By: Julien Bastin user 30 Apr 2020 at 2:11 p.m. CDT

3 Responses

Hello, I'm trying to use Azure AD as an OpenID Connect Provider, and I use Passport to do this. But when I'm trying to log in to Gluu with Azure AD, I type my credentials, it's working and after that return to Gluu with "Authentication Error". When I take a look at /opt/gluu/jetty/oxauth/logs/oxauth_script.log : ... **Passport. getUserProfile. Problem obtaining user profile json representation** ... ``` 2020-04-30 19:01:02,745 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - RPT Policy. Authorizing ... 2020-04-30 19:01:02,746 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - UmaRptPolicy. client_id = 1502.d05cb0bc-xxxxxxxxx 2020-04-30 19:01:02,746 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - UmaRptPolicy. Authorizing client 2020-04-30 19:01:16,295 INFO [qtp1590550415-11] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getPageForStep called 2020-04-30 19:01:16,331 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. prepareForStep called 1 2020-04-30 19:01:16,332 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. parseAllProviders. Adding providers 2020-04-30 19:01:16,584 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. parseProviderConfigs. Configured providers: 2020-04-30 19:01:16,584 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - {u'AzureAD': {'requestForEmail': False, 'displayName': u'Microsoft', 'emailLinkingSafe': False, 'type': u'openidconnect', 'logo_img': None, 'saml': False}} 2020-04-30 19:01:16,585 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. prepareForStep. A page to manually select an identity provider will be shown 2020-04-30 19:01:16,585 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getExtraParametersForStep called 2020-04-30 19:01:21,568 INFO [qtp1590550415-20] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1 called 2020-04-30 19:01:21,569 INFO [qtp1590550415-20] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1. Retrying step 1 2020-04-30 19:01:21,570 INFO [qtp1590550415-20] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getExtraParametersForStep called 2020-04-30 19:01:21,570 INFO [qtp1590550415-20] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getCountAuthenticationSteps called 2020-04-30 19:01:21,571 INFO [qtp1590550415-20] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getPageForStep called 2020-04-30 19:01:21,571 INFO [qtp1590550415-20] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getExtraParametersForStep called 2020-04-30 19:01:21,646 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. prepareForStep called 1 2020-04-30 19:01:21,646 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. parseAllProviders. Adding providers 2020-04-30 19:01:21,890 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. parseProviderConfigs. Configured providers: 2020-04-30 19:01:21,890 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - {u'AzureAD': {'requestForEmail': False, 'displayName': u'Microsoft', 'emailLinkingSafe': False, 'type': u'openidconnect', 'logo_img': None, 'saml': False}} 2020-04-30 19:01:21,894 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getPassportRedirectUrl. Obtaining token from passport at https://gluu.xxx.xxx/passport/token 2020-04-30 19:01:21,955 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getPassportRedirectUrl. Response was 200 2020-04-30 19:01:21,957 INFO [qtp1590550415-14] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getExtraParametersForStep called 2020-04-30 19:01:37,117 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1 called 2020-04-30 19:01:37,117 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1. JWT user profile token found 2020-04-30 19:01:37,118 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. validSignature. Checking JWT token signature 2020-04-30 19:01:37,120 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. validSignature. Validation result was True 2020-04-30 19:01:37,122 INFO [qtp1590550415-1585417] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getUserProfile. Problem obtaining user profile json representation 2020-04-30 19:01:37,122 ERROR [qtp1590550415-1585417] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:198) - null org.python.core.PyException: null ``` **Passport. getUserProfile. Problem obtaining user profile json representation** Thank you.

Ubuntu 18.04

closed

By Julien Bastin user 01 May 2020 at 2:53 a.m. CDT

Copy

Here is another screenshot.

Video or screenshot link

By Julien Bastin user 01 May 2020 at 3:05 a.m. CDT

Copy

``` if step == 1: # Get JWT token jwt_param = ServerUtil.getFirstValue(requestParameters, "user") if jwt_param != None: print "Passport. authenticate for step 1. JWT user profile token found" # Parse JWT and validate jwt = Jwt.parse(jwt_param) if not self.validSignature(jwt): return False if self.jwtHasExpired(jwt): return False (user_profile, jsonp) = self.getUserProfile(jwt) if user_profile == None: return False ``` ``` def getUserProfile(self, jwt): jwt_claims = jwt.getClaims() user_profile_json = None // HERE IF I DO print(jwt_claims.getClaimAsString("data")) I can see my token's data try: user_profile_json = CdiUtil.bean(EncryptionService).decrypt(jwt_claims.getClaimAsString("data")) user_profile = json.loads(user_profile_json) except: print "Passport. getUserProfile. Problem obtaining user profile json representation" return (user_profile, user_profile_json) ////////////////////////// Here is my token's data : {"uid":["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"],"mail":["xxxx@xxx.be"],"provider":"AzureAD","displayName":["Stagiaire xxx"],"givenName":["xxxx"],"cn":["xxxx xxxx"],"sn":["xxx"]} ```

By Mohib Zico Account Admin 06 May 2020 at 10:39 a.m. CDT

Copy

Hello Julien, Are you using custom passport-social script? Or, is it just out of the box Gluu setup?

You need to Login in order to post an answer

Passport - Azure AD - "Problem obtaining user profile."

By: Julien Bastin user 30 Apr 2020 at 2:11 p.m. CDT

Answers

By Julien Bastin user 01 May 2020 at 2:53 a.m. CDT

By Julien Bastin user 01 May 2020 at 3:05 a.m. CDT

By Mohib Zico Account Admin 06 May 2020 at 10:39 a.m. CDT

Post an answer