Client Regisitration on Gluu Server

By: Akshay Kamalapuram Sridhar user 08 Mar 2021 at 12:24 p.m. CST

2 Responses
Akshay Kamalapuram Sridhar gravatar
1) I am using Gluu OIDC for SSO for some of our applications. As we are still in the development stage is there any way I can add a http uri i.e http://localhost:8080/api as the Redirect uri? 2) Also even when I try with a https redirect uri and try to register my client by clicking on the "Add" button, I get an error message as below: "Only protected resource are allowed. please use https." Currently the Gluu Server is running on http schema. Is that the only reason why the above error pops up i.e since its not running on https or is it something else?
Gluu 4.2.2 Ubuntu 20.04
closed

Answers

By Michael Schwartz Account Admin 08 Mar 2021 at 1:23 p.m. CST

Copy
Michael Schwartz gravatar
From OpenID Connect Client Registration Spec: ["Implementations MUST support TLS."](https://openid.net/specs/openid-connect-registration-1_0.html#TLSRequirements) Also, ["Communication with the Authorization Endpoint MUST utilize TLS."](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint) Basically, the whole trust model for OpenID Connect requires TLS. Without TLS, more signing and encryption would be required (like in OAuth 1.0). Also, `localhost` should only be used for browser based native applications. Please review the OpenID Connect specs.

By Akshay Kamalapuram Sridhar user 10 Mar 2021 at 8:51 p.m. CST

Copy
Akshay Kamalapuram Sridhar gravatar
Gluu has actually posted a solution regarding this on the community page and we have dowloaded the new war file provided in the link. https://support.gluu.org/access-management/9297/unable-to-add-new-client-only-protected-ressource-are-allowed/ Gluu server was throwing an error "Only protected ressource are allowed. please use https" on the oxTrust UI >> OpenID Connect >> Clients when we were trying to add an Open ID Connect client. The above link is the solution for it. Sharing this in case someone else faces this issue

Post an answer