Wordpress Redirect_url mismatch #7389

BainMcKay · 2024-01-16T20:38:50Z

BainMcKay
Jan 16, 2024

I"m debugging Wordpress code. At the daggerhart-openid-connect-generic plugin. it's stuffing the following URL into the HTTP Header

this is the header (see 1st screenshot below) [typo fixed]
'https://cekh-pp-main-wp.kayviumdev.com/wp-admin/admin-ajax.php?action=openid-connect-authorize`

And this is the Janssen openID record entry (see the 2nd screenshot below - the json of the openID client record from TUI)
'https://cekh-pp-main-wp.kayviumdev.com/wp-admin/admin-ajax.php?action=openid-connect-authorize'

And it returns with the screenshot below, from Janssen, as not a match. But they are as perfect match. So must be something else being matched in Janssen which I can't see and don't know about?

Wordpress redirect Url error, showing http header at the 302 redirect handoff

Screenshot of Wordpress client OpenId record Json

Here's the daggerhart-openid-connect-generic code where the handoff is being made (starting at line 70 of: wp-content/plugins/daggerhart-openid-connect-generic/includes/openid-connect-generic-login-form.php), to help with the debugging on your site, should this be code issue.

/**
* Auto Login redirect.
*
* @return void
*/
function handle_redirect_login_type_auto() {

	if ( 'wp-login.php' == $GLOBALS['pagenow']
		&& ( 'auto' == $this->settings->login_type || ! empty( $_GET['force_redirect'] ) )
		&& ( ! isset( $_GET['action'] ) || 'logout' !== $_GET['action'] )
		&& ! isset( $_POST['wp-submit'] ) ) {
		if ( ! isset( $_GET['login-error'] ) ) {
			$this->handle_redirect_cookie();
                           
                           //2024-01-16:DBM: this is where the handoff is made through the https header on redirect
			wp_redirect( $this->client_wrapper->get_authentication_url() );

			exit;
		} else {
			add_action( 'login_footer', array( $this, 'remove_login_form' ), 99 );
		}
	}

}

And at the sometime, it's throwing the following java exception (tail -f jans-auth.log)

====2024-01-16 20:43:16,880 ERROR [qtp1260134048-18] 844523ef-5524-4ed3-b576-0a479c9deada [io.jans.as.server.service.RedirectionUriService] (RedirectionUriService.java:144) - Problems validating redirection uri, clientId = 185be4a6-2610-4d19-811a-42d8cfcf29a5, redirectionUri = https://cekh-pp-main-wp.kayviumdev.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
jakarta.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request: org.apache.http.client.ClientProtocolException
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:321) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:494) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:69) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
at io.jans.as.server.service.RedirectionUriService.getSectorRedirectUris(RedirectionUriService.java:85) ~[classes/:?]
at io.jans.as.server.service.RedirectionUriService.validateRedirectionUri(RedirectionUriService.java:111) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:362) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:345) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.authorize(AuthorizeRestWebServiceImpl.java:332) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization(AuthorizeRestWebServiceImpl.java:281) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet(AuthorizeRestWebServiceImpl.java:219) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl$Proxy$_$$WeldClientProxy.requestAuthorizationGet(Unknown Source) ~[classes/:?]
at jdk.internal.reflect.GeneratedMethodAccessor411.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:587) ~[jetty-jakarta-servlet-api-5.0.2.jar:?]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) ~[?:?]
at io.jans.as.server.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:69) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.filter.CorrelationIdFilter.doFilter(CorrelationIdFilter.java:49) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:357) ~[jans-core-server-1.0.21.jar:?]
at io.jans.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:123) ~[jans-core-server-1.0.21.jar:?]
at io.jans.as.server.filter.CorsFilter.doFilter(CorsFilter.java:116) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:247) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[jetty-security-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1381) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1303) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.Server.handle(Server.java:563) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) ~[?:?]
at java.lang.Thread.run(Thread.java:840) ~[?:?]
Caused by: org.apache.http.client.ClientProtocolException
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:302) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
... 81 more
Caused by: org.apache.http.ProtocolException: Target host is not specified
at org.apache.http.impl.conn.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:71) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.determineRoute(InternalHttpClient.java:125) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:302) ~[resteasy-client-6.0.3.Final.jar:6.0.3.Final]
... 81 more
2024-01-16 20:43:16,888 ERROR [qtp1260134048-18] 844523ef-5524-4ed3-b576-0a479c9deada [as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl] (AuthorizeRestWebServiceImpl.java:285) - HTTP 400 Bad Request
jakarta.ws.rs.WebApplicationException: HTTP 400 Bad Request
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:370) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator.validateRedirectUri(AuthorizeRestWebServiceValidator.java:345) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.authorize(AuthorizeRestWebServiceImpl.java:332) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization(AuthorizeRestWebServiceImpl.java:281) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet(AuthorizeRestWebServiceImpl.java:219) ~[classes/:?]
at io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl$Proxy$$$_WeldClientProxy.requestAuthorizationGet(Unknown Source) ~[classes/:?]
at jdk.internal.reflect.GeneratedMethodAccessor411.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:587) ~[jetty-jakarta-servlet-api-5.0.2.jar:?]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) ~[?:?]
at io.jans.as.server.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:69) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.filter.CorrelationIdFilter.doFilter(CorrelationIdFilter.java:49) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:357) ~[jans-core-server-1.0.21.jar:?]
at io.jans.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:123) ~[jans-core-server-1.0.21.jar:?]
at io.jans.as.server.filter.CorsFilter.doFilter(CorsFilter.java:116) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at io.jans.as.server.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:247) ~[classes/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[jetty-security-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1381) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) ~[jetty-servlet-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1303) ~[jetty-server-11.0.15.jar:11.0.15]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
at org.eclipse.jetty.server.Server.handle(Server.java:563) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) ~[?:?]
at java.lang.Thread.run(Thread.java:840) ~[?:?]

nynymike · 2024-01-17T15:43:35Z

nynymike
Jan 17, 2024
Maintainer

What version is this?

/opt/jans/bin/show_version.py | grep [TV]

0 replies

BainMcKay · 2024-01-17T15:55:35Z

BainMcKay
Jan 17, 2024
Author

***@***.***:/opt/jans/jans-cli# cat version.py """ License terms and conditions for Janssen: https://www.apache.org/licenses/LICENSE-2.0 """

__version__ = "1.0.21"

On Jan 17, 2024, at 8:43 AM, Michael Schwartz ***@***.***> wrote: What version is this? /opt/jans/bin/show_version.py | grep [TV] — Reply to this email directly, view it on GitHub <#7389 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AARINNPMM7EH3KNPAAE7IETYO7WTFAVCNFSM6AAAAABB5N2UXOVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DCNJYGUYTO>. You are receiving this because you authored the thread.

I noticed that you can't see the version unless you are in edit It;'s version: 1.0.21

0 replies

nynymike · 2024-01-18T04:25:30Z

nynymike
Jan 18, 2024
Maintainer

When you submit an issue like this, it would be helpful if you include all the data for the client entity. For example, is there a sector_identifier_uri defined? It would just save a step if you include all the info to review... the version, the database, the error message, the client entity, all the logs (auth server, persistence, script, httpd, database). When you post 12.5% of the required information, it just takes a long time to get the to the bottom of it.

2 replies

BainMcKay Jan 18, 2024
Author

I'm not sure what 12.5% equates to. I'm happy to provide all the information I can help resolve it. This thread is all about the error. Above is:

the error message in Wordpress,
the tail on the jans_auth log showing the internal error ,
the inspect screenshot at time of the error showing the http header with redirect_url
- The line of code in the daggerhart opened plugin here it hands it off to Janssen though http, and gets an error in return. The value sent id the same as that in the http header in the inspect view.
- I tried to get the mysql version [mysql -v], but it says mysql not installed. I chose mysql ids installer. Not sure what that; about
There is no sector URL defined. I tried to map between our GLUU production server and the Janssen server, I see no sector on the GLUU openID record, so I assume there isn't one in GLUU, or it's in another screen . I don't know where to look
- the OpenID client record json is below.
The version is 1.0.21 (as above)
The database is MySQL from the Janssen auto installer.
- Logs
  ** empty logs
  *** http_request_response.log
  *** jans-auth_persistence_duration.log
  *** other attached= in ZIP
  **** 2024_01_17.jetty.log
  **** 2024_01_18.jetty.log
  **** jans-auth_persistence.log
  **** jans-auth_script.log
  **** jans-auth.log
Jans_auth record
==============================
OPENID RECORD
root@do-gluu:/# cat wordpress.json
{
"dn": "inum=*******,ou=clients,o=jans",
"deletable": false,
"clientSecret": "",
"frontChannelLogoutUri": "https://cekh-pp-main-md.kayviumdev.com/logout.php,https://cekh-pp-main-nc.kayviumdev.com/logout.php",
"frontChannelLogoutSessionRequired": false,
"redirectUris": [
"https://cekh-pp-main-wp.kayviumdev.com/wp-admin/admin-ajax.php?action=openid-connect-authorize"
],
"responseTypes": [
"code"
],
"grantTypes": [
"authorization_code"
],
"applicationType": "web",
"clientName": "wordpress",
"clientNameLocalized": {},
"logoUriLocalized": {},
"clientUriLocalized": {},
"policyUriLocalized": {},
"tosUriLocalized": {},
"sectorIdentifierUri": "`",
"subjectType": "public",
"tokenEndpointAuthMethod": "client_secret_post",
"postLogoutRedirectUris": [
"https://cekh-pp-main-wp.kayviumdev.com/wp-login.php?loggedout=true&wp_lang=en_US"
],
"scopes": [
"inum=764C,ou=scopes,o=jans",
"inum=F0C4,ou=scopes,o=jans",
"inum=43F1,ou=scopes,o=jans"
],
"trustedClient": false,
"persistClientAuthorizations": true,
"includeClaimsInIdToken": true,
"customAttributes": [],
"customObjectClasses": [
"top"
],
"rptAsJwt": false,
"accessTokenAsJwt": false,
"disabled": false,
"attributes": {
"runIntrospectionScriptBeforeJwtCreation": true,
"keepClientAuthorizationAfterExpiration": false,
"allowSpontaneousScopes": false,
"backchannelLogoutSessionRequired": false,
"parLifetime": 600,
"requirePar": false,
"dpopBoundAccessToken": false,
"jansDefaultPromptLogin": false,
"minimumAcrLevel": -1
},
"backchannelTokenDeliveryMode": "poll",
"backchannelUserCodeParameter": false,
"description": "Wordpress",
"displayName": "wordpress",
"authenticationMethod": "client_secret_post",
"allAuthenticationMethods": [
"client_secret_post"
],
"baseDn": "inum=185be4a6-2610-4d19-811a-42d8cfcf29a5,ou=clients,o=jans",
"inum": "185be4a6-2610-4d19-811a-42d8cfcf29a5"
}

-================================

nynymike Jan 18, 2024
Maintainer

A little more then 12.4% :-)

yuriyz · 2024-01-18T09:41:52Z

yuriyz
Jan 18, 2024
Maintainer

You've put in client "sectorIdentifierUri": "`",. AS expects there valid URI. "`"is not valid URI. So AS trying to fetch redirect uris from that sector identifier and indeed fail. So logs says Caused by: org.apache.http.ProtocolException: Target host is not specified.

So you have to leave it blank or otherwise specify valid sector identifier uri which host valid redirect uris.

0 replies

BainMcKay · 2024-01-18T17:44:15Z

BainMcKay
Jan 18, 2024
Author

So hard to see in TUI with various colour schemes.* Which colour scheme works best?I removed what looked like a back tic and got past that error. On to the next (below). This could be our customization error. I’m looking at that now .[ERROR (invalid_client): Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client. CorrelationId: 12932be0-c51c-427a-9b82-14ab57dc9d77 ]Bain McKay CEO & Chief ScientistKayvium ***@***.***(613)668-9979 ___________________ KAYVIUMBeyond Search - Intelligent Applications that work the way you think ___________________THE CONTENTS OF THIS EMAIL ARE COPYRIGHT KAYVIUM CORPORATION 2005-2023 - ALL RIGHTS RESERVED. THIS EMAIL IS NOT TO BE FORWARDED OR SHARED WITHOUT THE PERMISSION OF KAYVIUM CORPORATIONSent from my iPhoneOn Jan 18, 2024, at 2:42 AM, YuriyZ ***@***.***> wrote: You've put in client "sectorIdentifierUri": "",. AS expects there valid URI. "" is not valid URI. So AS trying to fetch redirect uris from that sector identifier and indeed fail. So logs says Caused by: org.apache.http.ProtocolException: Target host is not specified. So you have to leave it blank or otherwise specify valid sector identifier uri which host valid redirect uris. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>

2 replies

nynymike Jan 18, 2024
Maintainer

I could see hitting ` instead of Esc ... That's why having the client config summary is good, and looking at all the fields, not just the ones you know you modified.

Also, the line was a good clue... it's the first io.jans class in that list:

at io.jans.as.server.service.RedirectionUriService.getSectorRedirectUris(RedirectionUriService.java:85) ~[classes/:?]

BainMcKay Jan 18, 2024
Author

Yes. Just hard to see. Softer errors would help.

That fixed, I now get the error token response back (bewlow) which feels like an email mismatch. Does that make sense? I have email scope.

logs attached
support_logs.zip

it's again in daggerhart opened plugin. This time in the function authentication_request_callback;

line 367 is the error check in

daggerhart-openid-connect-generic
openid-connect-generic-client-wrapper.php
- ERROR: //2024-0-18:DBM.

function authentication_request_callback() {
$client = $this->client;

// Start the authentication flow.
$authentication_request = $client->validate_authentication_request( $_GET );

	if ( is_wp_error( $authentication_request ) ) {
		$this->error_redirect( $authentication_request );
	}

	// Retrieve the authentication code from the authentication request.
	$code = $client->get_authentication_code( $authentication_request );

	if ( is_wp_error( $code ) ) {
		$this->error_redirect( $code );
	}

	// Attempting to exchange an authorization code for an authentication token.
	$token_result = $client->request_authentication_token( $code );

            //2024-0-18:DBM. Is returnung q token error on callback. (exchanging the authrization code for an authorization token)
	if ( is_wp_error( $token_result ) ) {
		$this->error_redirect( $token_result );
	}

	// Get the decoded response from the authentication request result.
	$token_response = $client->get_token_response( $token_result );

	// Allow for other plugins to alter data before validation.
	$token_response = apply_filters( 'openid-connect-modify-token-response-before-validation', $token_response );

	if ( is_wp_error( $token_response ) ) {
		$this->error_redirect( $token_response );
	}

CALLBACK EROR RESOPNSE
ERROR (invalid_client): Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client. CorrelationId: b6dcbbc0-9de7-40cd-8e85-ce28355457a8

JANS-AUTH-LOG

jans-auth.log erro on `tail -f jans.log'
2024-01-18 22:28:55,518 INFO [qtp1260134048-20] 18e0579e-70ba-4a67-aa9f-bced4afffa34 [io.jans.as.server.auth.Authenticator] (Authenticator.java:247) - Authentication failed for '185be4a6-2610-4d19-811a-42d8cfcf29a5' 2024-01-18 22:29:12,767 INFO [Thread-129359] [io.jans.ads.Deployer] (Deployer.java:409) - Syncing in-memory state with DB state

nynymike · 2024-01-18T22:40:17Z

nynymike
Jan 18, 2024
Maintainer

As the Redirect-url issue is resolved, i'm closing this discussion. If another issue arises, please open under a new topic with all the relevant info supplied.

0 replies

BainMcKay · 2024-01-18T23:05:50Z

BainMcKay
Jan 18, 2024
Author

I THINK I FIGURED IT OUT.

SHOHLD KNOW IN THE NEXT 30 MINUTES

0 replies

BainMcKay · 2024-01-18T23:52:16Z

BainMcKay
Jan 18, 2024
Author

Got it.

There was a typo in the client secret.

We are now going to build an OpenId Client page in Wordpress Dashboard, with field edits etc, to guard against fat finger typos. And give customers a Web Form to do their own User CRUD. Also very difficult to see the TUI screen. But not an excuse, because we duo have the Json export.

It will update the Jansen sever through a back end transition, so no attack surface.

So end of this thread

Thanks for all your help.

Now I need to create 5 more clients for the other servers in our hub solution , and we are over the line.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wordpress Redirect_url mismatch #7389

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 8 comments 4 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Wordpress Redirect_url mismatch #7389

BainMcKay Jan 16, 2024

Replies: 8 comments · 4 replies

nynymike Jan 17, 2024 Maintainer

BainMcKay Jan 17, 2024 Author

nynymike Jan 18, 2024 Maintainer

BainMcKay Jan 18, 2024 Author

nynymike Jan 18, 2024 Maintainer

yuriyz Jan 18, 2024 Maintainer

BainMcKay Jan 18, 2024 Author

nynymike Jan 18, 2024 Maintainer

BainMcKay Jan 18, 2024 Author

nynymike Jan 18, 2024 Maintainer

BainMcKay Jan 18, 2024 Author

BainMcKay Jan 18, 2024 Author

BainMcKay
Jan 16, 2024

Replies: 8 comments 4 replies

nynymike
Jan 17, 2024
Maintainer

BainMcKay
Jan 17, 2024
Author

nynymike
Jan 18, 2024
Maintainer

BainMcKay Jan 18, 2024
Author

nynymike Jan 18, 2024
Maintainer

yuriyz
Jan 18, 2024
Maintainer

BainMcKay
Jan 18, 2024
Author

nynymike Jan 18, 2024
Maintainer

BainMcKay Jan 18, 2024
Author

nynymike
Jan 18, 2024
Maintainer

BainMcKay
Jan 18, 2024
Author

BainMcKay
Jan 18, 2024
Author