Adding an external IDP (passport)

By: Rehman Aslam user 06 Nov 2018 at 5:20 a.m. CST

11 Responses
Rehman Aslam gravatar
I've set up and enabled passport for my Gluu instance, following the documentation I have updated passport-saml-config.json with the details for my external IDP. I can see my external IDP on the login page (External Providers) https://mygluuserver/oxauth/auth/passport/passportlogin However if I ever decide to change the json file (update the logo for e.g.) - or not even make a change, just restart the Gluu service I get this error... 2018-11-06T10:56:29+0000 [ERROR] Error in requesting uma configurations 2018-11-06T10:56:29+0000 [ERROR] Error in starting the server:RequestError: Error: connect ECONNREFUSED 192.168.112.40:443 Once I get that error - my IDP disappears for the list of External Providers and the ONLY way for this to come back is if I delete all log files located in /opt/gluu-server-3.1.3.1/opt/gluu/node/passport/server/logs and then restart Gluu. Why do the existence of the log files break the external IDPs when you have to restart the Gluu service?
Ubuntu 14.0
closed

Answers

By Aliaksandr Samuseu staff 06 Nov 2018 at 8:32 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Rehman. The issue description you provided is a bit inconsisten. Could you please provide a step by step description of how to reproduce it (the way you can always trigger it in your setup)? 1. Stop "passport" service 2. Change the property ".." in the file ".." 3. etc ... n. Start the service - issue is triggered

By Rehman Aslam user 06 Nov 2018 at 9:05 a.m. CST

Copy
Rehman Aslam gravatar
Hi Aliaksandr, So here are the steps... 1. Gluu server is running with passport (I can see my external IDP on the login page) 2. I restart the Gluu service (service gluu-server-3.1.3.1 restart) 3. Gluu server is running, however I can no longer see my external IDP on the login page. 4. Delete the log files in /opt/gluu-server-3.1.3.1/opt/gluu/node/passport/server/log 5. Repeat step 2 6. Gluu server is running with passport (I can see my external IDP on the login page)

By Aliaksandr Samuseu staff 06 Nov 2018 at 9:33 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Thanks. One more request: could you try to reproduce it again, and this time run next command (inside container) right before removing the logs: `# ll /opt/gluu/node/passport/server/logs/` ?

By Aliaksandr Samuseu staff 06 Nov 2018 at 9:36 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Please note the command has been corrected in the post above, so use the most recent version of it.

By Rehman Aslam user 06 Nov 2018 at 9:38 a.m. CST

Copy
Rehman Aslam gravatar
Sorry but I'm not sure what this command is and what (inside container) means - new to linux and putty.

By Aliaksandr Samuseu staff 06 Nov 2018 at 9:54 a.m. CST

Copy
Aliaksandr Samuseu gravatar
The command should show file system permissions and ownership on the files. "Inside container" means you need to move into Gluu's chroot environment, the same way you did it when you was running `setup.py` during initial install: `# service gluu-server-3.1.3 login`

By Rehman Aslam user 06 Nov 2018 at 10:22 a.m. CST

Copy
Rehman Aslam gravatar
Think this is what you're after. ... root@devidp:~# ll /opt/gluu/node/passport/server/logs/ total 24 drwxr-xr-x 2 node node 4096 Nov 6 16:06 ./ drwxr-xr-x 8 node node 4096 Nov 6 15:20 ../ -rw-r--r-- 1 node node 2362 Nov 6 16:06 .f33e3cc173e507d3c15d53a73089b5b350c23c b0-audit.json -rw-r--r-- 1 node node 3571 Nov 6 16:06 passport-2018-11-06-15.log.gz -rw-r--r-- 1 node node 2279 Nov 6 16:12 passport-2018-11-06-16.log -rw-r--r-- 1 node node 131 Nov 6 15:30 start.log root@devidp:~#

By Rehman Aslam user 06 Nov 2018 at 10:27 a.m. CST

Copy
Rehman Aslam gravatar
Also in passport-saml-config.json you can specify a logo for the external IDP, where in the root directory will I need to copy my image to? "logo_img": "myexternalidplogo.png",

By Rehman Aslam user 06 Nov 2018 at 11:17 a.m. CST

Copy
Rehman Aslam gravatar
Aliaksandr Samuseu thanks for your replies I've figured out this was down to a user error (me) - not restarting passport from inside the container. Could you just give me a pointer to my last question please :)

By Rehman Aslam user 06 Nov 2018 at 11:48 a.m. CST

Copy
Rehman Aslam gravatar
Also found that path to the image. Thanks again for the help earlier.

By Aliaksandr Samuseu staff 06 Nov 2018 at 12:08 p.m. CST

Copy
Aliaksandr Samuseu gravatar
Sure, you're welcome. 99% of all console commands you'll need to run when dealing with Gluu Server are run inside the container. Regarding the path - I believe it can be any path inside the container as long as Passport can access the file (keep in mind it runs under "node" user, it won't have permission to access some directories by default)

Post an answer