Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Issues when adding several redirect_uri for an OIDC client's entry

See original GitHub issue

Environment: gluu-server-3.1.4-RC6, CentOS7

Steps to reproduce;

Log in to web UI
Move to “OpenID Connect -> Clients”
Create a new client entry with minimal set of required properties; use “pairwise” for “Subject Type” and specify only one redirect login uri
Try to add an additional redirect uri with the same hostname part as the 1st one has (that step should fail, see below for details)
Supply a valid “Sector Identifier URI” which returns a JSON file containing both of the redirect uris used in this test (use a uri pointing to a remote web server), and click the “Update” button
Try to add 2nd redirect uri again

Results:

At step 4) an error message is displayed reading “A sector identifier must be defined first” and Java error trace is registered in oxtrust.log (full text is here):

2018-09-24 16:44:07,520 ERROR [qtp1094834071-14] [org.gluu.oxtrust.ldap.service.SectorIdentifierService] (SectorIdentifierService.java:90) - Failed to find sector identifier by oxId sector-uris.json
org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry: oxId=sector-uris.json,ou=sector_identifiers,o=@!E8DE.7456.204B.BE5E!0001!25AB.4068,o=gluu
	at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:306) ~[oxcore-ldap-3.1.4-SNAPSHOT.jar:?]
	at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:444) ~[oxcore-ldap-3.1.4-SNAPSHOT.jar:?]
	at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:381) ~[oxcore-ldap-3.1.4-SNAPSHOT.jar:?]

At step 6) the same message and same log record are seen again, despite of the fact “Sector Identifier URI” is defined now

Expected results:

According to the spec, sector identifier uri only becomes mandatory when several redirect uris are used and their hostname parts are different. Thus the fact a 2nd uri couldn’t been added at step 4) doesn’t seem right
Even when a correct sector identifier uri is added as web UI requests, it’s still not possible to add a 2nd redirect uri, thus it doesn’t seem this web UI control functions properly at all

Issue Analytics

State:
Created 5 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

syntrydycommented, Sep 25, 2018

@aliaksander-samuseu i’m the one who implement that restriction.

sector identifier uri only becomes mandatory when several redirect uris are used and their hostname parts are different: This wasn’t not mentioned in that task.

Here is the link https://github.com/GluuFederation/oxTrust/issues/966.

0reactions

syntrydycommented, Sep 26, 2018

@aliaksander-samuseu i think it’s okay now.