TUI suddenly no longer validates so IDS locked up

[BainMcKay]

I was using Janssen the last 2 days - no issues. Something happened overnight. No one using it but me. Janssen no longer validates the device.

To use my Wordpress app, I need to log in to Janssen, through an app login form. Now it won't log me in. Janssen says I need to authorize the device I am on, which I've done many times before. But now it either says [the logged on user (do) not have valid role] (there is a typo (do) on that message). Or it says, [unable to get access token]. I think that latter is because it invalidated my logon user. I can't seem to get out of the loop. And unless I validate the device, I can't access the TUI or CLI. SO I am stuck again.

Any ideas?

[nynymike]

Did you try clearing the cookies on your browser for both the RP hostname and Auth Server's hostname?

When asking questions like this, you should always show the authorize request details and the corresponding logs in Auth Server. Remember, this forum is for quesitons about the OP--not the RP or the browser.

[BainMcKay]

I cleared browser cache (cookies included),

Where so I find instructions to clear OP cache?

[nynymike]

Server Sessions expire automatically. What about the logs. There is no question here until you post a valid description of the request to the server and the unexpected server response.

[BainMcKay]

Here is jans-auth.log

2023-12-29 02:22:37,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:22:37,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:23:07,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:23:07,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:23:37,439 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:23:37,439 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:23:54,421 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.agama.timer.FlowRunsCleaner] (FlowRunsCleaner.java:65) - Flows cleaner timer has run. 0 runs removed
2023-12-29 02:24:07,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:24:07,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:24:36,945 INFO [qtp1260134048-20] 5d360c9e-ba53-4552-b000-4155b3428c93 [io.jans.as.server.auth.Authenticator] (Authenticator.java:301) - Authentication success for Client: '2000.23950760-a5d4-4784-88ee-7aa587d6ba87'
2023-12-29 02:24:36,956 WARN [qtp1260134048-20] aec0694a-a8c4-4569-8f55-7495ad2eea10 [io.jans.as.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:236) -
WARNING! Key will expire soon, alias: connect_5716422e-7f91-4d44-8a71-4be2975a9684_sig_rs256
Expires On: 2023-12-28 22:37:54
Today's Date: 2023-12-29 02:24:36
2023-12-29 02:24:37,057 INFO [qtp1260134048-18] bee25bb2-530c-47b2-8d14-fbe7403ae1ad [io.jans.as.server.auth.Authenticator] (Authenticator.java:301) - Authentication success for Client: '2000.23950760-a5d4-4784-88ee-7aa587d6ba87'
2023-12-29 02:24:37,091 INFO [qtp1260134048-18] 9c5f6156-81a6-44d2-94b8-f4283d5b2a8e [as.server.authorize.ws.rs.DeviceAuthorizationRestWebServiceImpl] (DeviceAuthorizationRestWebServiceImpl.java:126) - Device authorization flow initiated, userCode: MQVB-QKLP, deviceCode: 2eb627a7f0dc59611e714c037a590f6e3ed32ff97432f29a, clientId: 2000.23950760-a5d4-4784-88ee-7aa587d6ba87, verificationUri: https://do-gluu.kayviumdev.com/device-code, expiresIn: 1800, interval: 5, scopes: [openid, profile, offline_access, email]
2023-12-29 02:24:37,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:24:37,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:25:07,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:25:07,440 INFO [ForkJoinPool.commonPool-worker-1] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:25:24,421 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.agama.timer.FlowRunsCleaner] (FlowRunsCleaner.java:65) - Flows cleaner timer has run. 0 runs removed
2023-12-29 02:25:25,199 INFO [qtp1260134048-19] a43b3c83-65a8-4a18-9b0e-d7a2232b5493 [as.server.authorize.ws.rs.DeviceAuthorizationAction] (DeviceAuthorizationAction.java:95) - Processing device authorization page request, userCode: null, code: null, sessionId: null, state: null, sessionState: null, error: null, errorDescription: null
2023-12-29 02:25:37,441 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:25:37,441 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:26:03,905 INFO [qtp1260134048-18] fc3a0c37-8659-433b-818c-57b2953a4f55 [as.server.authorize.ws.rs.DeviceAuthorizationAction] (DeviceAuthorizationAction.java:253) - Redirecting to authorization code flow to process device authorization, data: DeviceAuthorizationCacheControl{userCode='MQVB-QKLP', deviceCode='2eb627a7f0dc59611e714c037a590f6e3ed32ff97432f29a', client=DeletableEntity{expirationDate=null, deletable=false} BaseEntry [dn=inum=2000.23950760-a5d4-4784-88ee-7aa587d6ba87,ou=clients,o=jans], scopes=[openid, profile, offline_access, email], verificationUri='https://do-gluu.kayviumdev.com/device-code', expiresIn=1800, interval=5, lastAccessControl=1703816677069, status=PENDING}
2023-12-29 02:26:07,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:26:07,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:26:07,917 INFO [qtp1260134048-22] 0a2853cf-b3d1-488a-93dd-c1693871d081 [io.jans.as.server.service.AuthenticationService] (AuthenticationService.java:751) - Attempting to redirect user: SessionUser: ebe20616-7a5a-47fd-bca9-56f0feb88c98
2023-12-29 02:26:07,917 INFO [qtp1260134048-22] 0a2853cf-b3d1-488a-93dd-c1693871d081 [io.jans.as.server.service.AuthenticationService] (AuthenticationService.java:759) - Attempting to redirect user: User: BaseEntry [dn=inum=44e3544b-ea0a-43c0-8914-ea4f53451c51,ou=people,o=jans]
2023-12-29 02:26:07,918 INFO [qtp1260134048-22] 0a2853cf-b3d1-488a-93dd-c1693871d081 [io.jans.as.server.auth.Authenticator] (Authenticator.java:473) - Authentication success for User: 'AyannaCCREEE'
2023-12-29 02:26:08,134 INFO [qtp1260134048-22] 21cfa245-2045-421c-8736-dd5a63054214 [as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl] (AuthorizeRestWebServiceImpl.java:1042) - Granted device authorization request, user_code: MQVB-QKLP, device_code: 2eb627a7f0dc59611e714c037a590f6e3ed32ff97432f29a, grant_id: 0a0aee95-939b-4501-aac4-dfaed2b30034
2023-12-29 02:26:08,213 INFO [qtp1260134048-18] 90eb4bf2-deca-49fe-a380-f134873010b9 [as.server.authorize.ws.rs.DeviceAuthorizationAction] (DeviceAuthorizationAction.java:95) - Processing device authorization page request, userCode: null, code: 5d4a20c2-ff1f-44be-81d0-2bf4979a64c0, sessionId: null, state: 286921f8-6cce-4dce-bea7-f2da23de4c18, sessionState: 2555b85f4ab9bf53eee2f1f1fdda52d191c5e4b28649f6c1f8504654a3bde3d2.31718544-78ac-44eb-bbf9-82a443e950e2, error: null, errorDescription: null
2023-12-29 02:26:37,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:26:37,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:26:49,814 INFO [qtp1260134048-24] f3b13ebe-5de3-40de-9ed1-09e334726e6f [io.jans.as.server.auth.Authenticator] (Authenticator.java:301) - Authentication success for Client: '2000.23950760-a5d4-4784-88ee-7aa587d6ba87'
2023-12-29 02:26:49,828 WARN [qtp1260134048-24] b3689910-1bfd-4e9b-92aa-dd0dcd604d57 [io.jans.as.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:236) -
WARNING! Key will expire soon, alias: connect_5716422e-7f91-4d44-8a71-4be2975a9684_sig_rs256
Expires On: 2023-12-28 22:37:54
Today's Date: 2023-12-29 02:26:49
2023-12-29 02:26:49,837 WARN [qtp1260134048-24] b3689910-1bfd-4e9b-92aa-dd0dcd604d57 [io.jans.as.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:236) -
WARNING! Key will expire soon, alias: connect_5716422e-7f91-4d44-8a71-4be2975a9684_sig_rs256
Expires On: 2023-12-28 22:37:54
Today's Date: 2023-12-29 02:26:49
2023-12-29 02:26:49,849 INFO [qtp1260134048-24] b3689910-1bfd-4e9b-92aa-dd0dcd604d57 [as.server.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:518) - Device authorization in token endpoint processed and return to the client, device_code: 2eb627a7f0dc59611e714c037a590f6e3ed32ff97432f29a
2023-12-29 02:26:49,892 WARN [qtp1260134048-22] d19e6fc2-15f1-4464-862a-5e05eb301441 [io.jans.as.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:236) -
WARNING! Key will expire soon, alias: connect_5716422e-7f91-4d44-8a71-4be2975a9684_sig_rs256
Expires On: 2023-12-28 22:37:54
Today's Date: 2023-12-29 02:26:49
2023-12-29 02:26:54,421 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.agama.timer.FlowRunsCleaner] (FlowRunsCleaner.java:65) - Flows cleaner timer has run. 0 runs removed
2023-12-29 02:27:07,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:27:07,441 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-29 02:27:37,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-29 02:27:37,440 INFO [ForkJoinPool.commonPool-worker-3] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found

============================
I get that log on trying to valdiate the device on which Janssen is running.

[nynymike]

How old is this server?

WARNING! Key will expire soon, alias: connect_5716422e-7f91-4d44-8a71-4be2975a9684_sig_rs256
Expires On: 2023-12-28 22:37:54
Today's Date: 2023-12-29 02:26:49

In the VM deploy, we don't do key rotation.

[nynymike]

@devrimyatar can you consider this? Perhaps in the VM install we should push out the default key expiration to a century?

[BainMcKay]

I use Namecheap subdomains for SSL and that's controlled. There is a certificate PKI that get created as part of Janssen install. I think this is the tension. I remap to the Namecheap SSL, which provides both Https access and Jansen secure access. Is there a policy document on how this should be handled. If not, I am happy to create one, but I need some guidance, so I get it right.

[nynymike]

VM is for development purposes only. What would be the purpose of this?

[BainMcKay]

For Development. It's a development environment. On production apache gets disabled.

Currently I'm just trying to gat back to GLUU 4.2,2 stable state, and then build on that

[BainMcKay]

I keep getting line noise (screenshot) when I try to work on the vm. Is this TUI, or just a dirty Internet connection? Not sure when this started. It seems to start when I have TUI open on one SSH session and commandline open on another, on the same VM

I disable Apache and reboot. then I try to load Jans-cli. and I get this (trying to display the clients in TUI). When I try display all (blank search). I get this:

When I hit return I get this the TUI screen. I try to display clients (search), i

It's displaying messages at bottom of the screen trying to load clients.. if I CRTL C and go back in TUI, I get the TUI screen I get a fresh TUI home view. But if I try to list all clients again, it does the same thing. This was fully functional and configured. it was working great. I need to figure out why it went into this state do I can resolve if it happens again. This is key if it happens n a customer account

[nynymike]

I think its a problem with the ssh session

[BainMcKay]

Ok Tx. Im maxing the speed, so could be something with cable head. Will call my ISP.

[BainMcKay]

Is it a problem if I keep Apache enabled during Janssen usage? Could this have caused the issue?

I'll create one whiteout enabling apache at all, to see if that makes a difference

[BainMcKay]

TeST:

• I install Janssen with no Apache server installed ( it gets installed as part of of the Janssen package). Upon completion off Janssen installer (it installs cleanly - without issue), I started TUI. It asked to Verify the device, providing the html FQDN address I need enter into the browser to raise the verification page. The FQDN was created in Namecheap. I entered the FQDN in the browser and it does not recognize the address because it needs an apache server instance and a path to SSL certificate, as mapped through the apache site adaptor. So from this I assume Apache (or nGinx et al) must be installed to map the https to the site to validate the device as secure , or you can't use TUI, CLI or API. And from that, given how clean the installation was, I am assuming you install Janssen first, then you add the site adaptor to that apache server site adaptor (https_jans.conf), replacing

SSLCertificateFile /etc/certs/httpd.crt
SSLCertificateKeyFile /etc/certs/httpd.key

with something like

SSLCertificateFile /etc/site_certificates/[FQDN]/[FQDN].crt
SSLCertificateKeyFile /etc/site_certificates/[FQDN]/name.key
SSLCertificateChainFile /etc/site_certificates/[FQDN]/[FQDN].ca-bundle

And as such, the Apache site adaptor is no longer pointing to

SSLCertificateFile /etc/certs/httpd.crt
SSLCertificateKeyFile /etc/certs/httpd.key

And from this I assume it doesn't matter once it's installed. it's not using the Apache sit adaptor anymore. it's mapped within Janssen.

And from this I assume, you can disable apache once Janssen is installed and configured, unless you have to reconfigure it. So if you need to reconfigure it and it asks to reverify the device, which it will because the sever can time out (pervious guidance?), then you need to as2ensite https_jans.conf.

Lots of assumptions so far that I could have fallen of the path. But assuming I am correct, would we not just leave https_jans.conf enabled, so we can CRUD users, since users need be added through TUI, CLI or API. All which require device validation, which can time out.

This is where I am stuck. Anyone who can she some light, much appreciate.

One further item. If the PKI key for the site can expire, if you don't use LetsEncrypt certbot for 90 day refresh for example, could you not just use openssl to regenerate it...isn't openssl being used in the installation process, such that you can define the life of the key?

.

[BainMcKay]

I got it...

So, at least on DigitalOcean, where I am using an external FQDN (from Namecheap), I must install on a totally clean server. No apache. Nothing. Janssen installs in default config, with FQDN the Namecheap domain name. Then I download the SSL, key and CSR files for the namecheap SSL into a folder. Once that's done, I a2ensite default-ssl.conf . Then I edit default-ssl.conf and http_jans.conf and replace the cert mapping to the namecheap ssl files. And I edit default-ssl.conf and add the Servername as FQDN . Now I can validate the TUI. That's the only way it works. So with that done, if default-ssl.conf is not left enabled, how can the Janssen oidc client https reroutes work to the Janssen Server? I expect the default-ssl.conf needs remain up.

So after all this, I think this is the cleanest path, where the site is on DigitalOcean, where I need an external domain name for the Janssen Server, and where I need to validate the device on which TUI is running.

Please feel free to point out my errors. At least I am up again.

[BainMcKay]

Further to this, it won't log in, stating that the redirect URI's different. But they don't. The jans-auth.log shows this error.

Anyone know how I can resolve this?

023-12-31 12:21:51,867 INFO [Thread-7832] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-31 12:21:51,867 INFO [Thread-7832] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-31 12:22:21,867 INFO [Thread-7849] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-31 12:22:21,867 INFO [Thread-7849] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-31 12:22:40,864 INFO [Thread-7860] [io.jans.agama.timer.FlowRunsCleaner] (FlowRunsCleaner.java:65) - Flows cleaner timer has run. 0 runs removed
2023-12-31 12:22:51,867 INFO [Thread-7863] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2023-12-31 12:22:51,867 INFO [Thread-7863] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2023-12-31 12:23:10,802 ERROR [Thread-7871] [io.jans.as.server.service.CleanerTimer] (CleanerTimer.java:210) - Failed to perform clean up.
io.jans.orm.exception.EntryDeleteException: Failed to delete entries with baseDN: ou=archived_jwks,o=jans, filter: (&(&(objectClass=jansArchJwk))(&(del=true)(exp<=20231231122310.799Z)))
at io.jans.orm.ldap.impl.LdapEntryManager.remove(LdapEntryManager.java:348) ~[jans-orm-ldap-1.0.21.jar:?]
at jdk.internal.reflect.GeneratedMethodAccessor89.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-4.0.3.Final.jar:4.0.3.Final]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-4.0.3.Final.jar:4.0.3.Final]
at io.jans.orm.PersistenceEntryManager$EntityManager$2057902728$Proxy$_$$WeldClientProxy.remove(Unknown Source) ~[jans-orm-core-1.0.21.jar:?]
at io.jans.as.server.service.CleanerTimer.cleanup(CleanerTimer.java:206) ~[classes/:?]
at io.jans.as.server.service.CleanerTimer$Proxy$$$WeldSubclass.cleanup(Unknown Source) ~[classes/:?]
at io.jans.as.server.service.CleanerTimer.processImpl(CleanerTimer.java:164) ~[classes/:?]
at io.jans.as.server.service.CleanerTimer$Proxy$$$WeldSubclass.processImpl(Unknown Source) ~[classes/:?]
at io.jans.as.server.service.CleanerTimer.process(CleanerTimer.java:115) ~[classes/:?]
at io.jans.as.server.service.CleanerTimer$Proxy$$$_WeldSubclass.process$$super(Unknown Source) ~[classes/:?]
at jdk.internal.reflect.GeneratedMethodAccessor116.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) ~[weld-core-impl-4.0.3.Final.jar:4.0.3.Final]
at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) ~[weld-core-impl-4.0.3.Final.jar:4.0.3.Final]
at io.jans.service.cdi.async.AsynchronousInterceptor$1.get(AsynchronousInterceptor.java:42) ~[jans-core-service-1.0.21.jar:?]
at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) ~[?:?]
at java.lang.Thread.run(Thread.java:840) ~[?:?]
Caused by: io.jans.orm.exception.operation.SearchException: Failed to scroll to specified start
at io.jans.orm.ldap.operation.impl.LdapOperationServiceImpl.searchImpl(LdapOperationServiceImpl.java:385) ~[jans-orm-ldap-1.0.21.jar:?]
at io.jans.orm.ldap.operation.impl.LdapOperationServiceImpl.search(LdapOperationServiceImpl.java:271) ~[jans-orm-ldap-1.0.21.jar:?]
at io.jans.orm.ldap.impl.LdapEntryManager.remove(LdapEntryManager.java:345) ~[jans-orm-ldap-1.0.21.jar:?]
... 20 more
Caused by: com.unboundid.ldap.sdk.LDAPSearchException: The search base entry 'ou=archived_jwks,o=jans' does not exist
at com.unboundid.ldap.sdk.LDAPCo^C

[nynymike]

Where did you diverge from the install instructions?

[BainMcKay]

If by that you mean I didn't, that's good. The ambiguity for me was how do I work with Namecheap ssl, and how do I validate the device if no https access (per developer discussion). I would say in the past, I did not have a totally clean VM. It came preconfigured with LAMP or openDJ. Your configuration guidance on openID oauth is a little different than what we use on GLUU. I provide my openID config json below, anonymized with FQDN and *, in case I missed something there.

So it looks good, I think, except the redirect_uri mismatch. But if I compare them, they are exactly the same. So I look at the log and saw the java orm error. Perhaps that's causing the redirect_url path failure? (I know that in GLUU, trailing spaces can cause a mismatch or misplaced trailing "/")

cat wordpress-client_2.txt
{
"dn": "inum=,ou=clients,o=jans",
"deletable": false,
"clientSecret": "",
"frontChannelLogoutUri": "https://FQDN/logout.php, https://FQDN/logout.php",
"frontChannelLogoutSessionRequired": false,
"redirectUris": [
"https://FQDN/wp-admin/admin-ajax.php?action=openid-connect-authorize"
],
"responseTypes": [
"code"
],
"grantTypes": [
"authorization_code"
],
"applicationType": "web",
"clientName": "Wordpress",
"clientNameLocalized": {},
"logoUriLocalized": {},
"clientUriLocalized": {},
"policyUriLocalized": {},
"tosUriLocalized": {},
"sectorIdentifierUri": "`",
"subjectType": "pairwise",
"tokenEndpointAuthMethod": "client_secret_post",
"postLogoutRedirectUris": [
"https://FQDN/wp-login.php?loggedout=true&wp_lang=en_US"
],
"scopes": [
"inum=764C,ou=scopes,o=jans",
"inum=F0C4,ou=scopes,o=jans",
"inum=43F1,ou=scopes,o=jans",
"inum=C4F6,ou=scopes,o=jans"
],
"trustedClient": false,
"persistClientAuthorizations": false,
"includeClaimsInIdToken": false,
"customAttributes": [],
"customObjectClasses": [
"top"
],
"rptAsJwt": false,
"accessTokenAsJwt": false,
"disabled": false,
"attributes": {
"runIntrospectionScriptBeforeJwtCreation": false,
"keepClientAuthorizationAfterExpiration": false,
"allowSpontaneousScopes": false,
"backchannelLogoutUri": [
" "
],
"backchannelLogoutSessionRequired": false,
"parLifetime": 600,
"requirePar": false,
"dpopBoundAccessToken": false,
"jansDefaultPromptLogin": false,
"minimumAcrLevel": -1
},
"backchannelTokenDeliveryMode": "poll",
"backchannelUserCodeParameter": false,
"description": "Wordpress",
"displayName": "Wordpress",
"authenticationMethod": "client_secret_post",
"allAuthenticationMethods": [
"client_secret_post"
],
"baseDn": "inum=*****,ou=clients,o=jans",
"inum": "**********"
}

[BainMcKay]

I cannot find a difference in the redirect _uri to the registered one in Janssen. I took the redirect_uri from TUI, and the redirect url from the login page that complained about them not matching, using [Browser/Inspect/Network/Headers/redirect_uri], and compared them in a plain text document. They are exactly the same. The OpenID properties are the same (see the Json). I'm stuck again.

From Janssen TUI OpenID:
https://FQDN/wp-admin/admin-ajax.php?action=openid-connect-authorize

From the Browser URL that complained about them not being equal
https://FQDN/wp-admin/admin-ajax.php?action=openid-connect-authorize

Any ideas what I can do next?

[nynymike]

Check frontChannelLogoutUri

"frontChannelLogoutUri": "https://fqdn/logout.php, https://fqdn/logout.php",

Shouldn't that be:

"frontChannelLogoutUri": "https://fqdn/logout.php"

Logs

Please make sure Auth Server has DEBGU logs enabled. Attach the interesting snippets for:

• java and orm error logs
• WP plugin logs

Client Summary

How did you create this client? Can you print the client summary or provide the data from the database about the client entity?

[BainMcKay]

The detail got lost in the fqdn abstraction. I provide the actual config below for clarity. This is consistent with our GLUU production sites. There are two fqdns because there are two dependent app front channel logouts: MD: Moodle, NC: Nextcloud The Post logout redirect addresses wp: Wordpress. So from what I can see, it looks correct, Any other observations? 

…

On Jan 4, 2024, at 9:37 AM, Michael Schwartz ***@***.***> wrote: "frontChannelLogoutUri": "https://fqdn/logout.php, https://fqdn/logout.php", Shouldn't that be: "frontChannelLogoutUri": "https://fqdn/logout.php" — Reply to this email directly, view it on GitHub <#7215 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AARINNPJMFCNUWXO753NSGLYM3LGDAVCNFSM6AAAAABBE3PRDGVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DAMJUHAYDS>. You are receiving this because you authored the thread.

[nynymike]

Ok, understood on frontChannelLogoutUri, but please re-suply the logs and client summary (not from the RP, but from the OP) to confirm what we are even debugging.

[BainMcKay]

HI Mike Below I provide a screenshot of the Front Channel URI, Post Logout Redirect URI and Redirect URI. And I also provide the Json for the openID client total config [wordpress_openId_Client.Confgi-2024-01-04.json] below. I XXXX’d out the sensitive info. FRONT CHANNEL URI POST LOGOUT REDIRECT  REDIRECT_URI  cat wordpress_openId_Client.Confgi-2024-01-04.json { "dn": “inum=XXXXXXXXX,ou=clients,o=jans", "deletable": false, "clientSecret": “XXXXXXXXXXXXX", "frontChannelLogoutUri": "https://cekh-pp-main-md.abraxasdev.com/logout.php, https://cekh-pp-main-nc.abraxasdev.com/logout.php", "frontChannelLogoutSessionRequired": false, "redirectUris": [ "https://cekh-pp-main-wp.abraxasdev.com/wp-admin/admin-ajax.php?action=openid-connect-authorize" ], "responseTypes": [ "code" ], "grantTypes": [ "authorization_code" ], "applicationType": "web", "clientName": "Wordpress", "clientNameLocalized": {}, "logoUriLocalized": {}, "clientUriLocalized": {}, "policyUriLocalized": {}, "tosUriLocalized": {}, "sectorIdentifierUri": "`", "subjectType": "public", "tokenEndpointAuthMethod": "client_secret_post", "postLogoutRedirectUris": [ "https://cekh-pp-main-wp.abraxasdev.com/wp-login.php?loggedout=true&wp_lang=en_US" ], "scopes": [ "inum=764C,ou=scopes,o=jans", "inum=F0C4,ou=scopes,o=jans", "inum=43F1,ou=scopes,o=jans", "inum=C4F6,ou=scopes,o=jans" ], "trustedClient": false, "persistClientAuthorizations": false, "includeClaimsInIdToken": false, "customAttributes": [], "customObjectClasses": [ "top" ], "rptAsJwt": false, "accessTokenAsJwt": false, "disabled": false, "attributes": { "runIntrospectionScriptBeforeJwtCreation": false, "keepClientAuthorizationAfterExpiration": false, "allowSpontaneousScopes": false, "backchannelLogoutUri": [ " " ], "backchannelLogoutSessionRequired": false, "parLifetime": 600, "requirePar": false, "dpopBoundAccessToken": false, "jansDefaultPromptLogin": false, "minimumAcrLevel": -1 }, "backchannelTokenDeliveryMode": "poll", "backchannelUserCodeParameter": false, "description": "Wordpress", "displayName": "Wordpress", "authenticationMethod": "client_secret_post", "allAuthenticationMethods": [ "client_secret_post" ], "baseDn": “inum=XXXXXXXXXXXXa,ou=clients,o=jans", "inum": “XXXXXXXXXXXX” }

…

On Jan 4, 2024, at 10:11 AM, Michael Schwartz ***@***.***> wrote: Ok, understood on frontChannelLogoutUri, but please re-suply the other two here to confirm what we are even debugging. — Reply to this email directly, view it on GitHub <#7215 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AARINNIGMPX74K2N742YNYTYM3PC3AVCNFSM6AAAAABBE3PRDGVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DAMJVGE4DI>. You are receiving this because you authored the thread.

[nynymike]

Still waiting for 100% of the information I requested to be supplied...

[BainMcKay]

REF: re-suply the logs and client summary (not from the RP, but from the OP)

jans-auth.Log:
jans-auth.log

OP Client Summary:
janssenWP_OIDC.json.txt

http_request_response.log
http_request_response.log

If I've missed something, please inform so I can find it.

Much apreciated

[nynymike]

I see 778 errors in jans-auth.log that look basically like this:

2024-01-05 00:04:26,338 ERROR [Thread-188470]  [io.jans.as.server.service.CleanerTimer] (CleanerTimer.java:210) - Failed to perform clean up.
io.jans.orm.exception.EntryDeleteException: Failed to delete entries with baseDN: ou=archived_jwks,o=jans, filter: (&(&(objectClass=jansArchJwk))(&(del=true)(exp<=20240105000426.335Z)))

But I don't see any other errors. What would be more useful is for you to do a tail -f on jans-auth.log ... run your authorization request ... and ctrl-c so you can just capture the relevant logs for the transaction in question. Also, please set Auth Server for DEBUG logging.

Also, http_request_response.log is an empty file.

The AS client entity looks fine.

Also, what about logs from the RP? Is your Wordpress Plugin is logging something?

[BainMcKay]

Excellent. I tailed the jans-auth.json log and did a log-in attempt in the Wordpress App. It threw an LDAP error. This ['ou=archived_jwks,o=jans' does not exist] would appear to be the culprit. (logo below). Now what?

root@do-gluu:/opt/jans/jetty/jans-auth/logs# tail -f jans-auth.log
at io.jans.orm.ldap.impl.LdapEntryManager.remove(LdapEntryManager.java:345) ~[jans-orm-ldap-1.0.21.jar:?]
... 20 more
Caused by: com.unboundid.ldap.sdk.LDAPSearchException: The search base entry 'ou=archived_jwks,o=jans' does not exist
at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3994) ~[unboundid-ldapsdk-6.0.8.jar:6.0.8]
at io.jans.orm.ldap.operation.impl.LdapOperationServiceImpl.searchImpl(LdapOperationServiceImpl.java:350) ~[jans-orm-ldap-1.0.21.jar:?]
at io.jans.orm.ldap.operation.impl.LdapOperationServiceImpl.search(LdapOperationServiceImpl.java:271) ~[jans-orm-ldap-1.0.21.jar:?]
at io.jans.orm.ldap.impl.LdapEntryManager.remove(LdapEntryManager.java:345) ~[jans-orm-ldap-1.0.21.jar:?]
... 20 more
2024-01-06 02:55:31,502 INFO [Thread-237884] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state
2024-01-06 02:55:31,502 INFO [Thread-237884] [io.jans.ads.Deployer] (Deployer.java:415) - 0 successful deployments found
2024-01-06 02:55:41,672 ERROR [qtp1260134048-21] a1427dec-8c0c-4242-a48c-864745c6aaa7 [io.jans.as.server.service.RedirectionUriService] (RedirectionUriService.java:144) - Problems validating redirection uri, clientId = 2ef5b123-6ce8-4acd-b363-68e450c58faa, redirectionUri = https://cekh-pp-main-wp.abraxasdev.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
jakarta.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request: org.apache.http.client.ClientProtocolException
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:321) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:494) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:69) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
at io.jans.as.server.service.RedirectionUriService.getSectorRedirectUris(RedirectionUriService.java:85) ~[classes/:?]
at io.jans.as.server.service.RedirectionUriService.validateRedirectionUri(RedirectionUriService.java:111) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:362) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:345) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.authorize(AuthorizeRestWebServiceImpl.java:332) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization(AuthorizeRestWebServiceImpl.java:281) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet(AuthorizeRestWebServiceImpl.java:219) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl$Proxy$_$$WeldClientProxy.requestAuthorizationGet(Unknown Source) ~[classes/:?]
at jdk.internal.reflect.GeneratedMethodAccessor330.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:587) ~[jetty-jakarta-servlet-api-5.0.2.jar:?]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) ~[?:?]
at io.jans.as.server.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:247) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:69) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.filter.CorrelationIdFilter.doFilter(CorrelationIdFilter.java:49) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:357) ~[jans-core-server-1.0.21.jar:?]
at io.jans.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:123) ~[jans-core-server-1.0.21.jar:?]
at io.jans.as.server.filter.CorsFilter.doFilter(CorsFilter.java:116) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[jetty-security-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1381) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1303) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.Server.handle(Server.java:563) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140) ~[?:?]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) ~[?:?]
at java.lang.Thread.run(Thread.java:840) ~[?:?]
Caused by: org.apache.http.client.ClientProtocolException
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:302) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
... 86 more
Caused by: org.apache.http.ProtocolException: Target host is not specified
at org.apache.http.impl.conn.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:71) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.determineRoute(InternalHttpClient.java:125) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:302) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
... 86 more
2024-01-06 02:55:41,682 ERROR [qtp1260134048-21] a1427dec-8c0c-4242-a48c-864745c6aaa7 [as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl] (AuthorizeRestWebServiceImpl.java:285) - HTTP 400 Bad Request
jakarta.ws.rs.WebApplicationException: HTTP 400 Bad Request
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:370) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:345) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.authorize(AuthorizeRestWebServiceImpl.java:332) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization(AuthorizeRestWebServiceImpl.java:281) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet(AuthorizeRestWebServiceImpl.java:219) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl$Proxy$$$_WeldClientProxy.requestAuthorizationGet(Unknown Source) ~[classes/:?]
at jdk.internal.reflect.GeneratedMethodAccessor330.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:587) ~[jetty-jakarta-servlet-api-5.0.2.jar:?]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) ~[?:?]
at io.jans.as.server.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:247) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:69) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.filter.CorrelationIdFilter.doFilter(CorrelationIdFilter.java:49) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:357) ~[jans-core-server-1.0.21.jar:?]
at io.jans.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:123) ~[jans-core-server-1.0.21.jar:?]
at io.jans.as.server.filter.CorsFilter.doFilter(CorsFilter.java:116) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[jetty-security-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1381) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1303) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.Server.handle(Server.java:563) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140) ~[?:?]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) ~[?:?]
at java.lang.Thread.run(Thread.java:840) ~[?:?]

[nynymike]

Right, it's DN which must be pre-created. It's already added a8c315d

[BainMcKay]

Sorry. What steps do I take to resolve in Janssen?

[BainMcKay]

Resolved.

DO not use OpenDJ. No longer supported;

use MySQL

[BainMcKay]

Resolved.

DO not use OpenDJ. No longer supported;

use MySQL