Gluu OIDC Client Not Returning all Scopes

By: Joseph Haun user 17 Mar 2020 at 12:28 p.m. CDT

4 Responses
Joseph Haun gravatar
Hello, I am attempting to configure a Gluu server as an OpenID Connect provider. I have gone through the steps [here](https://gluu.org/docs/ce/4.1/admin-guide/openid-connect/). I have been able to use the metadata link to access the information for the setup on an another server that has a web backend to allow for test logins. Test logins through this server seem to correctly work, until I look at the user attributes that are returned. I receive the following attributes: at_hash, aud, sub, auth_time, iss, exp, iat, nonce, and oxOpenIDConnectVersion. What I expect to receive are these values along with profile, openid, permission, phone, address, email, user_name, and mobile_phone values. I am fairly new to Gluu and OpenID Connect, so maybe I am misunderstanding something here. Would anyone be able to point me in the right direction or give me a suggestion as to what they think is going wrong? If any log files are necessary, I will gladly provide them so long as they are explicitly named.
CentOS 8.0
closed

Answers

By Michael Schwartz Account Admin 17 Mar 2020 at 1:07 p.m. CDT

Copy
Michael Schwartz gravatar
1. Paste in the authz request you are sending 2. Paste client config summary information (you can get this from oxTrust by viewing the client)

By Joseph Haun user 17 Mar 2020 at 1:50 p.m. CDT

Copy
Joseph Haun gravatar
The client config summary is below. I am not certain what the authz request is or how to access it. Would you be able to point me towards it? OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** Test_OIDC - **Description:** A test setup of the OpenID Connect provider for an Ignition gateway. - **Client ID:** 7d00cd6d-89a8-490f-a461-8c66f87f843a - **Subject Type:** pairwise - **ClientSecret:** XXXXXXXXXXX - **Application Type:** web - **Persist Client Authorizations:** true - **Pre-Authorization:** false - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Login Redirect URIs:** [https://ec2-18-144-109-42.us-west-1.compute.amazonaws.com:8043/data/federate/callback/oidc] - **Grant types:** [authorization_code, refresh_token, password] - **Response types:** [code, token, id_token]

By Michael Schwartz Account Admin 17 Mar 2020 at 2:04 p.m. CDT

Copy
Michael Schwartz gravatar
Your application is sending the request to the authorization endpoint. I don't see any scopes. Did you use the client config summary option in oxTrust? BTW, you should also include the respective logs from oxAuth for your transaction (not the whole log, just the lines pertaining to your request).

By Joseph Haun user 19 Mar 2020 at 10:51 a.m. CDT

Copy
Joseph Haun gravatar
It seems as if my issues are on the Ignition gateway I am using, thanks for the help.

Post an answer