Hi, update, realised that the Gluu container timezone was different and set it right. And now, am getting a new error as below : {"error":"unauthorized_client","error_description":"The client is not authorized to request an access token using this method.","state":"eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjb252ZXJzYXRpb24iOiJlMXMxIiwic3RhdGUiOiJYNVhiODJZdVpjIn0."}

We do not have enough information here to help you. Can you share screenshots of the TR config in oxTrust? Also, do you see any logs from Shibboleth or oxAuth? Can you post the metadata for the SP?

Hi, The screenshot is attached herewith. I dont see much info in the logs. The SP metadata is below ``` <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://####.com/lms/auth/saml2/sp/metadata.php"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIID8DCCAtigAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDEPMA0GA1UEAwwGbW9vZGxlMQswCQYDVQQGEwJBVTEUMBIGA1UEBwwLbW9vZGxldmlsbGUxKTAnBgkqhkiG9w0BCQEWGmthbm5hbi52QHZlbmJhaW5mb3RlY2guY29tMQ0wCwYDVQQKDARUTlRQMQ8wDQYDVQQIDAZtb29kbGUxDzANBgNVBAsMBm1vb2RsZTAeFw0xOTA1MTgwODQxMjJaFw0yOTA1MTUwODQxMjJaMIGQMQ8wDQYDVQQDDAZtb29kbGUxCzAJBgNVBAYTAkFVMRQwEgYDVQQHDAttb29kbGV2aWxsZTEpMCcGCSqGSIb3DQEJARYaa2FubmFuLnZAdmVuYmFpbmZvdGVjaC5jb20xDTALBgNVBAoMBFROVFAxDzANBgNVBAgMBm1vb2RsZTEPMA0GA1UECwwGbW9vZGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Bc+e5to02Vj7EIKCPTJu7G4m1HyqiDow+QheO5BWHIYlUmCtqWObptYP+fSQx4TPy5ASiUUqR4Cf8wuV5Eoe+i4hm/5iJCEVFIAS1trJ2wChvXobs1Qdis6PVoyz93RZAvocxmi/qUvLKmDuOhTZ/qCa/1Uaz48szq2F+vTqUoVwBi83RQ7KLhoZb1GNTQJZWmm6HgjOwNtDoVIliaJiTVJn6lWRUtBxtEAmOY9R3uw8Jkygf+dPpc+bCmsH9m7RLusTIEpT5af9qHOpFfgDjJ5dU7W4DxNh/mhJAwe8UYLQ1e/c2/SzZ3+V8lbBmap0b4ZuQ4DnQ1xNGW2q4rshQIDAQABo1MwUTAdBgNVHQ4EFgQUiu7frr6+5t7ggojbJERFAx4oGd4wHwYDVR0jBBgwFoAUiu7frr6+5t7ggojbJERFAx4oGd4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApgXd+evYd9GAuuiGX/eR0P0ibLuR0XMHACxv0ldUxOwAUiOH/8LAFJKPtFJWoPC9WxTAioe6ErWWTDXtb08aU7H3kKXHkQDYk96kyP2k9bpbm4JA0D47KbGUjlgDz07qUFsZmvPGsvsSOzlMNQ/g6wUcuzoAvU4Dp3f5Pm7mI91KpbByY6jf8VmBcnw6v02QqkliBCjwcTaxsH0z0+Zq27IufOtmd8uUZJ//TodbjXjIEeLR3mz9yuUN70WN/8xu+nMiVgr5jFpyLiEib7VxPOboILFdaxTEdsNC/lNyxhWJDqMYnOry2tIXecLTVtzzIaBQ9XpErmbCRrpllQtJSw== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIID8DCCAtigAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDEPMA0GA1UEAwwGbW9vZGxlMQswCQYDVQQGEwJBVTEUMBIGA1UEBwwLbW9vZGxldmlsbGUxKTAnBgkqhkiG9w0BCQEWGmthbm5hbi52QHZlbmJhaW5mb3RlY2guY29tMQ0wCwYDVQQKDARUTlRQMQ8wDQYDVQQIDAZtb29kbGUxDzANBgNVBAsMBm1vb2RsZTAeFw0xOTA1MTgwODQxMjJaFw0yOTA1MTUwODQxMjJaMIGQMQ8wDQYDVQQDDAZtb29kbGUxCzAJBgNVBAYTAkFVMRQwEgYDVQQHDAttb29kbGV2aWxsZTEpMCcGCSqGSIb3DQEJARYaa2FubmFuLnZAdmVuYmFpbmZvdGVjaC5jb20xDTALBgNVBAoMBFROVFAxDzANBgNVBAgMBm1vb2RsZTEPMA0GA1UECwwGbW9vZGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Bc+e5to02Vj7EIKCPTJu7G4m1HyqiDow+QheO5BWHIYlUmCtqWObptYP+fSQx4TPy5ASiUUqR4Cf8wuV5Eoe+i4hm/5iJCEVFIAS1trJ2wChvXobs1Qdis6PVoyz93RZAvocxmi/qUvLKmDuOhTZ/qCa/1Uaz48szq2F+vTqUoVwBi83RQ7KLhoZb1GNTQJZWmm6HgjOwNtDoVIliaJiTVJn6lWRUtBxtEAmOY9R3uw8Jkygf+dPpc+bCmsH9m7RLusTIEpT5af9qHOpFfgDjJ5dU7W4DxNh/mhJAwe8UYLQ1e/c2/SzZ3+V8lbBmap0b4ZuQ4DnQ1xNGW2q4rshQIDAQABo1MwUTAdBgNVHQ4EFgQUiu7frr6+5t7ggojbJERFAx4oGd4wHwYDVR0jBBgwFoAUiu7frr6+5t7ggojbJERFAx4oGd4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApgXd+evYd9GAuuiGX/eR0P0ibLuR0XMHACxv0ldUxOwAUiOH/8LAFJKPtFJWoPC9WxTAioe6ErWWTDXtb08aU7H3kKXHkQDYk96kyP2k9bpbm4JA0D47KbGUjlgDz07qUFsZmvPGsvsSOzlMNQ/g6wUcuzoAvU4Dp3f5Pm7mI91KpbByY6jf8VmBcnw6v02QqkliBCjwcTaxsH0z0+Zq27IufOtmd8uUZJ//TodbjXjIEeLR3mz9yuUN70WN/8xu+nMiVgr5jFpyLiEib7VxPOboILFdaxTEdsNC/lNyxhWJDqMYnOry2tIXecLTVtzzIaBQ9XpErmbCRrpllQtJSw== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://#####/lms/auth/saml2/sp/saml2-logout.php/#####.com"/> <md:NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified </md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://#####/lms/auth/saml2/sp/saml2-acs.php/####.com" index="0"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https:/#####/lms/auth/saml2/sp/saml1-acs.php/#####.com" index="1"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://#####/lms/auth/saml2/sp/saml2-acs.php#####.com" index="2"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https:/#####/lms/auth/saml2/sp/saml1-acs.php/####.com" index="3"/> </md:SPSSODescriptor> <md:Organization> <md:OrganizationName xml:lang="en">TNTP</md:OrganizationName> <md:OrganizationDisplayName xml:lang="en">Tamil Nadu Teachers Platform</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="en">https://#######.com/lms</md:OrganizationURL> </md:Organization> <md:ContactPerson contactType="technical"> <md:GivenName>Admin</md:GivenName> <md:SurName>User</md:SurName> <md:EmailAddress>noreply@######.com</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor> ```

Hi, Kannan. Is there some confusion, perhaps? The error message you provided [here](https://support.gluu.org/single-sign-on/7079/web-login-service-message-security-error/#at48528) doesn't belong to SAML world, it's something you usually see only in OpenID Connect flows. I suppose your initial issue with SAML was due to incorrect time at your Gluu host (please install and configure **ntpd** there, for hosts handling authentication it's a mandatory component). For OIDC errors, you need to check `/opt/gluu/jetty/oxauth/logs/oxauth.log`. Please provide us related section of logs to study, even if you won't see anything suspicious there - or we hardly will be able to help you. Please also record your failing flow where you see this error and export it as a HAR file, then share it with us, together with the logs related to the same period. You can use steps listed [here](https://www.inflectra.com/support/knowledgebase/kb254.aspx) - please use Firefox for that task, Chrome's HARs are flawed. Also don't forget to set "Persist log" and "Disable cache" checkboxes in the console to save everything, not just the recently loaded page.

Yes, But I do not use OIDC, (though I tried it earlier but disabled it), Now I am having only SAML and the OIDC clients have all been deleted.

> and the OIDC clients have all been deleted. Could you elaborate? There is a set of system OIDC clients which are required for the Gluu itself to stay functional (please see attached screenshot). You must not delete them under any circumstances. If you've deleted some of those, I hope you have some backup pre-dating this change, so you can revert to it?

Hi, I did a reinstallation of Gluu and things seems to be working better now. Thanks

Hi, I did a reinstallation of Gluu and things seems to be working better now. Thanks

Hi, I did a reinstallation of Gluu and things seems to be working better now. Thanks