Can you post links to screenshots of all your configuration pages for the plugin and in Gluu? Thanks,. Will

Gluu WP Plugin: https://cdn.discordapp.com/attachments/538081577016492044/538081611770495006/unknown.png https://cdn.discordapp.com/attachments/538081577016492044/538081811104792598/unknown.png oxd JSON from client-side oxd installation: oxd-default-site-condif.json ``` { "op_host": "https://login.datasciencedojo.com", "op_discovery_path": "", "response_types": [ "code" ], "grant_type": [ "authorization_code" ], "acr_values": [ "" ], "scope": [ "openid", "profile", "email" ], "ui_locales": [ "en" ], "claims_locales": [ "en" ], "contacts": [ "stmoree@gmail.com, ahsan@datasciencedojo.com" ] } ``` oxd-conf.json ``` { "port":8099, "localhost_only":true, "time_out_in_seconds":0, "use_client_authentication_for_pat":true, "trust_all_certs":true, "trust_store_path":"", "trust_store_password":"", "crypt_provider_key_store_path":"", "crypt_provider_key_store_password":"", "crypt_provider_dn_name":"", "support-google-logout":false, "state_expiration_in_minutes":5, "nonce_expiration_in_minutes":5, "public_op_key_cache_expiration_in_minutes":60, "protect_commands_with_access_token":false, "uma2_auto_register_claims_gathering_endpoint_as_redirect_uri_of_client":true, "migration_source_folder_path":"", "storage":"h2", "storage_configuration": { "dbFileLocation":"/opt/oxd-server/data/oxd_db" } } ``` Gluu server (OP): https://cdn.discordapp.com/attachments/538081577016492044/538082686288527360/unknown.png https://cdn.discordapp.com/attachments/538081577016492044/538083114749001730/unknown.png https://cdn.discordapp.com/attachments/538081577016492044/538083382639460358/unknown.png I do see two clientID's from the web app im trying to link here, however ive added email scope to both and only the one that matches the clientid of the plugin i assume matters(?)

I quickly notice that in your plugin, the site login uri field is empty.. that should be your wordpress admin url , e.g. `https://mysite.com/wp-admin` You can fix that and try again. It shouldnt affect the email claim being passed though but it might. Everything else looks right to me.

Updated to include the site login uri; same result however.

hmm ok , I will ask the developer to take a look. Stay tuned.

Hi Scott, Can you please upload the oxd server log file

Oxd log for yesterday is here : https://cdn.discordapp.com/attachments/538081577016492044/538402699322851341/oxd-server.log.2019-01-24 Inccidently if i use OpenID Connect debugger @ https://oidcdebugger.com It and send form, I get sent to the OP, enter credentials, then im simple in the admin UI of the OP and not directed to the redirect URI(dont know if this is relevant, or expected as i need to define a Sector Identifier - the documentation no longer matches current UI so its a bit confusing.

Not sure why it is reflecting that i am closing the ticket in the history, I am not, I still need assistance :)

Hi Scott , From oxd logs I can see some unknow error happened .Can you please send the oxAuth log file from Gluu server for the same date ?

https://cdn.discordapp.com/attachments/538081577016492044/538596116598620171/oxAughtLog-1-24-19.txt Here it is.

Thanks for the logs, The basic and required scope for OIDC is openid but as per your below screenshot you have not added Openid as a scope https://cdn.discordapp.com/attachments/538081577016492044/538083382639460358/unknown.png So openid scope has to be added to the OIDC client in Gluu server.

I did not see any openid scope in the list of those i can add so i created one and added it. I am however still getting the same results however. ``` 2019-01-28 15:42:43,289 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2019-01-28 15:42:43,582 ERROR [org.xdi.oxd.server.op.GetClientTokenOperation] access_token is blank in response, params: GetClientTokenParams{clientId='@!17CA.1768.35CE.95CD!0001!C610.A388!0008!A7EF.CFF0.9801.7F7F', opHost='https://login.datasciencedojo.com', opDiscoveryPath='null', scope=null, authenticationMethod='null', algorithm='null', keyId='null'}, response: org.xdi.oxauth.client.TokenResponse@440b9388 2019-01-28 15:42:43,582 ERROR [org.xdi.oxd.server.op.GetClientTokenOperation] Please check AS logs for more details (oxauth.log for CE). 2019-01-28 15:42:43,583 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","details":null,"error_description":"Unknown internal server error occurs."}} 2019-01-28 15:42:43,583 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2019-01-28 15:42:43,583 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:43,594 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_user_info","params":{"oxd_id":"372b6e92-0864-4cc8-abbc-8ebba0e185f8","access_token":null,"protection_access_token":false}} 2019-01-28 15:42:43,595 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2019-01-28 15:42:43,902 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"ok","data":{"claims":{},"refresh_token":null,"access_token":null}} 2019-01-28 15:42:43,904 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:43,904 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank. 2019-01-28 15:42:49,394 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:49,394 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank. 2019-01-28 15:42:52,419 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:52,419 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:52,419 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank. 2019-01-28 15:42:52,419 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_client_token","params":{"op_host":"https://login.datasciencedojo.com","oxd_id":"372b6e92-0864-4cc8-abbc-8ebba0e185f8","client_id":"@!17CA.1768.35CE.95CD!0001!C610.A388!0008!A7EF.CFF0.9801.7F7F","":"6009777b-cd17-42af-973a-b4fa69bc0f2a"}} 2019-01-28 15:42:52,422 TRACE [org.xdi.oxd.server.service.RpService] Found rp by client_id: @!17CA.1768.35CE.95CD!0001!C610.A388!0008!A7EF.CFF0.9801.7F7F, rp: Rp{oxdId='793aa7a0-1bed-4e2b-a583-fe6f35309fc7', opHost='https://login.datasciencedojo.com', opDiscoveryPath='null', idToken='null', accessToken='null', authorizationRedirectUri='https://tutorials.datasciencedojo.com/index.php?option=oxdOpenId', postLogoutRedirectUri='https://tutorials.datasciencedojo.com/index.php?option=allLogout', applicationType='web', redirectUris=[https://tutorials.datasciencedojo.com/index.php?option=oxdOpenId], frontChannelLogoutUri=null, claimsRedirectUri=[], responseTypes=[code], clientId='@!17CA.1768.35CE.95CD!0001!C610.A388!0008!A7EF.CFF0.9801.7F7F', clientRegistrationAccessToken='9656e015-61f3-4f30-b41c-c3c046afd7e7', clientRegistrationClientUri='https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/register?client_id=@!17CA.1768.35CE.95CD!0001!C610.A388!0008!A7EF.CFF0.9801.7F7F', clientIdIssuedAt=Sun Jan 27 21:41:07 UTC 2019, clientSecretExpiresAt=Mon Jan 28 21:41:07 UTC 2019, clientName='null', sectorIdentifierUri='null', clientJwksUri='null', setupClient='true', setupOxdId='null', setupClientId='null', scope=[address, test, clientinfo, email, permission, user_name, profile, mobile_phone, phone, uma_protection, oxd], uiLocales=[en], claimsLocales=[en], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[stmoree@gmail.com], userId='null', userSecret='null', pat='null', patExpiresIn=0, patCreatedAt=null, patRefreshToken='null', umaProtectedResources=[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt=null, rptCreatedAt=null, rptUpgraded=null, tokenEndpointAuthSigningAlg=null, tokenEndpointAuthMethod=null, oxdRpProgrammingLanguage=null} 2019-01-28 15:42:52,422 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2019-01-28 15:42:52,724 ERROR [org.xdi.oxd.server.op.GetClientTokenOperation] access_token is blank in response, params: GetClientTokenParams{clientId='@!17CA.1768.35CE.95CD!0001!C610.A388!0008!A7EF.CFF0.9801.7F7F', opHost='https://login.datasciencedojo.com', opDiscoveryPath='null', scope=null, authenticationMethod='null', algorithm='null', keyId='null'}, response: org.xdi.oxauth.client.TokenResponse@3683002c 2019-01-28 15:42:52,724 ERROR [org.xdi.oxd.server.op.GetClientTokenOperation] Please check AS logs for more details (oxauth.log for CE). 2019-01-28 15:42:52,724 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","details":null,"error_description":"Unknown internal server error occurs."}} 2019-01-28 15:42:52,724 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2019-01-28 15:42:52,724 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:52,725 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_authorization_url","params":{"oxd_id":"372b6e92-0864-4cc8-abbc-8ebba0e185f8","acr_values":null,"prompt":null,"scope":["openid","profile","email"],"hd":null,"protection_access_token":false}} 2019-01-28 15:42:52,725 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"ok","data":{"authorization_url":"https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/authorize?response_type=code&client_id=@!17CA.1768.35CE.95CD!0001!C610.A388!0008!447A.8C55.6054.A570&redirect_uri=https://tutorials.datasciencedojo.com/index.php?option=oxdOpenId&scope=openid+profile+email&state=vif0a21v1b4t4m6iefj065s5lb&nonce=ek4tg46gms6sc15lp8amu10dii"}} 2019-01-28 15:42:52,725 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2019-01-28 15:42:52,725 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank. ``` ``` 2019-01-28 15:42:52,685 INFO [qtp1100439041-14] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:234) - Basic authentication failed java.lang.Exception: The Token Authentication Method is not valid. at org.xdi.oxauth.auth.AuthenticationFilter.processBasicAuth(AuthenticationFilter.java:207) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.access$300(AuthenticationFilter.java:67) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter$1.process(AuthenticationFilter.java:116) [classes/:?] at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:89) [classes/:?] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] ``` https://cdn.discordapp.com/attachments/538081577016492044/539472201200697374/unknown.png https://cdn.discordapp.com/attachments/538081577016492044/539472420717723649/unknown.png

I am assuming the root cuase of this is related to the 'openid' scope not being there. Creating a custom scope and calling it openid just isnt the same :) Why would this default scope not be listed?

yes, definitely. openid should be released as a default scope. You indicated in this ticket that youre using Gluu 3.1.5, but from your screenshots I can see that its not actually 3.1.5. Can you confirm which version this is, and whether it's a fresh install or an upgraded instance?

My apologies for the inaccurate information. Welcome to your Gluu Identity Appliance 3.0.1! is what i see in the GLUU UI So that is the version we have installed :) as you can see both in the UI and the openid-configuration endpoint json there is no standard 'openid' scope showing up. { "issuer": "https://login.datasciencedojo.com", "authorization_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/authorize", "token_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/token", "userinfo_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/userinfo", "clientinfo_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/clientinfo", "check_session_iframe": "https://login.datasciencedojo.com/oxauth/opiframe", "end_session_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/end_session", "jwks_uri": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/jwks", "registration_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/register", "validate_token_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/oxauth/validate", "id_generation_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/id", "introspection_endpoint": "https://login.datasciencedojo.com/oxauth/seam/resource/restv1/introspection", "scopes_supported": [ "address", "test", "clientinfo", "email", "permission", "user_name", "profile", "mobile_phone", "phone" ], https://cdn.discordapp.com/attachments/538081577016492044/539524976038903809/unknown.png This was a fresh installation on a VM we just spun up last week.

> This was a fresh installation on a VM we just spun up last week. You just spun up an installation of Gluu 3.0.1 ? The latest version is Gluu 3.1.5. Any reason for installing such an old version? It doesn't make sense that you don't have an OpenID scope there. Its a required scope for OpenID, which the Gluu Server has supported for many years. I think you should deploy the latest version of the server and try to re-configure the setup, making sure you fill all fields correctly, etc. from the start.

I was not the person who installed it (i dont have access to our cloud provider accounts) so no idea why such a old version was installed, but it was missing the standard openid scope. After realizing it was an old version i had a new machine provisioned with 3.1.4(was told he had trouble with 3.1.5 for some reason). I did exactly as i had before but this time saw the openid scope and now it is working perfectly. Thank you for your assistance.

> with 3.1.4 (was told he had trouble with 3.1.5 for some reason). OK.. feel free to open a new ticket to let us know about the issue experiences. We haven't heard about any blocking issues with installation of 3.1.5 yet. Thanks for confirming the rest. Will