Testing OIDC-NG

17 views
Skip to first unread message

Domingos Gonçalves

unread,
Sep 9, 2019, 7:14:41 AM9/9/19
to OpenConext Community
Hi,

we are performing tests on the new OIDC-NG on DEV environment but without success.

The components installed are:
  • OIDC-NG, version 1.0.0
  • OIDC-PLAYGROUND, version 1.0.1

Performing test on OIDC Playground:

OIDC_Playground_config_test.png



The configurations are based on the ansible OpenConext-deploy project but when we try to test the OIDC-NG using the Playground we have the following errors on the OIDC-NG log (/var/log/oidcng/oidcng.log)

2019-09-09 11:56:39,021 ERROR [http-nio-9195-exec-9] oidc.web.ErrorController:51 - Error has occurred: {timestamp=Mon Sep 09 11:56:39 WEST 2019, status=500, error=Internal Server Error, message=Result must not be null!, path=/oidc/authorize}
2019-09-09 11:56:39,023 ERROR [http-nio-9195-exec-9] oidc.web.ErrorController:57 - Exception in /error:
org
.springframework.dao.EmptyResultDataAccessException: Result must not be null!
        at org
.springframework.data.repository.core.support.MethodInvocationValidator.invoke(MethodInvocationValidator.java:102)
        at org
.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
        at org
.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
        at com
.sun.proxy.$Proxy104.findByClientId(Unknown Source)
        at sun
.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun
.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


On the browser the result is:

{"timestamp":"2019-09-09T10:56:39.020+0000","status":400,"error":"Result must not be null!","message":"Result must not be null!","path":"/oidc/authorize","details":"Result must not be null!"}


Any ideia about the reason for this error?

Did we need to configure OIDC-NG clients somewhere?

Regards,


Okke Harsta

unread,
Sep 9, 2019, 7:23:50 AM9/9/19
to openc...@googlegroups.com
Hi,

De error occurs because the client_id - configured in application.yml in the root folder op oidc-playground - does not exist. You can configure Relying Parties in manage and push them to oidc-ng.

Regards,
Okke

On 9 Sep 2019, at 13:14, Domingos Gonçalves <domingos....@gmail.com> wrote:

Hi,

we are performing tests on the new OIDC-NG on DEV environment but without success.

The components installed are:
  • OIDC-NG, version 1.0.0
  • OIDC-PLAYGROUND, version 1.0.1

Performing test on OIDC Playground:

<OIDC_Playground_config_test.png>



The configurations are based on the ansible OpenConext-deploy project but when we try to test the OIDC-NG using the Playground we have the following errors on the OIDC-NG log (/var/log/oidcng/oidcng.log)

2019-09-09 11:56:39,021 ERROR [http-nio-9195-exec-9] oidc.web.ErrorController:51 - Error has occurred: {timestamp=Mon Sep 09 11:56:39 WEST 2019, status=500, error=Internal Server Error, message=Result must not be null!, path=/oidc/authorize}
2019-09-09 11:56:39,023 ERROR [http-nio-9195-exec-9] oidc.web.ErrorController:57 - Exception in /error:
org
.springframework.dao.EmptyResultDataAccessException: Result must not be null!
        at org
.springframework.data.repository.core.support.MethodInvocationValidator.invoke(MethodInvocationValidator.java:102)
        at org
.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
        at org
.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
        at com
.sun.proxy.$Proxy104.findByClientId(Unknown Source)
        at sun
.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun
.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


On the browser the result is:

{"timestamp":"2019-09-09T10:56:39.020+0000","status":400,"error":"Result must not be null!","message":"Result must not be null!","path":"/oidc/authorize","details":"Result must not be null!"}


Any ideia about the reason for this error?

Did we need to configure OIDC-NG clients somewhere?

Regards,



--
OpenConext - Open For Collaboration
---
You received this message because you are subscribed to the Google Groups "OpenConext Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openconext+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openconext/c2d6e62c-fceb-4d4c-94d3-9cd742c55b26%40googlegroups.com.
<OIDC_Playground_config_test.png>

Domingos Gonçalves

unread,
Sep 9, 2019, 11:08:32 AM9/9/19
to OpenConext Community
Hi Okke,

Sorry but I'm a little bit lost o the last details to put running OIDC-NG and the OIDC-Playground. I believe we are all almost there!!

I presume we have the client_id well defined on file /opt/oidc-playground/application.yml . The config below are form the file, "attention" the  tags {{ ... }} are to avoid the to expose the passwords in place.

...

oidc
:
  discovery_endpoint
: "https://oidcng.dev.rctsaai.pt/oidc/.well-known/openid-configuration"
  client_id
: "playground_client"
  secret
: "{{ oidc_playground_secret }}"
  resource_server_id: "resource-server-playground-client"
  resource_server_secret
: "{{ oidc_playground_resource_server_secret }}"
  redirect_uri
: "https://oidc-playground.dev.rctsaai.pt/redirect"
  redirect_uri_form_post
: "https://oidc-playground.dev.rctsaai.pt/oidc/api/redirect"
  client_redirect_uri
: "https://oidc-playground.dev.rctsaai.pt/redirect"


Did we should have a file clientsAndResources.yml on the new OIDC-NG like we have on the old OIDC?

We have the Manage version 4.0.8 running and with "Service Provider - OIDC-NG" created with the following configs.

Manage_SP_OIDCNG_1.png


Manage_SP_OIDCNG_2.png


We didn't created an SP for OIDC Playground.

Regards,

Domingos Gonçalves


segunda-feira, 9 de Setembro de 2019 às 12:23:50 UTC+1, Okke Harsta escreveu:
Hi,

De error occurs because the client_id - configured in application.yml in the root folder op oidc-playground - does not exist. You can configure Relying Parties in manage and push them to oidc-ng.

Regards,
Okke

To unsubscribe from this group and stop receiving emails from it, send an email to openc...@googlegroups.com.

Okke Harsta

unread,
Sep 10, 2019, 1:36:19 AM9/10/19
to openc...@googlegroups.com
Hi Domingos,

The oidc-ng does NOT provision any RP’s in the database, so you’ll have to manually add the OICD RP playground_client in manage as well as the resource-server-playground-client RP marked with isResourceServer is true:


Note the new tab in Manage with OIDC Relying Parties - the OIDC counterpart of Service Providers. Also in manage you need to enable the push to oidc-ng. Below a snippet from the application.yml from manage with the feature toggles in bold:

push:
  eb:
    user: serviceregistry
    password: --
    name: SURFconext TEST2 EngineBlock
    exclude_edugain_imports: True
    exclude_oidc_rp: False
  oidc:
    user: manage
    name: OpenConext OIDC-NG
    password: --
    enabled: True

product:
  name: Manage
  organization: SURFconext TEST2
  service_provider_feed_url: http://mds.edugain.org/
  supported_languages: en,nl
  show_oidc_rp: True

There is still an open pivotal issue to add the oidc parts to the VM role: https://www.pivotaltracker.com/story/show/166673211.

Regards,
Okke

On 9 Sep 2019, at 17:08, Domingos Gonçalves <domingos....@gmail.com> wrote:

Hi Okke,

Sorry but I'm a little bit lost o the last details to put running OIDC-NG and the OIDC-Playground. I believe we are all almost there!!

I presume we have the client_id well defined on file /opt/oidc-playground/application.yml . The config below are form the file, "attention" the  tags {{ ... }} are to avoid the to expose the passwords in place.

...

oidc
:
  discovery_endpoint
: "https://oidcng.dev.rctsaai.pt/oidc/.well-known/openid-configuration"
  client_id
: "playground_client"
  secret
: "{{ oidc_playground_secret }}"
  resource_server_id: "resource-server-playground-client"
  resource_server_secret
: "{{ oidc_playground_resource_server_secret }}"
  redirect_uri
: "https://oidc-playground.dev.rctsaai.pt/redirect"
  redirect_uri_form_post
: "https://oidc-playground.dev.rctsaai.pt/oidc/api/redirect"
  client_redirect_uri
: "https://oidc-playground.dev.rctsaai.pt/redirect"


Did we should have a file clientsAndResources.yml on the new OIDC-NG like we have on the old OIDC?

We have the Manage version 4.0.8 running and with "Service Provider - OIDC-NG" created with the following configs.

<Manage_SP_OIDCNG_1.png>

To unsubscribe from this group and stop receiving emails from it, send an email to openconext+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openconext/d22d60b3-b7ba-4e5c-9b05-e18f09dcca9b%40googlegroups.com.
<Manage_SP_OIDCNG_1.png><Manage_SP_OIDCNG_2.png>

Domingos Gonçalves

unread,
Sep 10, 2019, 9:25:57 AM9/10/19
to OpenConext Community
Hi Okke,

The thing is... we can't see the TAB on Manage!!! We don't have the "OIDC Relying Parties" tab on Manage.

I tested the Manage version 4.0.1, 4.0.7 and at last 4.0.8 

The image bellow is from the version 4.0.8 recompiled to have the RCTSaai logo and Portuguese language for the metadata. The solo file changes on manage-server is manage-server/src/main/java/manage/format/EngineBlockFormatter.java to add PT metadata.

Manage-3.0.8.png




Our /opt/manage/application.yml configs:

...
features
: push, validation, push_preview, orphans
#features: push, validation, push_preview, orphans, find_my_data, bogus

push
:
  eb
:
    url
: https://engine-api.dev.rctsaai.pt/api/connections
    user
: serviceregistry
    password
: ...
    name
: RCTSaai DEV EngineBlock

    exclude_edugain_imports
: True
    exclude_oidc_rp: False
  oidc
:

    url
: http://oidcng.dev.rctsaai.pt/manage/connections
    user
: manage
    name
: RCTSaai OIDC-NG
    password
: ...

    enabled: True

product
:
  name
: Manage

  organization
: RCTSaai DEV
  service_provider_feed_url
: http://mds.edugain.org/
  supported_languages
: pt,en
  show_oidc_rp: True


metadata_configuration_path
: file:///opt/manage/metadata_configuration
metadata_templates_path
: file:///opt/manage/metadata_templates
metadata_exports_path
: file:///opt/manage/metadata_export
migrate_data_from_janus
: false


Checking the log on /var/log/manage/manage.log and put the logback.xml to DEBUG we can application reading values from application.xml config file. I made a grep to chow 


2019-09-10 14:08:27,206 DEBUG [main] o.s.c.a.ClassPathBeanDefinitionScanner:294 - Identified candidate component class: URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/Config.class]
2019-09-10 14:08:28,829 DEBUG [main] o.s.c.a.ConfigurationClassBeanDefinitionReader:262 - Registering bean definition for @Bean method manage.oidc.Config.openIdConnect()
2019-09-10 14:08:30,022 DEBUG [main] o.s.c.a.ConfigurationClassEnhancer:112 - Successfully enhanced manage.oidc.Config; enhanced class name is: manage.oidc.Config$$EnhancerBySpringCGLIB$$1650b151
2019-09-10 14:08:30,023 DEBUG [main] o.s.c.a.ConfigurationClassPostProcessor:396 - Replacing bean definition 'config' existing class 'manage.oidc.Config' with enhanced class 'manage.oidc.Config$$EnhancerBySpringCGLIB$$1650b151'
2019-09-10 14:08:33,808 DEBUG [main] o.s.c.i.s.PathMatchingResourcePatternResolver:510 - Resolved location pattern [classpath*:manage/**/*.class] to resources [URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/repository/MetaDataRepository.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/JacksonConfiguration.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/CsrfTokenResponseHeaderBindingFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/PreemptiveAuthenticationHttpComponentsClientHttpRequestFactory.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/CsrfProtectionMatcher.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/SessionAliveFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/BasicAuthenticationManager.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/FederatedUserHandlerMethodArgumentResolver.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/APIUserHandlerMethodArgumentResolver.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer$SecurityConfigurationAdapter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer$MvcConfig.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer$InternalSecurityConfigurationAdapter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/FederatedUser.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/mock/MockShibbolethFilter$SetHeader.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/mock/MockShibbolethFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/ShibbolethUserDetailService.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OpenIdConnectMock.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OpenIdConnect.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/Config.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/Client.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OidcClient.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OpenIdConnectService.class]

.
..
...

2019-09-10 14:08:34,805 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.url' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:34,806 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.url' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:34,806 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.name' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:34,806 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.name' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:35,974 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.url' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:35,974 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.url' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:35,975 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.user' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:35,975 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.user' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:35,975 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.password' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:35,976 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.password' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:35,976 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.enabled' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type Boolean
2019-09-10 14:08:35,976 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'push.oidc.enabled' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:36,504 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.feature' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type Boolean
2019-09-10 14:08:36,504 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.feature' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:36,505 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.user' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:36,505 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.user' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:36,506 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.password' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:36,506 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.password' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:36,506 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.url' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:36,508 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.url' in PropertySource 'environmentProperties' with value of type String
2019-09-10 14:08:39,517  INFO [main] com.github.mongobee.Mongobee:188 - [ChangeSet: id=createOIDCSchema, author=Okke Harsta, changeLogClass=manage.mongo.MongobeeConfiguration, changeSetMethod=createOIDCSchema] passed over
2019-09-10 14:08:36,543 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.acsLocation' in PropertySource 'applicationConfig: [file:./application.yml]' with value of type String
2019-09-10 14:08:36,543 DEBUG [main] o.s.c.e.PropertySourcesPropertyResolver:152 - Found key 'oidc.acsLocation' in PropertySource 'environmentProperties' with value of type String.

Thanks,

Domingos Gonçalves



To view this discussion on the web visit https://groups.google.com/d/msgid/openconext/d22d60b3-b7ba-4e5c-9b05-e18f09dcca9b%40googlegroups.com.
<Manage_SP_OIDCNG_1.png><Manage_SP_OIDCNG_2.png>

Okke Harsta

unread,
Sep 10, 2019, 10:07:43 AM9/10/19
to openc...@googlegroups.com
Hi,

The only thing I can think of is that the OIDC schema configuration is missing from the metadata_configuration_path configured in the application.yml. More precise for OIDC to work in Manage you need to have the following files in these configuration directories defined in application.yml:

metadata_configuration_path:
file: oidc10_rp.schema.json
metadata_templates_path:
file: oidc10_rp.template.json

Example files can be found here: https://github.com/OpenConext/OpenConext-manage/tree/master/manage-server/src/main/resources. The logic to show / hide the tab is very simple and you can even debug it in the DevTools in the browser to see what goed wrong. See. https://github.com/OpenConext/OpenConext-manage/blob/master/manage-gui/src/pages/Search.jsx#L21

Regards,
Okke

On 10 Sep 2019, at 15:25, Domingos Gonçalves <domingos....@gmail.com> wrote:

Hi Okke,

The thing is... we can't see the TAB on Manage!!! We don't have the "OIDC Relying Parties" tab on Manage.

I tested the Manage version 4.0.1, 4.0.7 and at last 4.0.8 

The image bellow is from the version 4.0.8 recompiled to have the RCTSaai logo and Portuguese language for the metadata. The solo file changes on manage-server is manage-server/src/main/java/manage/format/EngineBlockFormatter.java to add PT metadata.

2019-09-10 14:08:33,808 DEBUG [main] o.s.c.i.s.PathMatchingResourcePatternResolver:510 - Resolved location pattern [classpath*:manage/**/*.class] to resources [URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/repository/MetaDataRepository.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/JacksonConfiguration.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/CsrfTokenResponseHeaderBindingFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/PreemptiveAuthenticationHttpComponentsClientHttpRequestFactory.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/CsrfProtectionMatcher.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/SessionAliveFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/BasicAuthenticationManager.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/FederatedUserHandlerMethodArgumentResolver.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/APIUserHandlerMethodArgumentResolver.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer$SecurityConfigurationAdapter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer$MvcConfig.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/web/WebSecurityConfigurer$InternalSecurityConfigurationAdapter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/FederatedUser.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/mock/MockShibbolethFilter$SetHeader.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/mock/MockShibbolethFilter.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/shibboleth/ShibbolethUserDetailService.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OpenIdConnectMock.class],URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OpenIdConnect.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/Config.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/Client.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OidcClient.class], URL [jar:file:/opt/manage/manage-server-4.0.1.jar!/BOOT-INF/classes!/manage/oidc/OpenIdConnectService.class]
To unsubscribe from this group and stop receiving emails from it, send an email to openconext+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openconext/67d426ca-4226-43b6-bf90-d31b3537f412%40googlegroups.com.
<Manage-3.0.8.png>

Domingos Gonçalves

unread,
Sep 11, 2019, 7:00:21 AM9/11/19
to OpenConext Community
Hi,

finally we have the tab "OIDC RELYING PARTIES" on Manage. It was the files oidc10_rp.schema.json and oidc10_rp.template.json that were missing on the configurations.

But we have two another issue. I will continue analyzing the configs.

Even so the errors are:

ERROR 1

When we activate the push for OIDC. I'm gonna review some other configurations. The error occur when we Push Metadata on manage.

2019-09-11 11:41:31,867  INFO [main] manage.Application:57 - Started Application in 14.546 seconds (JVM running for 15.75)
2019-09-11 11:41:53,402 ERROR [http-nio-9393-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet]:182 - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.client.HttpClientErrorException: 400 ] with root cause
org
.springframework.web.client.HttpClientErrorException: 400
        at org
.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:85)
        at org
.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:708)



ERROR 2

Creating the Playground_client when we press on Metadata tab.

Manage_with_OIDC_tab.png

 
Create new "OIDC Relaying Parties"


Manage_Create_playground_client error.png






terça-feira, 10 de Setembro de 2019 às 15:07:43 UTC+1, Okke Harsta escreveu:
Hi,

The only thing I can think of is that the OIDC schema configuration is missing from the metadata_configuration_path configured in the application.yml. More precise for OIDC to work in Manage you need to have the following files in these configuration directories defined in application.yml:

metadata_configuration_path:
file: oidc10_rp.schema.json
metadata_templates_path:
file: oidc10_rp.template.json

Example files can be found here: https://github.com/OpenConext/OpenConext-manage/tree/master/manage-server/src/main/resources. The logic to show / hide the tab is very simple and you can even debug it in the DevTools in the browser to see what goed wrong. See. https://github.com/OpenConext/OpenConext-manage/blob/master/manage-gui/src/pages/Search.jsx#L21

Regards,
Okke

Okke Harsta

unread,
Sep 11, 2019, 7:22:52 AM9/11/19
to openc...@googlegroups.com
Hi,

The first error is probably - would need the full stack trace to be sure - due to the misconfiguration of the following properties in application.yml:

push:
  eb:
    name: OpenConext EngineBlock
    user: user
    password: xxx
    exclude_edugain_imports: true
    exclude_oidc_rp: false
  oidc:
    user: manage
    name: OpenConext OIDC-NG
    password: xxx
    enabled: true

The url of iidc must be a running OpenConext-oidcng server. And the second error can be related to the version you are running. I have deployed version 4.0.8 of Manage to https://build.openconext.org/repository/public/releases. Could you try again with that version?

Regards,
Okke

On 11 Sep 2019, at 13:00, Domingos Gonçalves <domingos....@gmail.com> wrote:

Hi,

finally we have the tab "OIDC RELYING PARTIES" on Manage. It was the files oidc10_rp.schema.json and oidc10_rp.template.json that were missing on the configurations.

But we have two another issue. I will continue analyzing the configs.

Even so the errors are:

ERROR 1

When we activate the push for OIDC. I'm gonna review some other configurations. The error occur when we Push Metadata on manage.

2019-09-11 11:41:31,867  INFO [main] manage.Application:57 - Started Application in 14.546 seconds (JVM running for 15.75)
2019-09-11 11:41:53,402 ERROR [http-nio-9393-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet]:182 - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.client.HttpClientErrorException: 400 ] with root cause
org
.springframework.web.client.HttpClientErrorException: 400
        at org
.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:85)
        at org
.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:708)



ERROR 2

Creating the Playground_client when we press on Metadata tab.

<Manage_with_OIDC_tab.png>

 
Create new "OIDC Relaying Parties"


To unsubscribe from this group and stop receiving emails from it, send an email to openconext+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openconext/5a5c3f50-cbee-4e36-bc07-abd3472127c2%40googlegroups.com.
<Manage_with_OIDC_tab.png><Manage_Create_playground_client error.png>

Reply all
Reply to author
Forward
0 new messages