By: Mohana Jeyatharan user 16 Dec 2021 at 8:41 p.m. CST

16 Responses
Mohana Jeyatharan gravatar
I am having issues with running this sample demo https://github.com/GluuFederation/oxd-spring. I beleive this/demo app was catered for gluu and oxd 4.2. I installed gluu 4.3.0 the docker version including the oxd 4.3.0. I tried to patch the pom.xml to 4.3.0, but there were issues. Just checking whether spring oxd 4.2.0 can be used in pom xml and use the oxd server 4.3.0(as I have done). Or do I have to instally docker gluu +oxd 4.2.0 to use spring oxd 4.2.0? Please provide some inputs. Thanks.

By Arnab Dutta staff 17 Dec 2021 at 3:47 a.m. CST

Arnab Dutta gravatar
Hi Mohana, Could you share oxd-server.log and oxd-spring console log. The demo spring application should work with Gluu `4.3.0` version if all configurations in application.properties are correct. Regards Arnab

By Mohana Jeyatharan user 17 Dec 2021 at 4:12 a.m. CST

Mohana Jeyatharan gravatar
Hi Arnab, Thank you for your response. I have tried to at least build and run the jar. But it throws exception when the following is called:oxdService.registerSite(callbackUrl, postLogoutUrl) Below I have given my pom.xml maven config, my application.properties, console logs when I ran my jar and the oxd-server logs I am providing some detils of POM.xml as below: **************************************** <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.gluu</groupId> <artifactId>oxd-spring</artifactId> <version>4.2.0-SNAPSHOT</version> <packaging>jar</packaging> <name>oxd-spring</name> <description>Sample project that shows how to use oxd-java</description> <repositories> <repository> <id>gluu</id> <name>Gluu repository</name> <url>http://ox.gluu.org/maven</url> </repository> </repositories> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.6.RELEASE</version> <relativePath/> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <java.version>11</java.version> <oxd.version>4.3.0-SNAPSHOT</oxd.version> </properties> <dependencyManagement> <dependencies> <dependency> <groupId>org.gluu</groupId> <artifactId>gluu-core-bom</artifactId> <version>4.2.0-SNAPSHOT</version> <scope>import</scope> <type>pom</type> </dependency> </dependencies> </dependencyManagement> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>nz.net.ultraq.thymeleaf</groupId> <artifactId>thymeleaf-layout-dialect</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> </dependency> <dependency> <groupId>javax.inject</groupId> <artifactId>javax.inject</artifactId> <version>1</version> </dependency> <dependency> <groupId>org.gluu</groupId> <artifactId>oxd-client</artifactId> <version>${oxd.version}</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project> My application.properties(I disabled https for now for the oxd client) ************************************ spring.h2.console.enabled=true spring.jpa.database=H2 spring.jpa.show-sql=true spring.jpa.hibernate.ddl-auto=update spring.datasource.url=jdbc:h2:file:./src/main/resources/h2db/db/oxd_spring;DB_CLOSE_DELAY=-1 spring.datasource.name= spring.datasource.username=oxd-spring spring.datasource.password= server.port=8081 server.error.path=/app-error #server.ssl.key-store=classpath:keystore.p12 #server.ssl.key-store-password=mypassword #server.ssl.key-store-type=PKCS12 #server.ssl.key-alias=tomcat oxd.server.op-host=https://159.223.44.218:443 oxd.server.host=0.0.0.0 oxd.server.port=8443 oxd.server.acr-values=basic oxd.server.scopes=openid,profile,uma_protection,oxd oxd.server.grant-types=authorization_code,client_credentials oxd.client.callback-uri=http://localhost:8081/gluu/callback oxd.client.post-logout-uri=http://localhost:8081/gluu/logout My console logs: ********** SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/home/ubuntu/workspace/gittest/gluudev/oxd-spring/target/oxd-spring-4.2.0-SNAPSHOT.jar!/BOOT-INF/lib/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/home/ubuntu/workspace/gittest/gluudev/oxd-spring/target/oxd-spring-4.2.0-SNAPSHOT.jar!/BOOT-INF/lib/log4j-slf4j-impl-2.13.1.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder] . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.1.6.RELEASE) 2021-12-17 16:00:40.921 INFO 187212 --- [ main] o.gluu.oxd.spring.OxdSpringApplication : Starting OxdSpringApplication v4.2.0-SNAPSHOT on ggsvr0501 with PID 187212 (/home/ubuntu/workspace/gittest/gluudev/oxd-spring/target/oxd-spring-4.2.0-SNAPSHOT.jar started by ubuntu in /home/ubuntu/workspace/gittest/gluudev/oxd-spring/target) 2021-12-17 16:00:40.924 INFO 187212 --- [ main] o.gluu.oxd.spring.OxdSpringApplication : No active profile set, falling back to default profiles: default WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (jar:file:/home/ubuntu/workspace/gittest/gluudev/oxd-spring/target/oxd-spring-4.2.0-SNAPSHOT.jar!/BOOT-INF/lib/groovy-2.5.7.jar!/) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int) WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release 2021-12-17 16:00:41.942 INFO 187212 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data repositories in DEFAULT mode. 2021-12-17 16:00:42.019 INFO 187212 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 69ms. Found 1 repository interfaces. 2021-12-17 16:00:42.499 INFO 187212 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$c223e333] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying) 2021-12-17 16:00:42.822 INFO 187212 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8081 (http) 2021-12-17 16:00:42.855 INFO 187212 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2021-12-17 16:00:42.855 INFO 187212 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.21] 2021-12-17 16:00:42.949 INFO 187212 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 2021-12-17 16:00:42.949 INFO 187212 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 1756 ms 2021-12-17 16:00:43.259 INFO 187212 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [ name: default ...] 2021-12-17 16:00:43.340 INFO 187212 --- [ main] org.hibernate.Version : HHH000412: Hibernate Core {5.3.10.Final} 2021-12-17 16:00:43.342 INFO 187212 --- [ main] org.hibernate.cfg.Environment : HHH000206: hibernate.properties not found 2021-12-17 16:00:43.512 INFO 187212 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.0.4.Final} 2021-12-17 16:00:43.817 INFO 187212 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting... 2021-12-17 16:00:44.072 INFO 187212 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed. 2021-12-17 16:00:44.090 INFO 187212 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.H2Dialect Hibernate: create table app_settings (id integer not null, client_id varchar(255), client_secret varchar(255), op_host varchar(255), oxd_id varchar(255), primary key (id)) Hibernate: alter table app_settings drop constraint if exists UK_70qr5riu1767asjfoq6dijjxk Hibernate: alter table app_settings add constraint UK_70qr5riu1767asjfoq6dijjxk unique (client_id) Hibernate: alter table app_settings drop constraint if exists UK_jw9wlu6rhd19esmwdcdoax3qj Hibernate: alter table app_settings add constraint UK_jw9wlu6rhd19esmwdcdoax3qj unique (op_host) Hibernate: create sequence hibernate_sequence start with 1 increment by 1 2021-12-17 16:00:44.967 INFO 187212 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default' 2021-12-17 16:00:46.050 INFO 187212 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor' 2021-12-17 16:00:46.108 WARN 187212 --- [ main] aWebConfiguration$JpaWebMvcConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning 2021-12-17 16:00:46.759 INFO 187212 --- [ main] .s.s.UserDetailsServiceAutoConfiguration : Using generated security password: bfad7e7d-f15c-45c8-914c-b82a8e6f923d 2021-12-17 16:00:46.874 INFO 187212 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5568c66f, org.springframework.security.web.context.SecurityContextPersistenceFilter@6d67f5eb, org.springframework.security.web.header.HeaderWriterFilter@111d5c97, org.springframework.security.web.csrf.CsrfFilter@18b74ea, org.springframework.security.web.authentication.logout.LogoutFilter@3b55dd15, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@77f991c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@7134b8a7, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@e784320, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@2ceee4b6, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3e1fd62b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@7efa3f63, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3f6bf8aa, org.springframework.security.web.session.SessionManagementFilter@250a9031, org.springframework.security.web.access.ExceptionTranslationFilter@17b37e9a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7d986d83] 2021-12-17 16:00:46.970 INFO 187212 --- [ main] o.h.h.i.QueryTranslatorFactoryInitiator : HHH000397: Using ASTQueryTranslatorFactory Hibernate: select appsetting0_.id as id1_0_, appsetting0_.client_id as client_i2_0_, appsetting0_.client_secret as client_s3_0_, appsetting0_.op_host as op_host4_0_, appsetting0_.oxd_id as oxd_id5_0_ from app_settings appsetting0_ where appsetting0_.op_host=? 2021-12-17 16:00:47.417 INFO 187212 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat] 2021-12-17 16:00:47.432 INFO 187212 --- [ main] ConditionEvaluationReportLoggingListener : Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled. 2021-12-17 16:00:47.438 ERROR 187212 --- [ main] o.s.boot.SpringApplication : Application run failed java.lang.RuntimeException: Can not register site. IT FAILS When CALLING REGISTERSITE: {callbackUrl: 'http://localhost:8081/gluu/callback', postLogoutUrl: 'http://localhost:8081/gluu/logout'}. Plese see the oxd-server.log at org.gluu.oxd.spring.Settings.onContextStarted(Settings.java:95) ~[classes!/:4.2.0-SNAPSHOT] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:261) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:179) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:142) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:359) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:896) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:161) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) ~[spring-context-5.1.8.RELEASE.jar!/:5.1.8.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:742) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:389) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:311) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1213) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1202) ~[spring-boot-2.1.6.RELEASE.jar!/:2.1.6.RELEASE] at org.gluu.oxd.spring.OxdSpringApplication.main(OxdSpringApplication.java:12) ~[classes!/:4.2.0-SNAPSHOT] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:47) ~[oxd-spring-4.2.0-SNAPSHOT.jar:4.2.0-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:86) ~[oxd-spring-4.2.0-SNAPSHOT.jar:4.2.0-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[oxd-spring-4.2.0-SNAPSHOT.jar:4.2.0-SNAPSHOT] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) ~[oxd-spring-4.2.0-SNAPSHOT.jar:4.2.0-SNAPSHOT] 2021-12-17 16:00:47.445 INFO 187212 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService 'applicationTaskExecutor' 2021-12-17 16:00:47.446 INFO 187212 --- [ main] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default' 2021-12-17 16:00:47.449 INFO 187212 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown initiated... 2021-12-17 16:00:47.456 INFO 187212 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown completed. My oxd-server logs(the logs only appeared when I first started oxd server container) ************************ INFO [01:59:34.022] [main] o.e.j.u.log - Logging initialized @2192ms to org.eclipse.jetty.util.log.Slf4jLog INFO [01:59:34.118] [main] i.d.s.DefaultServerFactory - Registering jersey handler with root path prefix: / INFO [01:59:34.119] [main] i.d.s.DefaultServerFactory - Registering admin handler with root path prefix: / INFO [01:59:34.658] [main] o.g.o.s.ServerLauncher - Starting service configuration... INFO [01:59:34.670] [main] o.g.o.s.ServerLauncher - commit: dcd28bf6be143176ded0a51909236de3fee5af31, branch: origin/version_4.3.0, build time:27.09.2021 @ 14:06:03 UTC, oxd_version:4.3.0.Final INFO [01:59:34.842] [main] o.g.o.s.ServerLauncher - Configuration: OxdServerConfiguration{, registerClientAppType='web', registerClientResponesType='code', useClientAuthenticationForPat=true, trustAllCerts=false, keyStorePath='', keyStorePassword='', cryptProviderKeyStorePath='/etc/certs/oxd-jwks.keystore', cryptProviderKeyStorePassword='example', cryptProviderDnName='CN=oxd CA Certificates', supportGoogleLogout=true, stateExpirationInMinutes=5, nonceExpirationInMinutes=5, dbCleanupIntervalInHours=1, rpCacheExpirationInMinutes=60, publicOpKeyCacheExpirationInMinutes=60, protectCommandsWithAccessToken=true, acceptIdTokenWithoutSignature=false, uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient=false, migrationSourceFolderPath='', storage='gluu_server_configuration', storageConfiguration={"baseDn":"o=gluu","connection":"/etc/gluu/conf/gluu-ldap.properties","salt":"/etc/gluu/conf/salt","type":"/etc/gluu/conf/gluu.properties"}', defaultSiteConfig={"access_token_as_jwt":false,"access_token_lifetime":null,"access_token_signing_alg":"","acr_values":[""],"authorized_origins":[],"claims_locales":["en"],"claims_redirect_uri":[],"client_id":"","client_jwks_uri":"","client_name":"","client_secret":"","client_uri":"","contacts":[],"custom_attributes":{},"default_max_age":null,"front_channel_logout_session_required":false,"front_channel_logout_uri":"","grant_type":["authorization_code"],"id_token_binding_cnf":"","id_token_encrypted_response_alg":"","id_token_encrypted_response_enc":"","id_token_signed_response_alg":"","initiate_login_uri":"","jwks":"","logo_uri":"","logout_redirect_uris":[],"op_configuration_endpoint":"","policy_uri":"","redirect_uris":[],"request_object_encryption_alg":"","request_object_encryption_enc":"","request_object_signing_alg":"","request_uris":[],"require_auth_time":false,"response_types":["code"],"rpt_as_jwt":false,"run_introspection_script_beforeaccess_token_as_jwt_creation_and_include_claims":false,"scope":["openid","profile","email"],"sector_identifier_uri":"","software_id":"","software_statement":"","software_version":"","tls_client_auth_subject_dn":"","token_endpoint_auth_method":"","token_endpoint_auth_signing_alg":"","tos_uri":"","trusted_client":false,"ui_locales":["en"],"user_info_encrypted_response_alg":"","user_info_encrypted_response_enc":"","user_info_signed_response_alg":""}', allowedOpHosts=[]', addClientCredentialsGrantTypeAutomaticallyDuringClientRegistration=true, proxyConfiguration=null', idTokenValidationCHashRequired=true', idTokenValidationAtHashRequired=true', validateUserInfoWithIdToken=false', protectCommandsWithOxdId=[]', persistenceManagerRemoveCount=1000', bindIpAddresses=[*]', enableJwksGeneration=true', jwksExpirationInHours=720', requestObjectExpirationInMinutes=5', jwksRegenerationIntervalInHours=720', tlsVersion=null', mtlsEnabled=false', mtlsClientKeyStorePath=null', mtlsClientKeyStorePassword=null', idTokenValidationSHashRequired=false', encodeStateFromRequestParameter=false', encodeNonceFromRequestParameter=false', fapiEnabled=false', iatExpirationInHours=1', encodeClientIdInAuthorizationUrl=false'} INFO [01:59:39.667] [main] o.g.p.s.PersistanceFactoryService - Found '5' PersistenceEntryManagerFactory INFO [01:59:39.667] [main] o.g.p.s.PersistanceFactoryService - Found PersistenceEntryManagerFactory 'class org.gluu.orm.couchbase.impl.CouchbaseEntryManagerFactory' INFO [01:59:39.685] [main] o.g.p.s.PersistanceFactoryService - Found PersistenceEntryManagerFactory 'class org.gluu.persist.sql.impl.SqlEntryManagerFactory' INFO [01:59:39.686] [main] o.g.p.s.PersistanceFactoryService - Found PersistenceEntryManagerFactory 'class org.gluu.orm.hybrid.impl.HybridEntryManagerFactory' INFO [01:59:39.686] [main] o.g.p.s.PersistanceFactoryService - Found PersistenceEntryManagerFactory 'class org.gluu.persist.ldap.impl.LdapEntryManagerFactory' INFO [01:59:39.687] [main] o.g.p.s.PersistanceFactoryService - Found PersistenceEntryManagerFactory 'class org.gluu.persist.cloud.spanner.impl.SpannerEntryManagerFactory' INFO [01:59:39.896] [main] o.g.p.l.o.i.LdapConnectionProvider - Attempting to create connection pool: 1 INFO [01:59:40.232] [main] o.g.p.l.o.i.LdapConnectionProvider - Attempting to create connection pool: 1 INFO [01:59:40.282] [main] o.g.p.l.o.i.LdapConnectionProvider - Attempting to create connection pool: 1 INFO [01:59:40.396] [main] o.g.p.l.i.LdapEntryManagerFactory - Created LdapEntryManager: org.gluu.persist.ldap.operation.impl.LdapOperationServiceImpl@9d0e6a1 INFO [01:59:40.494] [main] o.g.o.s.ServerLauncher - oxD Services are configured successfully. INFO [01:59:40.515] [main] i.d.s.ServerFactory - Starting OxdServerApplication INFO [01:59:40.632] [main] o.e.j.s.SetUIDListener - Opened application@41ae8b30{SSL, (ssl, http/1.1)}{0.0.0.0:8443} INFO [01:59:40.632] [main] o.e.j.s.SetUIDListener - Opened admin@7c94823f{SSL, (ssl, http/1.1)}{0.0.0.0:8444} INFO [01:59:40.635] [main] o.e.j.s.Server - jetty-9.4.42.v20210604; built: 2021-06-04T17:33:38.939Z; git: 5cd5e6d2375eeab146813b0de9f19eda6ab6e6cb; jvm 11.0.9+11-alpine-r1 INFO [01:59:40.666] [main] o.e.j.u.s.SslContextFactory - x509=X509@779b69da(oxd-server,h=[demoexample.gluu.org, oxd_application, oxd_server],a=[],w=[]) for Server@57b2d262[provider=null,keyStore=file:///etc/certs/oxd_application.keystore,trustStore=null] INFO [01:59:40.690] [main] i.d.j.HttpsConnectorFactory - Enabled protocols: [TLSv1.2, TLSv1.3] INFO [01:59:40.690] [main] i.d.j.HttpsConnectorFactory - Disabled protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1] INFO [01:59:40.690] [main] i.d.j.HttpsConnectorFactory - Enabled cipher suites: [TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] INFO [01:59:40.690] [main] i.d.j.HttpsConnectorFactory - Disabled cipher suites: [TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384] INFO [01:59:40.722] [main] o.e.j.u.s.SslContextFactory - x509=X509@394fad4f(oxd-server,h=[oxd_server, demoexample.gluu.org, oxd_admin],a=[],w=[]) for Server@5e55418c[provider=null,keyStore=file:///etc/certs/oxd_admin.keystore,trustStore=null] INFO [01:59:41.351] [main] i.d.j.DropwizardResourceConfig - The following paths were found for the configured resources: POST /authorization-code-flow (org.gluu.oxd.server.RestResource) POST /check-access-token (org.gluu.oxd.server.RestResource) POST /check-id-token (org.gluu.oxd.server.RestResource) POST /get-access-token-by-refresh-token (org.gluu.oxd.server.RestResource) POST /get-authorization-code (org.gluu.oxd.server.RestResource) POST /get-authorization-url (org.gluu.oxd.server.RestResource) POST /get-client-token (org.gluu.oxd.server.RestResource) POST /get-discovery (org.gluu.oxd.server.RestResource) POST /get-issuer (org.gluu.oxd.server.RestResource) POST /get-jwks (org.gluu.oxd.server.RestResource) POST /get-logout-uri (org.gluu.oxd.server.RestResource) POST /get-request-object-uri (org.gluu.oxd.server.RestResource) GET /get-request-object/{request_object_id} (org.gluu.oxd.server.RestResource) POST /get-rp (org.gluu.oxd.server.RestResource) GET /get-rp-jwks (org.gluu.oxd.server.RestResource) POST /get-tokens-by-code (org.gluu.oxd.server.RestResource) POST /get-user-info (org.gluu.oxd.server.RestResource) GET /health-check (org.gluu.oxd.server.RestResource) GET /initiate-third-party-login/{oxd_id} (org.gluu.oxd.server.RestResource) POST /introspect-access-token (org.gluu.oxd.server.RestResource) POST /introspect-rpt (org.gluu.oxd.server.RestResource) POST /register-site (org.gluu.oxd.server.RestResource) POST /remove-site (org.gluu.oxd.server.RestResource) POST /uma-rp-get-claims-gathering-url (org.gluu.oxd.server.RestResource) POST /uma-rp-get-rpt (org.gluu.oxd.server.RestResource) POST /uma-rs-check-access (org.gluu.oxd.server.RestResource) POST /uma-rs-modify (org.gluu.oxd.server.RestResource) POST /uma-rs-protect (org.gluu.oxd.server.RestResource) POST /update-site (org.gluu.oxd.server.RestResource) INFO [01:59:41.354] [main] o.e.j.s.h.ContextHandler - Started i.d.j.MutableServletContextHandler@5c134daf{/,null,AVAILABLE} INFO [01:59:41.358] [main] i.d.s.AdminEnvironment - tasks = POST /tasks/log-level (io.dropwizard.servlets.tasks.LogConfigurationTask) POST /tasks/gc (io.dropwizard.servlets.tasks.GarbageCollectionTask) INFO [01:59:41.359] [main] o.e.j.s.h.ContextHandler - Started i.d.j.MutableServletContextHandler@1a9d362b{/,null,AVAILABLE} INFO [01:59:41.369] [main] o.e.j.s.AbstractConnector - Started application@41ae8b30{SSL, (ssl, http/1.1)}{0.0.0.0:8443} INFO [01:59:41.380] [main] o.e.j.s.AbstractConnector - Started admin@7c94823f{SSL, (ssl, http/1.1)}{0.0.0.0:8444} INFO [01:59:41.380] [main] o.e.j.s.Server - Started @9552ms

By Arnab Dutta staff 17 Dec 2021 at 9:33 a.m. CST

Arnab Dutta gravatar
> oxd.server.op-host=https://159.223.44.218:443 > oxd.server.host=0.0.0.0 Can you use a hostname here rather than using ip-addresses? I doubt if using `0.0.0.0` for oxd.server.host will help. It should be <oxd-host>. > oxd.client.callback-uri=http://localhost:8081/gluu/callback > oxd.client.post-logout-uri=http://localhost:8081/gluu/logout You have defined `oxd.client.callback-uri` as localhost. This will only work if oxd-server and oxd-spring are on same VM. Otherwise you will need to mention `hostname` of oxd-spring. And I hope you have checked the following note at https://gluu.org/docs/oxd/tutorials/spring/#oxd-spring. ``` For oxd-4.x and oxd-spring application running on different servers then it is essential to install and configure SSL certificate by Certificate Authority with oxd. This is required so that oxd-spring application can access oxd-server without throwing any ssl exception. But, if oxd-spring and oxd-server are running on same server then oxd-spring application will work even with oxd configured with self-signed certificate. ``` Regards Arnab

By Mohana Jeyatharan user 20 Dec 2021 at 7:06 a.m. CST

Mohana Jeyatharan gravatar
Hi Arnab, Thanks for reply. I still encounter this problem. My oxd server and op host in the same machine, thus I did I can keep the callback uri as local host I guess(as you have mentioned). Then for the ssl I did not do any additional settings. Just some inputs about my oxd server installation and configuration and the gluu installation. >> gluu 4.3.0 was installed using docker/docker compose. >> oxd was added in the settings.py/gluu and ran the docker compose up command as per the installation guide >> since oxd server is installed as part of gluu, the host name for OP/Gluu and oxd server is the same and it is=demoexample.gluu.org. I am using such in the application properties. >> I did not change the oxd-server config(oxd-server.yml) in the /opt/oxd-server/conf path after installation >> I did not do any ssl related configurations for gluu nor oxd after the installation >> In oxd-server.yml I saw this configuration: crypt_provider_key_store_password: example. Thus I used this value in my application properties as well. >> My updated application properties as shown below: ********************************************** spring.h2.console.enabled=true spring.jpa.database=H2 spring.jpa.show-sql=true spring.jpa.hibernate.ddl-auto=update spring.datasource.url=jdbc:h2:file:./src/main/resources/h2db/db/oxd_spring;DB_CLOSE_DELAY=-1 spring.datasource.name= spring.datasource.username=oxd-spring spring.datasource.password= server.port=8081 server.error.path=/var/log/oxd-server/oxd-server.log server.ssl.key-store=classpath:keystore.p12 server.ssl.key-store-password=example server.ssl.key-store-type=PKCS12 server.ssl.key-alias=tomcat oxd.server.op-host=https://demoexample.gluu.org:443 oxd.server.host=demoexample.gluu.org oxd.server.port=8443 oxd.server.acr-values=basic oxd.server.scopes=openid,profile,uma_protection,oxd oxd.server.grant-types=authorization_code,client_credentials oxd.client.callback-uri=https://localhost:8081/gluu/callback oxd.client.post-logout-uri=https://localhost:8081/gluu/logout Please do let me know your feedback on this. Really want to use oxd. Currently facing a bottedleneck in the siteRegistration call itself! Also oxd-server.logs are also not getting poulated.

By Michael Schwartz Account Admin 20 Dec 2021 at 9:45 p.m. CST

Michael Schwartz gravatar
i agree that use of `localhost` is problematic.

By Mohana Jeyatharan user 20 Dec 2021 at 10:49 p.m. CST

Mohana Jeyatharan gravatar
Ok, noted Mike. Thanks.

By Arnab Dutta staff 21 Dec 2021 at 2:17 a.m. CST

Arnab Dutta gravatar
Hi Mohana, I have check the issue. 1. Please take the latest of https://github.com/GluuFederation/oxd-spring 2. Then replace the attached `oxd-server.keystore` in `/opt/oxd-server/conf `. Restart oxd-server. 3. Check `Default Authentication Method` on oxtrust (screen shot attached). We need to set same value in `oxd.server.acr-values` of application.properties. 4. Re-build oxd-spring and check. > My oxd server and op host in the same machine, thus I did I can keep the callback uri as local host I guess(as you have mentioned). Note: You have defined oxd.client.callback-uri as `http://localhost:8081/gluu/callback`. This will only work if **oxd-server** and **oxd-spring** are on same VM. Otherwise you will need to mention hostname of oxd-spring. Regards Arnab

By Mohana Jeyatharan user 21 Dec 2021 at 4:38 a.m. CST

Mohana Jeyatharan gravatar
Hi Arnab, Thanks for your response and the steps illustrated. I will try to do this and check. The spring oxd app and the oxd server are placed in the same server only. Currently I only see some config files/yml in the folder /opt/osd-server/conf. Thank you.

By Arnab Dutta staff 21 Dec 2021 at 5:12 a.m. CST

Arnab Dutta gravatar
Please check `keyStorePath` in oxd-server.yml to find path of `oxd-server.keystore` (attached screen shot).

By Mohana Jeyatharan user 21 Dec 2021 at 5:37 a.m. CST

Mohana Jeyatharan gravatar
Ok noted Arnab. The oxd-server yml has the the keystore path as:/etc/certs/oxd_application.keystore. I dont see oxd-server.keystore there. Probably I have to rename your given oxd-server.keystore to oxd-application.keystore? Or I change the oxd-server.yml to oxd-application.keystore? The below from the oxd-server.yml ********* adminConnectors: - {keyStorePassword: vEDalx87S5df, keyStorePath: /etc/certs/oxd_admin.keystore, port: 8444, type: https, validateCerts: false} applicationConnectors: - {keyStorePassword: BtF0JE4QkFuH, keyStorePath: /etc/certs/oxd_application.keystore, port: 8443, type: https, validateCerts: false}

By Arnab Dutta staff 21 Dec 2021 at 5:59 a.m. CST

Arnab Dutta gravatar
> Probably I have to rename your given oxd-server.keystore to oxd-application.keystore? Yes, you can rename `oxd-server.keystore` to `oxd-application.keystore`. Please note for attached oxd-server.keystore the `keyStorePassword` is `example` so you will need to set same `keyStorePassword` in oxd-server.yml. You can use same keystore file for both `applicationConnectors` and `adminConnectors`. Second thing is, I have generated this keystore file using below keytool command. You can use the same to generate your keystore file. ``` keytool -genkeypair -keystore oxd_application.keystore -storetype PKCS12 -storepass example -alias oxd-server -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=localhost, OU=oxd server,O=Examples, L=My City, ST=My State, C=SA" -ext "san=dns:localhost,ip:127.0.0.1" ```

By Mohana Jeyatharan user 21 Dec 2021 at 6:20 a.m. CST

Mohana Jeyatharan gravatar
Hi Arnab, Ok, noted. I will rename as mentioned. the current keyStorePassword is :example. So I will leave as it is. Also noted on the keytool command to generate the keystore file. Thanks.

By Mohana Jeyatharan user 21 Dec 2021 at 8:20 a.m. CST

Mohana Jeyatharan gravatar
Arnab, I moved your given keystore file after renaming inside my docker container. Now to restart the oxd -sever, within the container, I changed path to:/opt/oxd-server/bin and executed the script using command: sh oxd-start.sh. Then the restart failed. Sine oxd in insalled as a docker container, should I stop and start my oxd-docker container instead. I am submitting the error here when I restarted using the shell script within the oxd-server docker conatiner. ***** Causing: java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:8443

By Michael Schwartz Account Admin 21 Dec 2021 at 9:31 a.m. CST

Michael Schwartz gravatar
Community support is limited to Gluu Server CE -- VM based distributions. Arnab has tested on VM and it's working fine. If you need cloud support, we'd have to progress this through the pre-sales qualification process. The shortest solution is probably to stand up a VM.

By Mohana Jeyatharan user 21 Dec 2021 at 6:16 p.m. CST

Mohana Jeyatharan gravatar
Hi Mike, Thanks for your response. yes sure, we will deploy and run in an ubuntu vm without docker. Parallely we will try to make it run with docker too. Thanks a lot for support redendered on this. Yes noted on the pre-sales qualification process too.

By Arnab Dutta staff 21 Dec 2021 at 11:09 p.m. CST

Arnab Dutta gravatar
Closing this ticket as fix has been provided for VM based distribution. Please open a new ticket if further help required.