Hi Vinay , Since this is a new installation , did you choose to install shibboleth when you activated `./setup` ? you should see an option like this `Install Shibboleth SAML IDP` and its default is not to install. Just run another clean installation with activating that option.

Hi, I did select Shibboleth during set-up (all available options were enabled during setup). Its not a new installation as we're currently using it as an openid IDP. There was a need to now use SAML (which was never used in the past). I don't think I'll be able to do a clean install as it will break existing integrations. Do you need any additional logs/information to help you troubleshoot?

sure , can you provide these logs : `install/community-edition-setup/setup.log` the `setup_error.log`

Vinay, Two things we would check in this case..... 1. How much memory you have in your VM? 2. There should be some other error before the stack trace you shared, see of there is any issue with localhost: 1636 connectivity or not. 3. Are you using 3.1.5?

Hi, Apologies for the delay. I upgraded to 3.15 to see if that would solve the 503 error with the Shibboleth IDP, but that didn't help either. The original installation logs are here: * setup.log: https://files.engag3d.com/s/H4KYD74XdkKw2SE * setup_error.log: https://files.engag3d.com/s/zTeZRJL7BqXFw5f The full shibboleth idp log (after restarting idp service): ``` 2019-03-03 15:08:22,823 - INFO [net.shibboleth.idp.log.LogbackLoggingService:240] - Shibboleth IdP Version 3.3.3 2019-03-03 15:08:22,830 - INFO [net.shibboleth.idp.log.LogbackLoggingService:241] - Java version='1.8.0_181' vendor='Oracle Corporation' 2019-03-03 15:08:22,837 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:199] - Service 'shibboleth.LoggingService': Reload time set to: 300000, starting refresh thread 2019-03-03 15:08:22,894 - INFO [org.opensaml.core.config.InitializationService:48] - Initializing OpenSAML using the Java Services API 2019-03-03 15:08:23,943 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160 2019-03-03 15:08:23,948 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 2019-03-03 15:08:23,960 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 2019-03-03 15:08:24,204 - WARN [net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext:551] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.be$ 2019-03-03 15:08:24,217 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.LoggingService': Starting shutdown 2019-03-03 15:08:24,220 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.LoggingService': Completing shutdown 2019-03-03 15:08:24,250 - ERROR [org.springframework.web.context.ContextLoader:350] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SessionManager' defined in URL [file:/opt/shibboleth-idp/system/conf/session-manager-system.xml]: Cannot resolv$ at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:687) ``` I can see that the IDP service is running. ``` <Gluu Shell> root@sso:~# service idp status Jetty running pid=26084 JAVA = /opt/jre/bin/java JAVA_OPTIONS = -server -Xms256m -Xmx536m -XX:MaxMetaspaceSize=231m -XX:+DisableExplicitGC -XX:+UseG1GC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/idp -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/idp -Djava.io.tmpdir=/opt/jetty-9.4/temp JETTY_HOME = /opt/jetty JETTY_BASE = /opt/gluu/jetty/idp START_D = /opt/gluu/jetty/idp/start.d START_INI = /opt/gluu/jetty/idp/start.ini JETTY_START = /opt/jetty/start.jar JETTY_CONF = /opt/jetty/etc/jetty.conf JETTY_ARGS = jetty.http.host=localhost jetty.http.port=8086 jetty.state=/opt/gluu/jetty/idp/idp.state jetty-started.xml JETTY_RUN = /var/run/jetty JETTY_PID = /var/run/jetty/idp.pid JETTY_START_LOG = /var/run/jetty/idp-start.log JETTY_STATE = /opt/gluu/jetty/idp/idp.state JETTY_START_TIMEOUT = 60 RUN_CMD = /opt/jre/bin/java -server -Xms256m -Xmx536m -XX:MaxMetaspaceSize=231m -XX:+DisableExplicitGC -XX:+UseG1GC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/idp -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/idp -Djava.io.tmpdir=/opt/jetty-9.4/temp -jar /opt/jetty/start.jar jetty.http.host=localhost jetty.http.port=8086 jetty.state=/opt/gluu/jetty/idp/idp.state jetty-started.xml ``` Server spec (this is a very low utilised server, ~ 10 active users) CPU: 2vCPU Mem: 4GB free -m: ``` total used free shared buff/cache available Mem: 3885 2328 211 1 1345 1314 Swap: 0 0 0 ``` Please let me know if you need to look at any other logs/data.

Please try in 8GB memory server. 4GB is bare minimum for Gluu Server installation which might take a longer time to load shibboleth.

Hi, I've upgraded the memory on the server to 8 GB. I don't believe its under memory pressure. ``` total used free shared buff/cache available Mem: 7875 2408 4183 1 1283 5223 Swap: 0 0 0 ``` The IDP start up logs have this: ``` 2019-03-03 15:08:22,823 - INFO [net.shibboleth.idp.log.LogbackLoggingService:240] - Shibboleth IdP Version 3.3.3 2019-03-03 15:08:22,830 - INFO [net.shibboleth.idp.log.LogbackLoggingService:241] - Java version='1.8.0_181' vendor='Oracle Corporation' 2019-03-03 15:08:22,837 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:199] - Service 'shibboleth.LoggingService': Reload time set to: 300000, starting refresh thread 2019-03-03 15:08:22,894 - INFO [org.opensaml.core.config.InitializationService:48] - Initializing OpenSAML using the Java Services API 2019-03-03 15:08:23,943 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160 2019-03-03 15:08:23,948 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 2019-03-03 15:08:23,960 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 2019-03-03 15:08:24,204 - WARN [net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext:551] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SessionManager' defined in URL [file:/opt/shibboleth-idp/system/conf/session-manager-system.xml]: Cannot resolve reference to bean '#{''.trim()}' while setting bean property 'storageService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available 2019-03-03 15:08:24,217 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.LoggingService': Starting shutdown 2019-03-03 15:08:24,220 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.LoggingService': Completing shutdown 2019-03-03 15:08:24,250 - ERROR [org.springframework.web.context.ContextLoader:350] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SessionManager' defined in URL [file:/opt/shibboleth-idp/system/conf/session-manager-system.xml]: Cannot resolve reference to bean '#{''.trim()}' while setting bean property 'storageService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:687) 2019-03-03 15:57:42,345 - INFO [net.shibboleth.idp.log.LogbackLoggingService:240] - Shibboleth IdP Version 3.3.3 2019-03-03 15:57:42,352 - INFO [net.shibboleth.idp.log.LogbackLoggingService:241] - Java version='1.8.0_181' vendor='Oracle Corporation' 2019-03-03 15:57:42,358 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:199] - Service 'shibboleth.LoggingService': Reload time set to: 300000, starting refresh thread 2019-03-03 15:57:42,412 - INFO [org.opensaml.core.config.InitializationService:48] - Initializing OpenSAML using the Java Services API 2019-03-03 15:57:43,202 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160 2019-03-03 15:57:43,207 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 2019-03-03 15:57:43,218 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 2019-03-03 15:57:43,458 - WARN [net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext:551] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SessionManager' defined in URL [file:/opt/shibboleth-idp/system/conf/session-manager-system.xml]: Cannot resolve reference to bean '#{''.trim()}' while setting bean property 'storageService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available 2019-03-03 15:57:43,463 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.LoggingService': Starting shutdown 2019-03-03 15:57:43,464 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.LoggingService': Completing shutdown 2019-03-03 15:57:43,486 - ERROR [org.springframework.web.context.ContextLoader:350] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SessionManager' defined in URL [file:/opt/shibboleth-idp/system/conf/session-manager-system.xml]: Cannot resolve reference to bean '#{''.trim()}' while setting bean property 'storageService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:687 ``` #### **Specifically, its this error:** ``` 2019-03-03 15:57:43,486 - ERROR [org.springframework.web.context.ContextLoader:350] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SessionManager' defined in URL [file:/opt/shibboleth-idp/system/conf/session-manager-system.xml]: Cannot resolve reference to bean '#{''.trim()}' while setting bean property 'storageService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' available at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:687 ```

i will test and share a screencast wih you tomorrow.

In response to your earlier question, > There should be some other error before the stack trace you shared, see of there is any issue with localhost: 1636 connectivity or not. > ``` root@sso:/# netstat -aon | grep 1636 tcp6 0 0 127.0.0.1:1636 :::* LISTEN off (0.00/0/0) tcp6 0 0 127.0.0.1:58240 127.0.0.1:1636 ESTABLISHED keepalive (6045.40/0/0) tcp6 0 0 127.0.0.1:58482 127.0.0.1:1636 ESTABLISHED keepalive (7174.61/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58246 ESTABLISHED keepalive (6056.36/0/0) tcp6 0 0 127.0.0.1:58454 127.0.0.1:1636 TIME_WAIT timewait (35.70/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58440 ESTABLISHED keepalive (6945.85/0/0) tcp6 0 0 127.0.0.1:58232 127.0.0.1:1636 ESTABLISHED keepalive (6032.83/0/0) tcp6 0 0 127.0.0.1:58452 127.0.0.1:1636 TIME_WAIT timewait (34.80/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58276 ESTABLISHED keepalive (6212.68/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58248 ESTABLISHED keepalive (6062.60/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58484 ESTABLISHED keepalive (7175.50/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58232 ESTABLISHED keepalive (6032.83/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58316 ESTABLISHED keepalive (6422.86/0/0) tcp6 0 0 127.0.0.1:58440 127.0.0.1:1636 ESTABLISHED keepalive (6945.85/0/0) tcp6 0 0 127.0.0.1:58246 127.0.0.1:1636 ESTABLISHED keepalive (6056.36/0/0) tcp6 0 0 127.0.0.1:58376 127.0.0.1:1636 ESTABLISHED keepalive (6765.54/0/0) tcp6 0 0 127.0.0.1:58248 127.0.0.1:1636 ESTABLISHED keepalive (6062.60/0/0) tcp6 0 0 127.0.0.1:58316 127.0.0.1:1636 ESTABLISHED keepalive (6422.86/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58240 ESTABLISHED keepalive (6045.40/0/0) tcp6 0 0 127.0.0.1:58484 127.0.0.1:1636 ESTABLISHED keepalive (7175.50/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58482 ESTABLISHED keepalive (7174.61/0/0) tcp6 0 0 127.0.0.1:1636 127.0.0.1:58376 ESTABLISHED keepalive (6765.54/0/0) tcp6 0 0 127.0.0.1:58276 127.0.0.1:1636 ESTABLISHED keepalive (6212.68/0/0) ``` attempting a connection to localhost:1636 ``` root@sso:# curl -viHD 127.0.0.1:1636/idp/shibboleth * Trying 127.0.0.1... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 1636 (#0) > GET /idp/shibboleth HTTP/1.1 > Host: 127.0.0.1:1636 > User-Agent: curl/7.58.0 > Accept: */* > * Empty reply from server * Connection #0 to host 127.0.0.1 left intact curl: (52) Empty reply from server root@sso:/# curl -viHD 127.0.0.1:1636/idp * Trying 127.0.0.1... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 1636 (#0) > GET /idp HTTP/1.1 > Host: 127.0.0.1:1636 > User-Agent: curl/7.58.0 > Accept: */* > * Empty reply from server * Connection #0 to host 127.0.0.1 left intact curl: (52) Empty reply from server root@sso:# curl -viHD 127.0.0.1:1636 * Rebuilt URL to: 127.0.0.1:1636/ * Trying 127.0.0.1... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 1636 (#0) > GET / HTTP/1.1 > Host: 127.0.0.1:1636 > User-Agent: curl/7.58.0 > Accept: */* > * Empty reply from server * Connection #0 to host 127.0.0.1 left intact curl: (52) Empty reply from server ```

Vinay, I did not have any issue installing 3.1.5 with Shibboleth. If you can share your gmail address, I'll share the screencast with you.

Hi Mohib, As you can see from the logs, the version installed initially was 3.1.4. As I was getting the service unavailable error, I upgraded to 3.1.5 with the hope that the update would fix the issue. The problem persists version 3.1.5. I can easily do a clean install of 3.1.5, but there are a couple of things that are blockers: 1. It's a system in use and a new installation will be disruptive 2. It has a lot of branding customisations that will need to be replicated. Is there a way to migrate these with minimal effort? Please feel free to share the screencast at vinay.sastry at engag3d dot com

&gt;&gt; As you can see from the logs, the version installed initially was 3.1.4. As I was getting the service unavailable error, I upgraded to 3.1.5 You should have informed that to me first, time would be saved. &gt;&gt; As I was getting the service unavailable error, I upgraded to 3.1.5 with the hope that the update would fix the issue. This is not the problem with Gluu Server, we have numerous customers who are using 3.1.4 in their production with SAML. &gt;&gt; Is there a way to migrate these with minimal effort? There is no minimal effort; you have to do what you have to do. Issue is why it was throwing error in 3.1.4 then. &gt;&gt; Please feel free to share the screencast at vinay.sastry at engag3d dot com No point sharing that because it won't help you. What I need to know from you now ( no information hidden this time please ): - How I can try to reproduce your 3.1.4 environment? That said: - What hostname you used. - How much memory you used / how much CPU you used. - How many Trust relationship there is It's better if you share 'setup.properties.last' from your 3.1.4 installation, we will have an idea.

Hi Mohib, In response to your comments: &gt; You should have informed that to me first, time would be saved. **I did.** If you had read my post here: https://support.gluu.org/single-sign-on/6722/shibboleth-idp-metadata-not-available-503-error/#at45682 **You would have clearly seen that the initial version of Gluu was 3.1.4, and I upgraded to 3.1.5 when I encountered the error**. We had no need of SAML earlier as we exclusively use OpenID as the preferred method to authenticate. &gt; This is not the problem with Gluu Server, we have numerous customers who are using 3.1.4 in their production with SAML **How is the fact that I am getting a java error in shibboleth bundled with Gluu not a Gluu server problem**? I have no doubt that you have many customers using it in production, and it is a great product for what it offers. &gt; Issue is why it was throwing error in 3.1.4 then. I agree. Its throwing that error not only in 3.1.4, but also in 3.1.5 after I've successfully upgraded. &gt; What I need to know from you now ( no information hidden this time please ): &gt; **What else would you like to know?** I've already provided the installation logs, the error logs when shibboleth starts etc. &gt; How I can try to reproduce your 3.1.4 environment? &gt; &gt; That said: &gt; &gt; What hostname you used. #### **hostname: sso.engag3d.com** &gt; How much memory you used / how much CPU you used. #### **4vCPU / 8 GB RAM** &gt; How many Trust relationship there is **no SAML trust relationships (for obvious reasons) but have8 openID Connect clients configured.** &gt; It's better if you share 'setup.properties.last' from your 3.1.4 installation, we will have an idea. &gt; #### **'setup.properties.last'** ``` #Fri Oct 05 07:52:11 UTC 2018 jetty_version=9.4.12.v20180830 passport_rp_client_jks_pass=obfuscated install_dir=. ldapDsJavaPropCommand=/opt/opendj/bin/dsjavaproperties ldif_attributes=./output/attributes.ldif ldap_user_home=/home/ldap casa_war=http\://ox.gluu.org/maven/org/xdi/casa/3.1.4.Final/casa-3.1.4.Final.war accessLogConfFile=./static/openldap/accesslog.conf setup_properties_fn=./setup.properties apache2_ssl_conf=./output/https_gluu.conf httpdCertFn=/etc/certs/httpd.crt application_max_ram=5120 idp3_dist_jar=http\://ox.gluu.org/maven/org/xdi/oxShibbolethStatic/3.1.4.Final/oxShibbolethStatic-3.1.4.Final.jar oxauth_static_conf_json=./output/oxauth-static-conf.json jetty_user_home_lib=/home/jetty/lib downloadWars=False oxd_hostname=%(oxd_hostname)s opendj_cert_fn=/etc/certs/opendj.crt jreDestinationPath=/opt/jdk1.8.0_181 oxTrustCacheRefreshFolder=/var/ox/identity/cr-snapshots apache_start_script=/etc/init.d/httpd idp3_configuration_password_authn=authn/password-authn-config.xml gluuOptSystemFolder=/opt/gluu/system ldapCertFn=/etc/certs/opendj.crt ldif_site=./static/cache-refresh/o_site.ldif encoded_ldap_pw=obfuscated node_home=/opt/node ldapPass=obfuscated state=QLD passport_config=/etc/gluu/conf/passport-config.json certFolder=/etc/certs staticFolder=./static defaultTrustStorePW=obfuscated idp3_metadata=idp-metadata.xml passport_rs_client_jks_pass_encoded=obfuscated oxtrust_cache_refresh_json=./output/oxtrust-cache-refresh.json passportSpJksPass=obfuscated pairwiseCalculationSalt=obfuscated scim_rp_client_jks_fn=./output/scim-rp.jks passport_rp_client_jks_fn=/etc/certs/passport-rp.jks jre_version=181 ldap_admin_port=4444 openldapSchemaFolder=/opt/gluu/schema/openldap importLdifCommand=/opt/opendj/bin/import-ldif openldapSiteUser=cn\=directory manager,o\=site ldap_backend_type=je installAsimba=False ldif_asimba=./output/asimba.ldif openldapSymasConf=./output/symas-openldap.conf openldapConfFolder=/opt/symas/etc/openldap ldif_base=./output/base.ldif openldapLogrotate=./static/openldap/openldap_logrotate idp3_configuration_saml_nameid=saml-nameid.properties apache2_24_conf=./output/httpd_2.4.conf ldif_passport=./output/passport.ldif asimba_configuration=./output/asimba.xml ldif_people=./output/people.ldif installLdap=True jetty_user_home=/home/jetty oxauth_client_id=obfuscated oxTrust_log_rotation_configuration=/etc/gluu/conf/oxTrustLogRotationConfiguration.xml scim_rs_client_jks_pass_encoded=obfuscated httpdKeyFn=/etc/certs/httpd.key oxauth_error_json=./static/oxauth/oxauth-errors.json asimbaJksFn=/etc/certs/asimbaIDP.jks gluuOptBinFolder=/opt/gluu/bin openldapBaseFolder=/opt/symas oxtrust_import_person_json=./output/oxtrust-import-person.json passport_rp_client_cert_alg=RS512 allowPreReleasedApplications=False jython_home=/opt/jython loadLdifCommand=/opt/opendj/bin/ldapmodify cmd_dpkg=/usr/bin/dpkg openldapLogDir=/var/log/openldap/ casa_config=./output/casa.json gluu_python_base=/opt/gluu/python cmd_mkdir=/bin/mkdir idpClient_pw=obfuscated distFolder=/opt/dist idp3ConfFolder=/opt/shibboleth-idp/conf oxauth_rp_war=https\://ox.gluu.org/maven/org/xdi/oxauth-rp/3.1.4.Final/oxauth-rp-3.1.4.Final.war encoded_openldapJksPass=obfuscated inumApplianceFN=F4A439E27FD38E8D0002A4216893 apache2_ssl_24_conf=./output/https_gluu.conf inumAppliance=@!F4A4.39E2.7FD3.8E8D!0002!A421.6893 idp3_configuration_properties=idp.properties network=/etc/sysconfig/network node_user_home=/home/node distGluuFolder=/opt/dist/gluu idp3_configuration_services=services.properties oxauthClient_pw=obfuscated opendlapIndexDef=./static/openldap/index.json idp3_configuration_ldap_properties=ldap.properties ce_setup_zip=https\://github.com/GluuFederation/community-edition-setup/archive/version_3.1.4.zip ldapBaseFolder=/opt/opendj opendj_p12_pass=obfuscated idp3Folder=/opt/shibboleth-idp node_base=/opt/gluu/node passportSpTLSKey=/etc/certs/passport-sp.key passportSpKeyPass=obfuscated node_version=9.9.0 currentGluuVersion=3.1.4 ldif_passport_config=./output/oxpassport-config.ldif scim_rs_client_jks_pass=obfuscated idp3ConfAuthnFolder=/opt/shibboleth-idp/conf/authn oxauth_openid_jks_fn=/etc/certs/oxauth-keys.jks outputFolder=./output passport_initd_script=./static/system/initd/passport os_type=ubuntu gluuAccessLogConf=./static/openldap/o_gluu_accesslog.conf log=./setup.log jetty_home=/opt/jetty ldapTrustStoreFn=/etc/certs/opendj.pkcs12 oxd_port=%(oxd_port)s githubBranchName=version_3.1.4 openldapTLSCert=/etc/certs/openldap.crt templateFolder=./templates ldif_scim=./output/scim.ldif idp3_war=http\://ox.gluu.org/maven/org/xdi/oxshibbolethIdp/3.1.4.Final/oxshibbolethIdp-3.1.4.Final.war cmd_chgrp=/bin/chgrp inumOrgFN=F4A439E27FD38E8D00013437C2CD oxauth_config_json=./output/oxauth-config.json scim_rs_client_id=obfuscated gluu_passport_base=/opt/gluu/node/passport idp3CredentialsFolder=/opt/shibboleth-idp/credentials ldap_jmx_port=1689 default_key_algs=RS256 RS384 RS512 ES256 ES384 ES512 idpWarFullPath=/opt/dist/gluu/idp.war opensslCommand=/usr/bin/openssl ldif_idp=./output/oxidp.ldif installOxTrust=True system_profile_update=./output/system_profile ldap_port=1389 encoded_shib_jks_pw=obfuscated orgName=Engag3d Pty Ltd idp3MetadataCredentialsFolder=/opt/shibboleth-idp/metadata/credentials apache2_conf=./output/httpd.conf oxidp_config_json=./output/oxidp-config.json osDefault=/etc/default shibboleth_version=v3 openldapKeyPass=obfuscated openDjIndexJson=./static/opendj/index.json node_initd_script=./static/system/initd/node ldapDsconfigCommand=/opt/opendj/bin/dsconfig openDjSchemaFolder=/opt/opendj/config/schema oxBaseDataFolder=/var/ox asimba_configuration_xml=/etc/gluu/conf/asimba/asimba.xml city=Brisbane oxVersion=3.1.4.Final baseInum=@!F4A4.39E2.7FD3.8E8D idpClient_encoded_pw=obfuscated os_version=16 asimbaJksPass=nZngFN1GwcVZ ox_ldap_properties=/etc/gluu/conf/ox-ldap.properties openldapRootUser=cn\=directory manager,o\=gluu ldaps_port=1636 jython_version=2.7.2a logError=./setup_error.log ldif_appliance=./output/appliance.ldif asimba_selector_configuration_xml=/etc/gluu/conf/asimba/asimba-selector.xml openldapTLSKey=/etc/certs/openldap.key staticIDP3FolderMetadata=./static/idp3/metadata opendj_p12_fn=/etc/certs/opendj.pkcs12 oxTrustConfigGeneration=true oxPhotosFolder=/var/ox/photos shibJksFn=/etc/certs/shibIDP.jks os_initdaemon=systemd passportSpTLSCACert=/etc/certs/passport-sp.pem distAppFolder=/opt/dist/app jetty_dist=/opt/jetty-9.4 passport_rp_client_id=obfuscated defaultTrustStoreFN=/opt/jre/jre/lib/security/cacerts ldapModifyCommand=/opt/opendj/bin/ldapmodify idp3MetadataFolder=/opt/shibboleth-idp/metadata pairwiseCalculationKey=obfuscated ldif_groups=./output/groups.ldif asimba_selector_configuration=./output/asimba-selector.xml ldif_clients=./output/clients.ldif scim_rp_client_jks_pass=obfuscated openldapP12Fn=/etc/certs/openldap.pkcs12 encoded_opendj_p12_pass=obfuscated opendj_version=3.0 openldapSyslogConf=./static/openldap/openldap-syslog.conf cmd_ln=/bin/ln passport_rp_client_cert_fn=/etc/certs/passport-rp.pem httpdKeyPass=obfuscated oxtrust_war=https\://ox.gluu.org/maven/org/xdi/oxtrust-server/3.1.4.Final/oxtrust-server-3.1.4.Final.war opendj_version_number=3.0.1.gluu ldap_site_binddn=cn\=directory manager installOxAuth=True cmd_java=/opt/jre/bin/java ldif_scopes=./output/scopes.ldif savedProperties=./setup.properties.last passport_saml_config=/etc/gluu/conf/passport-saml-config.json staticIDP3FolderConf=./static/idp3/conf ldif_scripts=./output/scripts.ldif admin_email=vinay.sastry@engag3d.com distTmpFolder=/opt/dist/tmp idp3LogsFolder=/opt/shibboleth-idp/logs passport_rs_client_jks_pass=obfuscated cmd_jar=/opt/jre/bin/jar oxauth_openid_jks_pass=obfuscated idp3WebappFolder=/opt/shibboleth-idp/webapp countryCode=AU ip=172.30.43.20 opendj_ldap_binddn=cn\=directory manager installSaml=True sysemProfile=/etc/profile ldap_setup_properties=./templates/opendj-setup.properties default_openid_jks_dn_name=CN\=oxAuth CA Certificates oxtrust_config_json=./output/oxtrust-config.json openldapTLSCACert=/etc/certs/openldap.pem installJce=True ldapDsCreateRcCommand=/opt/opendj/bin/create-rc-script ldapPassFn=/home/ldap/.pw oxTrustRemovedFolder=/var/ox/identity/removed passport_rs_client_jks_fn=/etc/certs/passport-rs.jks openldapSlapdConf=./output/slapd.conf encoded_ldapTrustStorePass=obfuscated encode_salt=obfuscated gluu_python_readme=/opt/gluu/python/libs/python.txt extensionFolder=./static/extension passportSpTLSCert=/etc/certs/passport-sp.crt java_1_8_jce_zip=http\://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip hostname=sso.engag3d.com jetty_base=/opt/gluu/jetty ldif_scripts_casa=./output/scripts_casa.ldif cmd_chmod=/bin/chmod inumOrg=@!F4A4.39E2.7FD3.8E8D!0001!3437.C2CD openldapJksPass=obfuscated asimba_conf_folder=/etc/gluu/conf/asimba allowDeprecatedApplications=False ldapSetupCommand=/opt/opendj/setup opendj_service_centos7=./static/opendj/systemd/opendj.service encoded_ox_ldap_pw=obfuscated passportSpJksFn=/etc/certs/passport-sp.jks openldapSetupAccessLog=False cmd_rpm=/bin/rpm idp3LibFolder=/opt/shibboleth-idp/lib cmd_keytool=/opt/jre/bin/keytool ldap_binddn=cn\=directory manager installHttpd=True passport_rs_client_id=obfuscated scim_rp_client_id=obfuscated asimba_war=http\://ox.gluu.org/maven/org/asimba/asimba-wa/3.1.4.Final/asimba-wa-3.1.4.Final.war gluuBaseFolder=/etc/gluu install_time_ldap=20181005074213Z apache_version=2.4 configFolder=/etc/gluu/conf openldapBinFolder=/opt/symas/bin oxauth_war=https\://ox.gluu.org/maven/org/xdi/oxauth-server/3.1.4.Final/oxauth-server-3.1.4.Final.war jre_home=/opt/jre ldap_type=opendj ldap_hostname=localhost openldapJksFn=/etc/certs/openldap.jks gluuOptPythonFolder=/opt/gluu/python oxauthClient_encoded_pw=obfuscated encode_script=/opt/gluu/bin/encode.py shibJksPass=obfuscated oxasimba_config_json=./output/oxasimba-config.json cmd_chown=/bin/chown opendj_init_file=./static/opendj/opendj scim_rs_client_jks_fn=/etc/certs/scim-rs.jks etc_hosts=/etc/hosts idp3_cml_keygenerator=http\://ox.gluu.org/maven/org/xdi/oxShibbolethKeyGenerator/3.1.4.Final/oxShibbolethKeyGenerator-3.1.4.Final.jar asimba_properties=./output/asimba.properties gluuOptFolder=/opt/gluu installPassport=True openldapRootSchemaFolder=/opt/gluu/schema rsyslogUbuntuInitFile=./static/system/ubuntu/rsyslog idp_client_id=obfuscated oxauth_openid_jwks_fn=/etc/certs/oxauth-keys.json ldif_configuration=./output/configuration.ldif etc_hostname=/etc/hostname installOxAuthRP=False ```

Vinary, Can you login into your Gluu instance ? or is that down as well.

I have no issues logging in to both the gluu instance or using gluu oidc connections to log users into sso apps

Hi Vinay, Any updates on your issue ?I am closing this ticket but feel free to reopen it if your issue remains.

Hi Mohammad, With no solution or guidance coming from Gluu support to resolve the problem, we decided to move away from using the Gluu server, as it was preventing us from enabling a couple of critical integrations We have decommissioned the Gluu server and will not be using it again.