Connect XWiki with OpenId to Azure AD

Help / Discuss
,
#1

Hey Guys,

i try to connect the authentication of my XWiki to Azure AD using Open ID Connect. The forward to Microsoft works but on the response I always get the following error page:

Summary

HTTP Status 500 – Internal Server Error

Type Exception Report

Message Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]] org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:161) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)

Root Cause

org.xwiki.resource.ResourceReferenceHandlerException: Failed to handle http servlet request org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:110) org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79) org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)

Root Cause

org.xwiki.contrib.oidc.provider.internal.OIDCException: Failed to get access token:invalid_client org.xwiki.contrib.oidc.auth.internal.endpoint.CallbackOIDCEndpoint.handle(CallbackOIDCEndpoint.java:176) org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:134) org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:108) org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79) org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)

Note The full stack trace of the root cause is available in the server logs.

Apache Tomcat/9.0.31 (Debian)

Thanks for help!

#2

This is what the Azure server answered, looks like you are missing something but there is not much details and I never tried with Azure myself. Maybe you did not set the right oidc.clientid and oidc.secret.