Hi, Amirdhavarshan! Can you please modify the openid client config as below?: OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** mod-sso - **Client ID:** 8e74c99c-5bef-47c1-b24f-a2c51c0c3230 - **Subject Type:** public - **ClientSecret:** XXXXXXXXXXX - **Application Type:** web - **Persist Client Authorizations:** true - **Pre-Authorization:** false - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Login Redirect URIs:** [https://..../callback] - **Scopes:** [profile, openid, permission, email, user_name] - **Grant types:** [authorization_code] - **Response types:** [code] After then please share `oxauth.log` . Regards ~ Shakil

Hi Sakil, Thank you for your response. We cannot change the clinet ID in OpenID Configuration in gluu as it is auto generated and there is no option to edit it. Following is my oxauth.log 2022-12-16 03:43:35,612 INFO [qtp6750210-3889] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0' 2022-12-16 03:46:26,218 INFO [qtp6750210-22] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:705) - Attempting to redirect user: SessionUser: 97f315f0-2a85-4de3-a375-3a8def4ce26a 2022-12-16 03:46:26,218 INFO [qtp6750210-22] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:713) - Attempting to redirect user: User: BaseEntry [dn=inum=33527aff-0088-43a5-9785-b1defc796940,ou=people,o=gluu] 2022-12-16 03:46:26,219 INFO [qtp6750210-22] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:442) - Authentication success for User: 'alexamirdha' 2022-12-16 03:46:37,569 INFO [qtp6750210-21] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 03:51:37,578 INFO [qtp6750210-1541] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 03:56:37,858 INFO [qtp6750210-18] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:01:38,213 INFO [qtp6750210-2456] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:01:38,287 INFO [qtp6750210-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1502.6216ff2e-f922-4ccf-9b9a-7e6ef67beb47' 2022-12-16 04:06:38,434 INFO [qtp6750210-18] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:11:38,586 INFO [qtp6750210-4094] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:16:38,752 INFO [qtp6750210-2456] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:21:39,229 INFO [qtp6750210-18] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:26:39,440 INFO [qtp6750210-1541] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:31:39,417 INFO [qtp6750210-2456] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:36:39,726 INFO [qtp6750210-22] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:41:39,953 INFO [qtp6750210-20] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:46:39,961 INFO [qtp6750210-2456] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:51:40,491 INFO [qtp6750210-22] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 04:56:40,682 INFO [qtp6750210-20] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 05:01:40,919 INFO [qtp6750210-2456] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 05:01:40,986 INFO [qtp6750210-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1502.6216ff2e-f922-4ccf-9b9a-7e6ef67beb47' 2022-12-16 05:02:20,655 INFO [qtp6750210-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0' 2022-12-16 05:06:41,205 INFO [qtp6750210-21] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 05:11:41,174 INFO [qtp6750210-20] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2' 2022-12-16 05:13:36,440 INFO [qtp6750210-22] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:705) - Attempting to redirect user: SessionUser: d62b344d-f8f2-481e-835d-f40820156eee 2022-12-16 05:13:36,440 INFO [qtp6750210-22] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:713) - Attempting to redirect user: User: BaseEntry [dn=inum=33527aff-0088-43a5-9785-b1defc796940,ou=people,o=gluu] 2022-12-16 05:13:36,441 INFO [qtp6750210-22] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:442) - Authentication success for User: 'alexamirdha' 2022-12-16 05:16:41,715 INFO [qtp6750210-21] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1501.9d0762f7-efbf-41b2-90bb-ff98908e7da2'

I don't see any error at `oxauth.log`. Can you please share a screenshot of the error? Regards ~ Shakil

Hi Shakil, I am sharing a video clipping of the error. Please Check. https://youtu.be/Bc179_HhtzE Thank You

Hi, Amirdhavarshan! Though I'm not sure how did you config the OIDC at your client side. Let's try to see gluu server log first. Please change log level to `TRACE` and share the `oxauth.log`. Please follow this guide to change log level: [https://gluu.org/docs/gluu-server/4.4/operation/logs/#log-levels](https://gluu.org/docs/gluu-server/4.4/operation/logs/#log-levels) Thanks ~ Shakil

Hi, Shakil! Hope you are doing fine. I am sharing a video of whole configuration, please do check and I am also sharing you with the oxauth.log after changing the log level to trace. Configuration Link: https://youtu.be/gLJVt_SZPA4 Oxauth.log Link: https://drive.google.com/file/d/1_Ak9YQnfd7lhh6WRwVOSdsAE76pnyUN8/view Thank You:

Hi, Amirdhavarshan! Thanks for the nice explanation. I don't see any issues with the configurations. If you look at the `oxauth.log`: ``` 2022-12-20 05:38:32,467 TRACE [qtp6750210-6329] [org.gluu.oxauth.model.token.IdTokenFactory] (IdTokenFactory.java:273) - Created claims for id_token, claims: {"at_hash":"jtGIX5Ug_aIxt8uPULDWxA","sub":"361ed43b-0126-4076-aa53-22acbed863c5","code":"61e1a6a5-a52f-42b3-85b8-b01dad33f849","amr":["-1"],"iss":"https://server-t.us.corp.sennovate.com","nonce":"4986b7f8-f10c-4ffe-b2cd-89565a5cf78d","sid":"00c41487-7519-4b02-846c-b8c51f683d31","oxOpenIDConnectVersion":"openidconnect-1.0","aud":"1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0","acr":"simple_password_auth","c_hash":"9ZYlc9y5Llnl2Z_a9gpdAg","auth_time":1671514711,"exp":1671518312,"grant":"authorization_code","iat":1671514712} 2022-12-20 05:38:32,469 TRACE [qtp6750210-6329] [org.gluu.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:107) - Created id_token:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdF9oYXNoIjoianRHSVg1VWdfYUl4dDh1UFVMRFd4QSIsInN1YiI6IjM2MWVkNDNiLTAxMjYtNDA3Ni1hYTUzLTIyYWNiZWQ4NjNjNSIsImNvZGUiOiI2MWUxYTZhNS1hNTJmLTQyYjMtODViOC1iMDFkYWQzM2Y4NDkiLCJhbXIiOlsiLTEiXSwiaXNzIjoiaHR0cHM6Ly9zZXJ2ZXItdC51cy5jb3JwLnNlbm5vdmF0ZS5jb20iLCJub25jZSI6IjQ5ODZiN2Y4LWYxMGMtNGZmZS1iMmNkLTg5NTY1YTVjZjc4ZCIsInNpZCI6IjAwYzQxNDg3LTc1MTktNGIwMi04NDZjLWI4YzUxZjY4M2QzMSIsIm94T3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsImF1ZCI6IjEwMDEuOGRmMWY1MjMtNGNlNS00NDM1LWJkMjItYzFjNDJlMGIxMGYwIiwiYWNyIjoic2ltcGxlX3Bhc3N3b3JkX2F1dGgiLCJjX2hhc2giOiI5WllsYzl5NUxsbmwyWl9hOWdwZEFnIiwiYXV0aF90aW1lIjoxNjcxNTE0NzExLCJleHAiOjE2NzE1MTgzMTIsImdyYW50IjoiYXV0aG9yaXphdGlvbl9jb2RlIiwiaWF0IjoxNjcxNTE0NzEyfQ.t0F3RSK5OpU0OEcNRWS8P-LcDIzWHoOStIVxK7Rh7dM 2022-12-20 05:38:32,474 TRACE [qtp6750210-6329] [org.gluu.service.BaseCacheService] (BaseCacheService.java:95) - Remove data, key '5ab78bac-c5c5-47ed-b3f9-f97cf3e9fdc8' 2022-12-20 05:38:32,478 TRACE [qtp6750210-6329] [org.gluu.service.cache.NativePersistenceCacheProvider] (NativePersistenceCacheProvider.java:231) - Removed entity, key: 5ab78bac-c5c5-47ed-b3f9-f97cf3e9fdc8 2022-12-20 05:38:32,501 TRACE [qtp6750210-11655] [org.gluu.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:121) - Get request to: 'https://server-t.us.corp.sennovate.com/oxauth/restv1/userinfo' 2022-12-20 05:38:32,502 DEBUG [qtp6750210-11655] [gluu.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl] (UserInfoRestWebServiceImpl.java:123) - Attempting to request User Info, Access token = 9b3a2633-30ca-462b-8ba3-b5dac7172ac6, Is Secure = true 2022-12-20 05:38:32,502 TRACE [qtp6750210-11655] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key '8ed1885f9520fda231b7cb8f50b0d6c457125d7b3a8fd3e671b8d9740fe3f411' 2022-12-20 05:38:32,505 TRACE [qtp6750210-11655] [org.gluu.service.BaseCacheService] (BaseCacheService.java:39) - Loaded data, key '8ed1885f9520fda231b7cb8f50b0d6c457125d7b3a8fd3e671b8d9740fe3f411': 'null' 2022-12-20 05:38:32,508 DEBUG [qtp6750210-11655] [org.gluu.oxauth.service.common.UserService] (UserService.java:81) - Getting user information from LDAP: userId = admin 2022-12-20 05:38:32,511 DEBUG [qtp6750210-11655] [org.gluu.oxauth.service.common.UserService] (UserService.java:96) - Found 1 entries for user id = admin 2022-12-20 05:38:32,512 TRACE [qtp6750210-11655] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key 'inum=1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0,ou=clients,o=gluu' 2022-12-20 05:38:32,512 TRACE [qtp6750210-11655] [org.gluu.service.BaseCacheService] (BaseCacheService.java:39) - Loaded data, key 'inum=1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0,ou=clients,o=gluu': 'DeletableEntity{expirationDate=null, deletable=null} BaseEntry [dn=inum=1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0,ou=clients,o=gluu]' 2022-12-20 05:38:32,512 TRACE [qtp6750210-11655] [org.gluu.service.BaseCacheService] (BaseCacheService.java:58) - Loaded from cache, key: 'inum=1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0,ou=clients,o=gluu' 2022-12-20 05:38:32,512 DEBUG [qtp6750210-11655] [org.gluu.oxauth.service.ClientService] (ClientService.java:133) - Found 1 entries for client id = 1001.8df1f523-4ce5-4435-bd22-c1c42e0b10f0 2022-12-20 05:38:32,515 TRACE [qtp6750210-11655] [gluu.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl] (UserInfoRestWebServiceImpl.java:303) - Building JSON reponse with next scopes {0} for user {1} and user custom attributes {0} 2022- ``` You can see Gluu successfully created `token`, `id_token` and redirected to `SP`. Let's try to test again with a little changes: - Grant types: [authorization_code, client_credentials, refresh_token] Do you have any chance to check the log at the `client` side? Do you have any custom scope for this `client? Regards ~ Shakil

Hi Shakil, Thank you for your response. I have made the grant type changes and I am facing with same issue, I will also share the oxauth.log I am sorry to say that I dont have access to log on the client side. Coming to custom scope, there is no custom scope required from the client side, minimum scope required are openid and email according to their documentation. oxauth.log link: https://drive.google.com/file/d/1Q6j8UVQPheLIBTMR0IZmD2rUvZIWkOq0/view?usp=sharing One more request, I am a tech intern in my organization and I have to integrate a application using openid as it is part of my training. Could you please list me some applications which support openid , because most of the application I search act themselves as openid provider and I am struggling with this error for past two weeks. Thank You