Gluu Oxd Server on Windows 10 - Getting Authorization Url Failed

By: Ahsan Umair user 17 Jan 2017 at 7:23 a.m. CST

7 Responses
Ahsan Umair gravatar
Hi Support, We are currently trying to setup a local Dev environment on windows 10 machine for SSO implementation with Gluu. Gluu server 2.4.4.2 has been installed in Ubuntu 16.4 VM within Hyper-V. The client is an ASP.Net application written in C# running on same Windows 10 machine. We are communicating with Gluu using OXD server installed in windows 10. The issue is that when we try to get Authorization Url from Gluu server using our .Net application, the request fails with "Unknown internal server error occurs" message. Registration of client is successful without any issues and we are passing a valid oxd-id with the request. For Gluu server we are using local IP mapped to cds.gluu.server host name and for client we have local IP mapped to cds.gluu.client host name. The brief OXD log is given below along with config files we are using in oxd. The error seems to be originating from null pointer exception when oxd server is calling org.xdi.oxd.server.Utils.joinAndUrlEncode method. Can you please investigate what might be causing this particular issue?. oxd-server.log ``` ===================================================================== 2017-01-17 13:01:05,023 TRACE [org.xdi.oxd.server.license.LicenseService] License is validated successfully. 2017-01-17 13:01:05,023 TRACE [org.xdi.oxd.server.license.LicenseService] License data: LicenseMetadata{creationDate=Wed Jan 11 13:49:48 GMT 2017, licenseId=null, autoupdate=true, active=true, product=oxd, licenseName='Ahsan Umair', expirationDate=Thu Jan 11 13:49:48 GMT 2018, licenseCountLimit=9999, customerName=Ahsan Umair, emails=[]} 2017-01-17 13:01:05,023 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8000, with timeout: 0 seconds. Start listening for notifications. 2017-01-17 13:01:26,721 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2017-01-17 13:01:26,726 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2017-01-17 13:01:26,726 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2017-01-17 13:01:26,727 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0139, commandSize: 139 2017-01-17 13:01:26,728 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"get_authorization_url","params":{"oxd_id":"daaedded-ef1c-4251-b623-95c94cd6576c","scope":null,"acr_values":null,"prompt":null}}', m_leftString=''} 2017-01-17 13:01:26,728 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_authorization_url","params":{"oxd_id":"daaedded-ef1c-4251-b623-95c94cd6576c","scope":null,"acr_values":null,"prompt":null}} 2017-01-17 13:01:26,746 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2017-01-17 13:01:26,876 WARN [org.apache.http.client.protocol.ResponseProcessCookies] Cookie rejected: "[version: 0][name: JSESSIONID][value: 455F7BA23092AEBA5C2A79E29C7E05E7][domain: cds.gluu.server][path: /oxauth/][expiry: null]". Illegal path attribute "/oxauth/". Path of origin: "/.well-known/openid-configuration" 2017-01-17 13:01:26,887 TRACE [org.xdi.oxd.server.service.DiscoveryService] Discovery response: { "issuer": "https://cds.gluu.server", "authorization_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/authorize", "token_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/token", "userinfo_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/userinfo", "clientinfo_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/clientinfo", "check_session_iframe": "https://cds.gluu.server/oxauth/opiframe", "end_session_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/end_session", "jwks_uri": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/jwks", "registration_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/register", "validate_token_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/validate", "federation_metadata_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/federationmetadata", "federation_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/federation", "id_generation_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/id", "introspection_endpoint": "https://cds.gluu.server/oxauth/seam/resource/restv1/introspection", "scopes_supported": [ "phone", "openid", "uma_protection", "email", "user_name", "clientinfo", "uma_authorization", "profile", "mobile_phone", "address" ], "response_types_supported": [ "code", "code id_token", "token", "token id_token", "code token", "code token id_token", "id_token" ], "grant_types_supported": [ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "acr_values_supported": ["internal"], "auth_level_mapping": {"-1": [["internal"]]}, "subject_types_supported": [ "public", "pairwise" ], "userinfo_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "userinfo_encryption_enc_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "request_object_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "display_values_supported": [ "page", "popup" ], "claim_types_supported": ["normal"], "claims_supported": [ "birthdate", "country", "name", "email", "email_verified", "given_name", "gender", "inum", "family_name", "updated_at", "locale", "middle_name", "nickname", "phone_number_verified", "picture", "preferred_username", "profile", "zoneinfo", "user_name", "website" ], "service_documentation": "http://gluu.org/docs", "claims_locales_supported": ["en"], "ui_locales_supported": [ "en", "es" ], "scope_to_claims_mapping": [ {"phone": [ "phone_number_verified", "phone_number" ]}, {"openid": ["inum"]}, {"uma_protection": []}, {"email": [ "email_verified", "email" ]}, {"user_name": ["user_name"]}, {"clientinfo": [ "name", "inum" ]}, {"uma_authorization": []}, {"profile": [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]}, {"mobile_phone": ["phone_mobile_number"]}, {"address": [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]} ], "claims_parameter_supported": true, "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": false, "op_policy_uri": "http://ox.gluu.org/doku.php?id=oxauth:policy", "op_tos_uri": "http://ox.gluu.org/doku.php?id=oxauth:tos", "http_logout_supported": "true", "logout_session_supported": "true" } 2017-01-17 13:01:26,904 ERROR [org.xdi.oxd.server.Processor] java.lang.NullPointerException at com.google.common.base.Joiner.join(Joiner.java:183) at org.xdi.oxd.server.Utils.joinAndUrlEncode(Utils.java:52) at org.xdi.oxd.server.op.GetAuthorizationUrlOperation.execute(GetAuthorizationUrlOperation.java:53) at org.xdi.oxd.server.op.GetAuthorizationUrlOperation.execute(GetAuthorizationUrlOperation.java:20) at org.xdi.oxd.server.Processor.process(Processor.java:80) at org.xdi.oxd.server.Processor.process(Processor.java:55) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:60) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) 2017-01-17 13:01:26,923 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Unknown internal server error occurs."}} 2017-01-17 13:01:26,923 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. oxd-default-site-config.json ===================================================================== { "op_host":"https://cds.gluu.server", "authorization_redirect_uri":"https://cds.gluu.client/rdservice/ssoredirect.aspx", "post_logout_redirect_uri":"https://cds.gluu.client/rdservice/ssologout.aspx", "redirect_uris":[""], "response_types":["code"], "grant_type":["authorization_code"], "acr_values":["basic"], "scope":["openid", "profile", "email"], "ui_locales":["en"], "claims_locales":["en"], "client_jwks_uri":"", "contacts":[] } ```
U1404
closed

Answers

By Yuriy Zabrovarnyy staff 17 Jan 2017 at 9:56 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
It would be nice to see complete oxd-server.log. It seems your oxd-default-site-config.json is not read correctly, at least "acr_values" seems to be null. Can you double check it? NPE that occurs means that during register_site acr_values were null and on get_authorization_url acr_values parameter is null too and as result it fails to append acr. NPE for this particular case is fixed in latest oxd server which can be downloaded here: http://ox.gluu.org/maven/org/xdi/oxd-server/2.4.4/oxd-server-2.4.4-distribution.zip

By Ahsan Umair user 18 Jan 2017 at 4:23 a.m. CST

Copy
Ahsan Umair gravatar
Hi Support, We have corrected the acr_values parameter and we are now getting the authorization_url back from Gluu, but when we redirect to this url HTTP 500 error page gets returned rather than login screen. Do we need anything enabling in Gluu server so that authrorization_url works. Here is the authorization_url that we are getting from Gluu. https://cds.gluu.server/oxauth/seam/resource/restv1/oxauth/authorize?response_type=code&client_id=@!E7E3.FBF4.4F91.E3AF!0001!10EF.7395!0008!C025.2078&redirect_uri=https://cds.gluu.client/rdservice/ssoredirect.aspx&scope=openid+profile+email&state=95jv8b1bh46ido0est71ct19sc&nonce=nnvrp9etckh9nrh5sq2niibnl3&acr_values=basic

By Yuriy Zabrovarnyy staff 18 Jan 2017 at 4:53 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
Please check that acr_values=basic script is enabled. Here is sample for duo https://gluu.org/docs/multi-factor/duo/ But since you send "basic" please login to oxTrust and make sure it is enabled.

By Ahsan Umair user 18 Jan 2017 at 8:27 a.m. CST

Copy
Ahsan Umair gravatar
Hi Support, The basic authentication is now working it needed enabling in Gluu sever. Just one more question is that we are currently unable to create any users in Gluu server. Whenever new user is added, an error message appears saying "System Error: Please try again or contact Gluu administrator". Is there anything that might be preventing creation of users. The field which are displayed by default are User Name, First Name, Display Name, Last Name, Email, Password, User Status. Don't know what we should put into User Status field i.e. (is it a boolean field or what?)

By Yuriy Zabrovarnyy staff 18 Jan 2017 at 8:41 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
It depends on attributes you configured for user. Please check documentation https://gluu.org/docs/oxtrust/users/ Can you confirm that oxd issue is fixed ?

By Ahsan Umair user 18 Jan 2017 at 8:50 a.m. CST

Copy
Ahsan Umair gravatar
Yes oxd issue has been fixed. will do a separate ticket if there are any issues with Users.

By Yuriy Zabrovarnyy staff 18 Jan 2017 at 10:16 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
Great, closing this ticket.

Post an answer