By: Ronald R. user 06 May 2019 at 6:20 p.m. CDT

6 Responses
Ronald R. gravatar
It seems like such a basic question that I'd rather not ask, however I've been searching everywhere and was unable to get this working. I've installed Gluu and Nextcloud with the Social login plugin on another server. I'm trying to authenticate my nextcloud installation with my Gluu instance. Unfortunately I'm very new to Gluu and SSO in particular but I want to learn. The NC addon is asking me for the following: ``` Authorize url Token url User info URL Client Id Client Secret Scope ``` After searching the docs I came to the following which, unfortunately, seems wrong. ``` Authorize url: https://idp.hostname/oxauth/restv1/authorize Token url: https://idp.hostname/oxauth/restv1/token User info URL: blank Client Id: Generated by Gluu Client Secret: Generated by Gluu Scope: email ``` As I want my users to login with their email address I've set "scope" to email. This might, however, be the wrong method of achieving this. In Gluu under OpenID Connect > Clients I created a new client with the following config: ``` OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** Nextcloud - **Description:** Nextcloud - **Client ID:** XXXXXXXXXXX - **Subject Type:** public - **Expirattion date:** Sat May 06 00:00:00 UTC 2119 - **ClientSecret:** XXXXXXXXXXX - **Application Type:** web - **Persist Client Authorizations:** true - **Pre-Authorization:** true - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Login Redirect URIs:** [https://nextcloudserver/index.php/apps/sociallogin/custom_oidc/Gluu] - **Scopes:** [email, openid, profile] - **Grant types:** [authorization_code] - **Response types:** [code] ``` When trying to login to NC with the Social Login feature I'm presented with the following error: ``` {"error":"invalid_request_redirect_uri","error_description":"The redirect_uri in the Authorization Request does not match any of the Client's pre-registered redirect_uris.","state":"HA-S2TR5WI8VA9X0DGPUE643YMF1OJBZHCQNKL7"} ``` Anyone here that can help me out with the correct "Authorize" and "Token" URL, and anything else that might be wrong with this configuration? I'm also wondering how I would define a users role/permission within Gluu in order to have effect on, for example, NC. Thanks in advance for any guidance in, what must be, an easy matter.

By Ronald R. user 06 May 2019 at 6:45 p.m. CDT

Ronald R. gravatar
After searching this forum some more I've changed my "Login redirect URI". This seems to have brought me one step closer. NC is currently presenting me with the following error message: ``` Unable to exchange code for API access token. HTTP error 401. Raw Provider API response: {"error":"invalid_client","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client."}. ```

By Michael Schwartz staff 07 May 2019 at 4:23 a.m. CDT

Michael Schwartz gravatar
@Mohit.Mali can dive into this? I'd really like to see the Nextcloud integration working. If it's not well documented, can you fix?

By Mohit Mali staff 08 May 2019 at 6:04 a.m. CDT

Mohit Mali gravatar
hi @Ronald R , Thanks for reaching out gluu support , I will assist you on this issue. Let me figured out Next Cloud Integration with GLuu. Is you are following this documentation of gluu with next cloud integration ? Thanks and Regards Mohit Mali

By Mohit Mali staff 08 May 2019 at 7:58 a.m. CDT

Mohit Mali gravatar
hi @Ronald R , May i know the next cloud version you are using ?

By Ronald R. user 08 May 2019 at 5:26 p.m. CDT

Ronald R. gravatar
Hi @Mohit.Mali, Thanks for your reply. I'm running NC version 16 (latest). I have tried the NC plugin provided by Gluu, however it has only been tested against version 11 of NC which I consider to old to be running on a soon to be production server. Instead I've choses to go with the Social Login plugin: This plugin is regularly updated and allows to setup login to an external OpenID Connect provider, in my case this would be the Gluu server. Kind regards, Ronald.

By Mohit Mali staff 09 May 2019 at 5:46 a.m. CDT

Mohit Mali gravatar
hi @Ronald R, I have just check the plugin with NC version 16 (Latest), its working fine so please use gluu plugin to connect with OpenID Connect. please follow this document. 1. Installed Next cloud 16. 2. Gluu server 3. oxd server follow the link it will work thanks