gluu.oxtrust.ldap.service.AppInitializer.initUmaMetadataConfiguration(AppInitializer.java:443) ~[classes/:?] at sun.reflect.GeneratedMethodAccessor294.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.producer.ProducerMethodProducer.produce(ProducerMethodProducer.java:103) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.producer.AbstractMemberProducer.produce(AbstractMemberProducer.java:161) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:180) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:131) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.oxauth.model.uma.UmaMetadata$Proxy$_$$_WeldClientProxy.getTokenEndpoint(Unknown Source) ~[oxauth-model-3.1.4.Final.jar:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken(BaseUmaProtectionService.java:103) ~[classes/:?] ... 53 more 2019-02-12 06:41:23,558 INFO [qtp1514322932-23] [org.gluu.oxtrust.service.uma.PassportUmaProtectionService] (PassportUmaProtectionService.java:90) - UMA passport authentication is disabled 2019-02-12 06:42:23,465 INFO [qtp1514322932-22] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2019-02-12 06:42:23,561 ERROR [qtp1514322932-22] [org.gluu.oxtrust.service.uma.BaseUmaProtectionService] (BaseUmaProtectionService.java:75) - Failed to check UMA PAT token status org.gluu.oxtrust.exception.UmaProtectionException: Failed to obtain valid UMA PAT token at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken(BaseUmaProtectionService.java:110) ~[classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getPatToken(BaseUmaProtectionService.java:58) ~[classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isExistPatToken(BaseUmaProtectionService.java:73) [classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabledUmaAuthentication(BaseUmaProtectionService.java:68) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService.isEnabled(PassportUmaProtectionService.java:68) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService.processAuthorization(PassportUmaProtectionService.java:80) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService$Proxy$_$$_WeldClientProxy.processAuthorization(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter.filter(AuthorizationProcessingFilter.java:80) [classes/:?] at org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter$Proxy$_$$_WeldClientProxy.filter(Unknown Source) [classes/:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:263) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: org.jboss.resteasy.client.ClientResponseFailure: RESTEASY003150: Error status 404 Not Found returned at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:584) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:575) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.BaseClientResponse.checkFailureStatus(BaseClientResponse.java:569) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:39) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:128) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:89) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at com.sun.proxy.$Proxy176.getMetadata(Unknown Source) ~[?:?] at org.gluu.oxtrust.ldap.service.AppInitializer.initUmaMetadataConfiguration(AppInitializer.java:443) ~[classes/:?] at sun.reflect.GeneratedMethodAccessor294.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.producer.ProducerMethodProducer.produce(ProducerMethodProducer.java:103) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.producer.AbstractMemberProducer.produce(AbstractMemberProducer.java:161) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:180) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:131) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.oxauth.model.uma.UmaMetadata$Proxy$_$$_WeldClientProxy.getTokenEndpoint(Unknown Source) ~[oxauth-model-3.1.4.Final.jar:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken(BaseUmaProtectionService.java:103) ~[classes/:?] ... 53 more 2019-02-12 06:42:23,563 INFO [qtp1514322932-22] [org.gluu.oxtrust.service.uma.PassportUmaProtectionService] (PassportUmaProtectionService.java:90) - UMA passport authentication is disabled org.apache.commons.exec.ExecuteException: Process exited with an error: 143 (Exit value: 143) at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404) at org.apache.commons.exec.DefaultExecutor.execute(DefaultExecutor.java:166) at org.apache.commons.exec.DefaultExecutor.execute(DefaultExecutor.java:153) at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:150) at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:65) at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:45) at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:39) at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.setFactorAttributes(StatusCheckerTimer.java:289) at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.processInt(StatusCheckerTimer.java:153) at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.process(StatusCheckerTimer.java:129) at org.gluu.oxtrust.ldap.service.StatusCheckerTimer$Proxy$_$$_WeldSubclass.process$$super(Unknown Source) at sun.reflect.GeneratedMethodAccessor293.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) at org.xdi.service.cdi.async.AsynchronousInterceptor$1.get(AsynchronousInterceptor.java:36) at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1590) at java.lang.Thread.run(Thread.java:748) 2019-02-12 06:43:23,477 INFO [qtp1514322932-16475] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2019-02-12 06:43:23,535 ERROR [qtp1514322932-16475] [org.gluu.oxtrust.service.uma.BaseUmaProtectionService] (BaseUmaProtectionService.java:75) - Failed to check UMA PAT token status org.gluu.oxtrust.exception.UmaProtectionException: Failed to obtain valid UMA PAT token at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken(BaseUmaProtectionService.java:110) ~[classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getPatToken(BaseUmaProtectionService.java:58) ~[classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isExistPatToken(BaseUmaProtectionService.java:73) [classes/:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabledUmaAuthentication(BaseUmaProtectionService.java:68) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService.isEnabled(PassportUmaProtectionService.java:68) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService.processAuthorization(PassportUmaProtectionService.java:80) [classes/:?] at org.gluu.oxtrust.service.uma.PassportUmaProtectionService$Proxy$_$$_WeldClientProxy.processAuthorization(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter.filter(AuthorizationProcessingFilter.java:80) [classes/:?] at org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter$Proxy$_$$_WeldClientProxy.filter(Unknown Source) [classes/:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:263) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: org.jboss.resteasy.client.ClientResponseFailure: RESTEASY003150: Error status 404 Not Found returned at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:584) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:575) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.BaseClientResponse.checkFailureStatus(BaseClientResponse.java:569) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:39) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:128) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:89) ~[resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at com.sun.proxy.$Proxy176.getMetadata(Unknown Source) ~[?:?] at org.gluu.oxtrust.ldap.service.AppInitializer.initUmaMetadataConfiguration(AppInitializer.java:443) ~[classes/:?] at sun.reflect.GeneratedMethodAccessor294.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.producer.ProducerMethodProducer.produce(ProducerMethodProducer.java:103) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.injection.producer.AbstractMemberProducer.produce(AbstractMemberProducer.java:161) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:180) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:131) ~[weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.oxauth.model.uma.UmaMetadata$Proxy$_$$_WeldClientProxy.getTokenEndpoint(Unknown Source) ~[oxauth-model-3.1.4.Final.jar:?] at org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken(BaseUmaProtectionService.java:103) ~[classes/:?] ... 53 more 2019-02-12 06:43:23,538 INFO [qtp1514322932-16475] [org.gluu.oxtrust.service.uma.PassportUmaProtectionService] (PassportUmaProtectionService.java:90) - UMA passport authentication is disabled ``` oxauth ``` 2019-02-12 03:24:12,790 INFO [Thread-184698] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:382) - Recreated instance ldapAuthEntryManager: [] 2019-02-12 03:24:42,455 INFO [Thread-184766] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:382) - Recreated instance ldapAuthEntryManager: [org.gluu.site.ldap.persistence.LdapEntryManager@1e227370] 2019-02-12 04:34:12,413 ERROR [Thread-185478] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:565) - Failed to load appliance entry from Ldap org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry: inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:303) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:444) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:381) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager$Proxy$_$$_WeldClientProxy.find(Unknown Source) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.xdi.oxauth.service.AppInitializer.loadAppliance(AppInitializer.java:563) [classes/:?] at org.xdi.oxauth.service.AppInitializer.loadLdapIdpAuthConfigs(AppInitializer.java:497) [classes/:?] at org.xdi.oxauth.service.AppInitializer.loadLdapAuthConfigs(AppInitializer.java:591) [classes/:?] at org.xdi.oxauth.service.AppInitializer.reloadConfiguration(AppInitializer.java:268) [classes/:?] at org.xdi.oxauth.service.AppInitializer.reloadConfigurationTimerEvent(AppInitializer.java:255) [classes/:?] at org.xdi.oxauth.service.AppInitializer$Proxy$_$$_WeldSubclass.reloadConfigurationTimerEvent$$super(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.service.cdi.async.AsynchronousInterceptor$1.get(AsynchronousInterceptor.java:36) [oxcore-service-3.1.4.Final.jar:?] at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1590) [?:1.8.0_171] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: org.gluu.site.ldap.exception.ConnectionException: Failed to lookup entry --> A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 422, base DN 'inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu', scope BASE, and filter '(objectClass=*)' from server opendj.mydata.svc.cluster.local:1636. at org.gluu.site.ldap.OperationsFacade.lookup(OperationsFacade.java:572) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:297) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 17 more Caused by: com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 422, base DN 'inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu', scope BASE, and filter '(objectClass=*)' from server opendj.mydata.svc.cluster.local:1636. at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1206) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3757) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1803) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.AbstractConnectionPool.getEntry(AbstractConnectionPool.java:615) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.site.ldap.OperationsFacade.lookup(OperationsFacade.java:569) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:297) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 17 more 2019-02-12 04:34:12,751 INFO [Thread-185478] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:382) - Recreated instance ldapAuthEntryManager: [] 2019-02-12 04:34:42,492 INFO [Thread-185544] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:382) - Recreated instance ldapAuthEntryManager: [org.gluu.site.ldap.persistence.LdapEntryManager@7238e81b] 2019-02-12 05:04:12,413 ERROR [Thread-185812] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:565) - Failed to load appliance entry from Ldap org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry: inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:303) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:444) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:381) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager$Proxy$_$$_WeldClientProxy.find(Unknown Source) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.xdi.oxauth.service.AppInitializer.loadAppliance(AppInitializer.java:563) [classes/:?] at org.xdi.oxauth.service.AppInitializer.loadLdapIdpAuthConfigs(AppInitializer.java:497) [classes/:?] at org.xdi.oxauth.service.AppInitializer.loadLdapAuthConfigs(AppInitializer.java:591) [classes/:?] at org.xdi.oxauth.service.AppInitializer.reloadConfiguration(AppInitializer.java:268) [classes/:?] at org.xdi.oxauth.service.AppInitializer.reloadConfigurationTimerEvent(AppInitializer.java:255) [classes/:?] at org.xdi.oxauth.service.AppInitializer$Proxy$_$$_WeldSubclass.reloadConfigurationTimerEvent$$super(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.service.cdi.async.AsynchronousInterceptor$1.get(AsynchronousInterceptor.java:36) [oxcore-service-3.1.4.Final.jar:?] at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1590) [?:1.8.0_171] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: org.gluu.site.ldap.exception.ConnectionException: Failed to lookup entry --> A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 800, base DN 'inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu', scope BASE, and filter '(objectClass=*)' from server opendj.mydata.svc.cluster.local:1636. at org.gluu.site.ldap.OperationsFacade.lookup(OperationsFacade.java:572) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:297) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 17 more Caused by: com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 800, base DN 'inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu', scope BASE, and filter '(objectClass=*)' from server opendj.mydata.svc.cluster.local:1636. at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1206) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3757) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1803) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.AbstractConnectionPool.getEntry(AbstractConnectionPool.java:615) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.site.ldap.OperationsFacade.lookup(OperationsFacade.java:569) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:297) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 17 more 2019-02-12 05:04:12,742 INFO [Thread-185812] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:382) - Recreated instance ldapAuthEntryManager: [] 2019-02-12 05:04:42,453 INFO [Thread-185876] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:382) - Recreated instance ldapAuthEntryManager: [org.gluu.site.ldap.persistence.LdapEntryManager@58e5b770] 2019-02-12 05:44:13,739 ERROR [qtp1514322932-92834] [org.xdi.oxauth.servlet.OpenIdConfiguration] (OpenIdConfiguration.java:323) - Failed to find entries with baseDN: ou=attributes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu, filter: (&(objectClass=top)(objectClass=gluuAttribute)) org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entries with baseDN: ou=attributes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu, filter: (&(objectClass=top)(objectClass=gluuAttribute)) at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:405) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:373) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:365) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:341) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:337) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager$Proxy$_$$_WeldClientProxy.findEntries(Unknown Source) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.xdi.service.AttributeService.getAllAtributesImpl(AttributeService.java:106) ~[oxcore-service-3.1.4.Final.jar:?] at org.xdi.service.AttributeService.getAllAttributes(AttributeService.java:98) ~[oxcore-service-3.1.4.Final.jar:?] at org.xdi.oxauth.service.AttributeService.getAllAttributes(AttributeService.java:86) ~[classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.processRequest(OpenIdConfiguration.java:257) [classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.doGet(OpenIdConfiguration.java:412) [classes/:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [servlet-api-3.1.jar:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.gluu.oxserver.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:344) [oxcore-server-3.1.4.Final.jar:?] at org.gluu.oxserver.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:121) [oxcore-server-3.1.4.Final.jar:?] at org.xdi.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:132) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 213, base DN 'ou=attributes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu', scope SUB, and filter '(&(objectClass=top)(objectClass=gluuAttribute))' from server opendj.mydata.svc.cluster.local:1636. at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1206) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3757) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.AbstractConnectionPool.search(AbstractConnectionPool.java:2056) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.site.ldap.OperationsFacade.search(OperationsFacade.java:349) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:399) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 52 more 2019-02-12 06:34:13,739 ERROR [qtp1514322932-92835] [org.xdi.oxauth.servlet.OpenIdConfiguration] (OpenIdConfiguration.java:323) - Failed to find entries with baseDN: ou=attributes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu, filter: (&(objectClass=top)(objectClass=gluuAttribute)) org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entries with baseDN: ou=attributes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu, filter: (&(objectClass=top)(objectClass=gluuAttribute)) at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:405) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:373) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:365) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:341) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:337) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager$Proxy$_$$_WeldClientProxy.findEntries(Unknown Source) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.xdi.service.AttributeService.getAllAtributesImpl(AttributeService.java:106) ~[oxcore-service-3.1.4.Final.jar:?] at org.xdi.service.AttributeService.getAllAttributes(AttributeService.java:98) ~[oxcore-service-3.1.4.Final.jar:?] at org.xdi.oxauth.service.AttributeService.getAllAttributes(AttributeService.java:86) ~[classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.processRequest(OpenIdConfiguration.java:257) [classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.doGet(OpenIdConfiguration.java:412) [classes/:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [servlet-api-3.1.jar:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.gluu.oxserver.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:344) [oxcore-server-3.1.4.Final.jar:?] at org.gluu.oxserver.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:121) [oxcore-server-3.1.4.Final.jar:?] at org.xdi.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:132) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 208, base DN 'ou=attributes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu', scope SUB, and filter '(&(objectClass=top)(objectClass=gluuAttribute))' from server opendj.mydata.svc.cluster.local:1636. at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1206) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3757) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.AbstractConnectionPool.search(AbstractConnectionPool.java:2056) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.site.ldap.OperationsFacade.search(OperationsFacade.java:349) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:399) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 52 more 2019-02-12 06:44:16,449 ERROR [qtp1514322932-25] [org.xdi.oxauth.servlet.OpenIdConfiguration] (OpenIdConfiguration.java:372) - Failed to find entries with baseDN: ou=scopes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu, filter: (&(&(objectClass=top)(objectClass=oxAuthCustomScope))(inum=*)) org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entries with baseDN: ou=scopes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu, filter: (&(&(objectClass=top)(objectClass=oxAuthCustomScope))(inum=*)) at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:405) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:373) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:365) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:341) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:337) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager$Proxy$_$$_WeldClientProxy.findEntries(Unknown Source) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.xdi.oxauth.service.ScopeService.getAllScopesList(ScopeService.java:55) ~[classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.createScopeToClaimsMapping(OpenIdConfiguration.java:344) [classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.processRequest(OpenIdConfiguration.java:307) [classes/:?] at org.xdi.oxauth.servlet.OpenIdConfiguration.doGet(OpenIdConfiguration.java:412) [classes/:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [servlet-api-3.1.jar:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.gluu.oxserver.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:344) [oxcore-server-3.1.4.Final.jar:?] at org.gluu.oxserver.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:121) [oxcore-server-3.1.4.Final.jar:?] at org.xdi.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:132) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] Caused by: com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 210, base DN 'ou=scopes,o=@!FF59.FA12.3467.63B6!0001!9E75.3880,o=gluu', scope SUB, and filter '(&(&(objectClass=top)(objectClass=oxAuthCustomScope))(inum=*))' from server opendj.mydata.svc.cluster.local:1636. at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1206) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3757) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.AbstractConnectionPool.search(AbstractConnectionPool.java:2056) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.site.ldap.OperationsFacade.search(OperationsFacade.java:349) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:399) ~[oxcore-ldap-3.1.4.Final.jar:?] ... 51 more ```

By Matti Lehmus Account Admin 12 Feb 2019 at 12:56 a.m. CST

Copy
Matti Lehmus gravatar
Heres the networkpolicy for opendj: But should not effect localhost connection as above ldapsearch did not give any results. opendj networkpolicy: ``` spec: egress: - ports: - port: 1636 protocol: TCP - port: 4444 protocol: TCP - port: 8989 protocol: TCP to: - podSelector: matchLabels: app: opendj - ports: - port: 443 protocol: TCP - port: 53 protocol: UDP to: - ipBlock: cidr: 0.0.0.0/0 ingress: - from: - podSelector: matchLabels: app: opendj ports: - port: 1636 protocol: TCP - port: 8989 protocol: TCP - port: 4444 protocol: TCP - from: - podSelector: matchLabels: app: oxauth ports: - port: 1636 protocol: TCP - from: - podSelector: matchLabels: app: oxtrust ports: - port: 1636 protocol: TCP podSelector: matchLabels: app: opendj ```

By Thomas Gasmyr Mougang staff 12 Feb 2019 at 1:26 p.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Hi Matti, After checking the log provide above, we have a few things we want you to do for us: 1- Check if the uma configuration is accessible from the UI( the link is https://yourhostname/.well-known/uma2-configuration) if not try to run this command from the oxtrust pod ``` wget https://yourhostname/.well-known/uma2-configuration ``` 2- Provide the full oxtrust and oxauth log(you send it as attachment)

By Mohammad Abudayyeh staff 12 Feb 2019 at 2:37 p.m. CST

Copy
Mohammad Abudayyeh gravatar
Hi Matti, Adding to what my colleague has written could you please try setting the LDAP `----connectTimeout {timeout}` to` 0` . Reload and try again and send the logs.

By Matti Lehmus Account Admin 13 Feb 2019 at 1:28 a.m. CST

Copy
Matti Lehmus gravatar
``` $ curl -v https:/domain/.well-known/uma2-configuration * Trying 35.157.144.171... * TCP_NODELAY set * Connected to domain (35.157.144.171) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=zeb.t-v.tv * start date: Jan 11 00:00:00 2019 GMT * expire date: Feb 11 12:00:00 2020 GMT * subjectAltName: host "domain" matched cert's "domain" * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon * SSL certificate verify ok. > GET /.well-known/uma2-configuration HTTP/1.1 > Host: domain > User-Agent: curl/7.58.0 > Accept: */* > < HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=iso-8859-1 < Server: Jetty(9.4.9.v20180320) < Content-Length: 353 < Connection: keep-alive < <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 404 Not Found</title> </head> <body><h2>HTTP ERROR 404</h2> <p>Problem accessing /oxauth/.well-known/uma2-configuration. Reason: <pre> Not Found</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.9.v20180320</a><hr/> </body> </html> * Connection #0 to hostdomain left intact ``` * we have proxy setting to rewrite all .well-known* to oxauth/.well-known* Logs are attached.
logs.tar.gz

By Matti Lehmus Account Admin 13 Feb 2019 at 1:45 a.m. CST

Copy
Matti Lehmus gravatar
> Hi Matti, > Adding to what my colleague has written could you please try setting the LDAP ----connectTimeout {timeout} to0 . Reload and try again and send the logs. This yielded the same results. I've waited for 1 minute for response but still getting no response. Also tried to provider wrong password to the command and the result is the same. Does not give some insight why the ldapsearch does not work? Also tried to set that connectTimeout to 5 seconds and no response / exit code after waiting for 1 minute. If `- w` parameter is left out of the command, the shell exits immediately after requesting user input for password.

By Matti Lehmus Account Admin 13 Feb 2019 at 2:05 a.m. CST

Copy
Matti Lehmus gravatar
Managed to get a reponse with following: ``` $ kubectl exec opendj-repl-0 -- /opt/opendj/bin/ldapsearch -h 127.0.0.1 -D "cn=directory manager" -z 5 --useSSL --trustAll --connectTimeout 5 -p 1636 -w "password" -b 'o=gluu' -s sub "gluuPassportEnabled=*" gluuPassportEnabled dn: inum=@!FF59.FA12.3467.63B6!0002!A4F1.63C0,ou=appliances,o=gluu gluuPassportEnabled: enabled ``` Adding the `--trustAll` did the trick

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 2:44 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
> we have proxy setting to rewrite all .well-known to oxauth/.well-known In that case please check the mapping in the proxy setting and run wget on the **oxauth/.well-known** instead. That can be similarto this ``` ProxyPass /.well-known/uma2-configuration http://localhost:8081/oxauth/restv1/uma2-configuration ``` **wget http://localhost:8081/oxauth/restv1/uma2-configuration**

By Matti Lehmus Account Admin 13 Feb 2019 at 2:54 a.m. CST

Copy
Matti Lehmus gravatar
That one worked and returned json: `kubectl exec oxauth -- wget localhost:8080/oxauth/restv1/uma2-configuration` Do we need to rewrite `.well-know/uma2-configuration` to `oxauth/.well-known/restv1/uma2-configuration`?

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 3:02 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Can you run that command from oxtrust container? Because in the end oxtrust id the one that will request that configuration. Another information we want is some details about your setup: - Which LDAP (OpenDJ or OpenLDAP)? - LDAP replication setup? - Have you scale LDAP if so how many instance? - LDAP logs files

By Matti Lehmus Account Admin 13 Feb 2019 at 3:12 a.m. CST

Copy
Matti Lehmus gravatar
> Which LDAP (OpenDJ or OpenLDAP)? > OpenDJ > LDAP replication setup? > using https://github.com/GluuFederation/gluu-docker/tree/3.1.4/examples/kubernetes/minikube with modified to AWS provider. Basically one opendj-init statefulset and one opendj-repl statefulset with fixed EBS volumes > Have you scale LDAP if so how many instance? > 2 , following the docs on above > LDAP logs files > Do you need all of the logs? it will be large file from both of the replication ones. - access - audit - errors - replication - server.out - server.pid - replInitRejectedEntries From one instance those logs are unzipped ~ 1.5GB

By Isman Firmansyah staff 13 Feb 2019 at 3:46 a.m. CST

Copy
Isman Firmansyah gravatar
Hello Matti, > Do we need to rewrite .well-know/uma2-configuration to oxauth/.well-known/restv1/uma2-configuration? Yes, please try adding the routing for `.well-known/uma2-configuration`. For reference, this is what we have in our Kubernetes Ingress example https://github.com/GluuFederation/gluu-docker/blob/3.1.4/examples/kubernetes/gke/nginx/nginx.yaml#L61.

By Matti Lehmus Account Admin 13 Feb 2019 at 3:49 a.m. CST

Copy
Matti Lehmus gravatar
Got it to work, but now for some reason getting http/0.9 not supported. Need to figure out what marks the request as http/0.9

By Isman Firmansyah staff 13 Feb 2019 at 4:03 a.m. CST

Copy
Isman Firmansyah gravatar
Where did you see the message about `http/0.9`?

By Matti Lehmus Account Admin 13 Feb 2019 at 4:07 a.m. CST

Copy
Matti Lehmus gravatar
trying to go to `/.well-known/uma2-configuration` We are using haproxy and the configuration is as follows: ``` acl gluu_openid path /.well-known/openid-configuration acl gluu_simple_web path /.well-known/simple-web-discovery acl gluu_webfinger path /.well-known/webfinger acl gluu_uma2 path /.well-known/uma2-configuration acl gluu_fido path /.well-known/fido-configuration acl gluu_fido2 path /.well-known/fido-u2f-configuration acl gluu_scim path /.well-known/scim-configuration http-request set-path /oxauth/.well-known/openid-configuration if gluu_host gluu_openid http-request set-path /oxauth/.well-known/simple-web-discovery if gluu_host gluu_simple_web http-request set-path /oxauth/.well-known/webfinger if gluu_host gluu_webfinger http-request set-path /oxauth/restv1/uma2-configuration if gluu_host gluu_uma2 http-request set-path /oxauth/restv1/fido-configuration if gluu_host gluu_fido http-request set-path /oxauth/restv1/fido-configuration if gluu_host gluu_fido2 http-request set-path /oxauth/restv1/scim-configuration if gluu_host gluu_scim ``` Also from logs I can see the request: `https-in mydata_gluu_oxauth/1 629/0/2/2/633 400 219 - - ---- 18/18/0/0/0 0/0 "GET /.well-known/uma2-configuration HTTP/1.1"` which is saying HTTP/1.1

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 4:24 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
I guess your are using **wget** to request that url, can you use **curl** instead. or **curl -k**.

By Matti Lehmus Account Admin 13 Feb 2019 at 4:28 a.m. CST

Copy
Matti Lehmus gravatar
``` $ curl -k https://domain/.well-known/uma2-configuration <h1>Bad Message 400</h1><pre>reason: HTTP/0.9 not supported</pre> ``` It is working locally from haproxy ec2 instance (wget without haproxy configurations). so haproxy is breaking the request. I did read that in some cases apache2 does not "find" the HTTP/1.1 info and the fallback is 0.9 if the info is not found

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 4:40 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Can you add this setting **option accept-invalid-http-request** in the **frontend** section of your haproxy configuration file? Note that this is just for testing purpose.

By Matti Lehmus Account Admin 13 Feb 2019 at 4:53 a.m. CST

Copy
Matti Lehmus gravatar
got it to work with different syntax. There was version mismatch and therefore was all on our side. ``` acl gluu_openid path /.well-known/openid-configuration acl gluu_simple_web path /.well-known/simple-web-discovery acl gluu_webfinger path /.well-known/webfinger acl gluu_uma2 path /.well-known/uma2-configuration acl gluu_fido path /.well-known/fido-configuration acl gluu_fido2 path /.well-known/fido-u2f-configuration acl gluu_scim path /.well-known/scim-configuration reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/.well-known/\2 if gluu_openid reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/.well-known/\2 if gluu_simple_web reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/.well-known/\2 if gluu_webfinger reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/restv1/\2 if gluu_uma2 reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/restv1/\2 if gluu_fido reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/restv1/\2 if gluu_fido2 reqrep ^([^\ :]*)\ /.well-known/(.*) \1\ /oxauth/restv1/\2 if gluu_scim ``` Now the URLs work. Is there some other steps I need to take before testing the passport?

By Mohammad Abudayyeh staff 13 Feb 2019 at 5:02 a.m. CST

Copy
Mohammad Abudayyeh gravatar
> I did read that in some cases apache2 does not "find" the HTTP/1.1 info and the fallback is 0.9 if the info is not found > Jetty 9 does not support HTTP/0.9 so even if it was falling back to HTTP/0.9 the error is being masked. Great to hear it worked out for you!

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 5:05 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
> Is there some other steps I need to take before testing the passport? You can give it a try now.

By Matti Lehmus Account Admin 13 Feb 2019 at 5:11 a.m. CST

Copy
Matti Lehmus gravatar
I can see pasport openidconnect image and link on external providers. It seems that the issue is solved. Will wait for confirmation from Suren and close the ticket if it is indeed resolved. Thank you :)

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 5:14 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Thank you for being patient.

By Surendra Khatana user 13 Feb 2019 at 5:59 a.m. CST

Copy
Surendra Khatana gravatar
Hi, Passport module issue seems to have resolved but when I am testing the passport-social authentication flow , due to some reason Gluu shows email verification form even though I haven't set up email linking as instructed in the document (https://gluu.org/docs/ce/authn-guide/passport/#email-account-linking). The passport_social jython script is exactly same as other lower env where we don't see this issue. Please check the attached image.
issue.jpg

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 6:19 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Hi Khatana, Can you share the content of the file named **passport-config.json** in your environment? It should normally be in the passport container(check in volumes).

By Matti Lehmus Account Admin 13 Feb 2019 at 6:53 a.m. CST

Copy
Matti Lehmus gravatar
`NOTE: Thomas`This is single usage link to prevent leaving anything persistent on the forums. https://snappass.tilaajavastuu.fi/snappass85fdde47d9f64d8087f1223886f2c73e%7EjfeyL-gk6p2ZXbcmS2ZJI2yJuPI1i91P6tF2W1fRaE4%3D

By Matti Lehmus Account Admin 13 Feb 2019 at 6:55 a.m. CST

Copy
Matti Lehmus gravatar
This config.json has not been altered in any ways (it comes from the container itself) We have replaced the following files: ``` - name: files mountPath: /opt/gluu/node/passport/node_modules/oauth/lib/oauth2.js subPath: oauth2.js - name: files mountPath: /opt/gluu/node/passport/server/auth/openidconnect.js subPath: openidconnect.js - name: files mountPath: /opt/gluu/node/passport/node_modules/passport-openidconnect/lib/strategy.js subPath: strategy.js ```

By Thomas Gasmyr Mougang staff 13 Feb 2019 at 7:09 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Yeah, apply the below change in that file: 1- Check the like starting with **applicationEndpoint** 2- Change it to look like this: ``` "applicationEndpoint":"https://hostname/oxauth/postlogin.htm" ``` 3- Save the change and make sure the updated file is used.

By Matti Lehmus Account Admin 14 Feb 2019 at 12:19 a.m. CST

Copy
Matti Lehmus gravatar
Do you have any other suggestions than making my own docker-image? https://github.com/GluuFederation/docker-oxPassport/blob/3.1.4/passport-config.json.tmpl It is generated from this one https://github.com/GluuFederation/docker-oxPassport/blob/3.1.4/entrypoint.py at lines 55-72. As said no modifications have been made to the file manually

By Matti Lehmus Account Admin 14 Feb 2019 at 12:21 a.m. CST

Copy
Matti Lehmus gravatar
My mistake: https://github.com/GluuFederation/docker-oxPassport/commit/4f16fe9c2782e593e230d951d9127afea794d737 It was updated 16 hours ago. Can do now :)

By Surendra Khatana user 15 Feb 2019 at 10:18 a.m. CST

Copy
Surendra Khatana gravatar
Hi, Still the login is failing when using passport-module. Please check the attached error message. Passport_social script is not able to verify the signature of the JWT token received from passport.
Signature_Error.jpg

By Thomas Gasmyr Mougang staff 15 Feb 2019 at 1:28 p.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Navigate to **Manage custom scripts** and locate the custom script name **passport_social**. Check if you have all the below settings: 1. https://pasteboard.co/I1jGjie.png 1. https://pasteboard.co/I1jGtZ8.png

By Surendra Khatana user 15 Feb 2019 at 2:41 p.m. CST

Copy
Surendra Khatana gravatar
Hi, Yes this is the first thing I verified. I have also verified that the JKS file is present in the passport container. Regards Suren

By Isman Firmansyah staff 15 Feb 2019 at 9:13 p.m. CST

Copy
Isman Firmansyah gravatar
Hi Surendra, For testing purpose, can you copy `idp-signing.crt` and `passport-rp.jks` from oxPassport to oxAuth? Put these files under `/etc/certs`.

By Isman Firmansyah staff 15 Feb 2019 at 9:19 p.m. CST

Copy
Isman Firmansyah gravatar
Or you can use `gluufederation/oxauth:3.1.4_dev` temporarily to see the changes. We will release new version after your confirmation. Thanks.

By Surendra Khatana user 19 Feb 2019 at 6:51 a.m. CST

Copy
Surendra Khatana gravatar
Hi, The passport module is now functioning correctly . Thanks for all your help. Can you please share the official version of oxauth ?

Post an answer