Hi,
I’m trying to implement SSO by using the OpenID Connect Authenticator extension with ADFS as the federation provider.
When I login to XWiki using the ADFS login page I get the following error 500:
# HTTP Status 500 – Internal Server Error
**Type** Exception Report
**Message** Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]
**Description** The server encountered an unexpected condition that prevented it from fulfilling the request.
**Exception**
javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]] org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:161) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)
**Root Cause**
org.xwiki.resource.ResourceReferenceHandlerException: Failed to handle http servlet request org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:110) org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79) org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)
**Root Cause**
org.xwiki.contrib.oidc.provider.internal.OIDCException: Failed to get user info:invalid_token org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.updateUserInfo(OIDCUserManager.java:187) org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.updateUserInfo(OIDCUserManager.java:162) org.xwiki.contrib.oidc.auth.internal.endpoint.CallbackOIDCEndpoint.handle(CallbackOIDCEndpoint.java:197) org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:134) org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:108) org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79) org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159) org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)
In ADFS I created an application group containing a server application and a web application:
My xwiki.properties is as follows:
oidc.endpoint.authorization=https://***/adfs/oauth2/authorize/
oidc.endpoint.token=https://***/adfs/oauth2/token/
oidc.endpoint.userinfo=https://***/adfs/userinfo
oidc.endpoint.logout=https://***/adfs/oauth2/logout
oidc.scope=openid,profile,email
oidc.userinfoclaims=
oidc.secret=mu***kH (generated by ADFS)
oidc.clientid=14***70
Whenever I change the relying party identifier in the web application to my XWiki url I am able to login but there is no user info. I also played with the properties to no avail.
I’m pretty lost at this moment and am not sure where to look for the problem. Can anybody point me into some direction?
Thanks in advance,
Ewan