Authentication with Open ID Connect using Gluu not working on Next Cloud

By: Simran Kaur maan Mann user 11 Aug 2020 at 5:22 a.m. CDT

7 Responses
Simran Kaur maan Mann gravatar
Hey, I've installed Gluu server and Nextcloud on another server. I'm trying to authenticate my nextcloud with my Gluu instance using OpenID Connect. The Next cloud version is 17.0.1. For this, I am using a Social Login Plugin for Next Cloud. I have configured an openID Client on The Gluu server with the following details: ``` Client ID:XXXXX Client Secret: XXXXX Redirect URI:https://HOSTNAME/index.php/apps/sociallogin/custom_oidc/Gluu_SSO Scopes: openid email user_name Response_type: code id_token Grant_types: authorization_code Authentication method for the Token Endpoint: client_secret_basic Subject type: pairwise Include Claims In Id Token: True ``` On clicking the login button it takes me to the gluu server and then after entering the credentials it redirects back to nextcloud gives this error: > Error Unable to exchange code for API access token. HTTP error 401. Raw Provider API response: { "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.", "error": "invalid_client" }. We are not using oxd plugin as gluu has removed the support for the plugin. Please do let me know if any more info is required.
Debian 10.0
closed

Answers

By Mohit Mali staff 11 Aug 2020 at 5:29 a.m. CDT

Copy
Mohit Mali gravatar
Hi Simran, Thanks for reaching out gluu support , gluu have its own plugin for nextcloud but its not tested with latest nextcloud version can you give it try and also post the outcome here. ```https://gluu.org/docs/oxd/3.1.2/plugin/nextcloud/``` also can you please post the logs here for your above problem. thanks and regards Mohit Mali

By Simran Kaur maan Mann user 11 Aug 2020 at 7:46 a.m. CDT

Copy
Simran Kaur maan Mann gravatar
Hey Mohit, Actually, we are avoiding using oxd and the plugin as gluu doesn't supports the plugin anymore. So we just want to implement a normal OIDC flow. Can you specify which logs you will be needing? Do you want gluu logs or the nextcloud logs?

By Mohit Mali staff 12 Aug 2020 at 6:20 a.m. CDT

Copy
Mohit Mali gravatar
Hi Simran, I will need gluu logs, Please provide logs . Thanks and Regards Mohit Mali

By Simran Kaur maan Mann user 17 Aug 2020 at 10:19 a.m. CDT

Copy
Simran Kaur maan Mann gravatar
Here's oxauth log snippet ``` 2020-08-17 15:14:57,073 INFO [qtp665576141-10] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:684) - Attempting to redirect user: SessionUser: SessionId {dn='oxId=f1a8f5bb-d2f6-41b2-820d-66f006bbbee2,ou=sessions,o=gluu', id='f1a8f5bb-d2f6-41b2-820d-66f006bbbee2', lastUsedAt=Mon Aug 17 15:14:57 UTC 2020, userDn='inum=1d686b5c-225c-4f7c-ae34-83c10c7b83d5,ou=people,o=gluu', authenticationTime=Mon Aug 17 15:14:57 UTC 2020, state=authenticated, sessionState='00e981bf09bc48adf1a3e1242eb9049c03cf20e3e2f30f5d616d0e27c599f847.c874bcec-c0a8-4324-9b28-934f0bf29603', permissionGranted=null, isJwt=false, jwt=null, permissionGrantedMap=SessionIdAccessMap{permissionGranted={ 71fb07d1-2f01-459e-b811-c56b96de12d9=false}}, sessionAttributes={auth_step=1, acr=simple_password_auth, remote_ip=116.73.250.170, auth_external_attributes=null, opbs=092bb0fc-5b93-4cb9-9691-c8da925cafec, scope=openid email user_name, response_type=code, redirect_uri=https://cloud.odat.xyz/index.php/apps/sociallogin/custom_oidc/Gluu_SSO, state=HA-IFVZHWJDNC4BE7RPX20AL5G19OT6QK3SMY8U, client_id= 71fb07d1-2f01-459e-b811-c56b96de12d9, auth_user=admin}, persisted=true} 2020-08-17 15:14:57,073 INFO [qtp665576141-10] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:692) - Attempting to redirect user: User: org.gluu.oxauth.model.common.User@f64629d 2020-08-17 15:14:57,078 INFO [qtp665576141-10] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:432) - Authentication success for User: 'admin' 2020-08-17 15:15:03,760 INFO [qtp665576141-13] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:276) - Authentication success for Client: '1501.e93b84fe-b868-42d6-97de-c38f9390ca20' ```

By Mohib Zico Account Admin 21 Aug 2020 at 11:09 a.m. CDT

Copy
Mohib Zico gravatar
Simran, Do you see any ERROR log in the snippet you [shared](https://support.gluu.org/single-sign-on/8680/authentication-with-open-id-connect-using-gluu-not-working-on-next-cloud/#at62988)? Please search for ERROR or at least get something from DEBUG. Documentation is available there on how to enable DEBUG logging. A proper way of troubleshooting is: - Start tailing log. - Test in Web browser. - See what you are getting in log/s.

By Yunus Raza user 26 Aug 2020 at 2:49 a.m. CDT

Copy
Yunus Raza gravatar
I have the same issue but instead of Nextcloud i am using Netscaler. It looks like when Gluu is responding back with succesful authentication its not sending whats needed on the other side. I guess something needs to be set in the client setting in Gluu.

By Simran Kaur maan Mann user 27 Aug 2020 at 11:46 p.m. CDT

Copy
Simran Kaur maan Mann gravatar
There are no error errors present in the oxauth logs. In fact, as you can see in the logs > Authentication success for Client: '1501.e93b84fe-b868-42d6-97de-c38f9390ca20' the authentication gets completed on gluu's end. But I am getting an error on the Next Cloud. PLease find an image of the error attached.
Video or screenshot link

Post an answer