<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Inconsolata;">
<p>LDAP appears to be functioning, since I end up in the management page and am able to manage the site by adding the client and editing it, but it never sends me the redirection with the code. <br>
</p>
<p>All our initial tests were done with an actual app that works on other environments (SMART enabled), but for this simple test I have used a plain browser in both cases.<br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager<br>
Clinical Applications Technical Services</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
<div style="word-wrap:break-word">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Richer, Justin P. <jricher@mitre.org><br>
<b>Sent:</b> Thursday, December 18, 2014 11:30 AM<br>
<b>To:</b> Felipe Polo-Wood<br>
<b>Cc:</b> mitreid-connect@mit.edu<br>
<b>Subject:</b> Re: [mitreid-connect] Unable to get authorize to work on 1.1.12</font>
<div> </div>
</div>
<div>There shouldn't be any additional requirements, and in fact 1.1.12 should work significantly better out of the box compared to 1.1.3, which had several large known issues. Are you able to log into the server directly, without using the authorization page?
It sounds like there could be something going on with your LDAP connection that's preventing it from completing the transaction. Is there anything in your server logs that could indicate a crash or problem on the server?
<div><br>
</div>
<div>Also, which client software are you using? I'm assuming it's the same for both cases.<br>
<div><br>
</div>
<div> -- Justin</div>
<div><br>
<div>
<div>On Dec 18, 2014, at 11:13 AM, Felipe Polo-Wood <<a href="mailto:felipe.polowood@duke.edu">felipe.polowood@duke.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite"><style type="text/css" style="">
<!--
p
        {margin-top:0px;
        margin-bottom:0px}
-->
</style>
<div dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt; background-color:rgb(255,255,255); font-family:Inconsolata">
<div><br class="webkit-block-placeholder">
</div>
<p class="p1"><span class="s1">We were having problems with 1.1.3 and it was suggested to upgrade to 1.1.12. We haven't had much success, so I decided to run some tests in a very clean scenario with as little change as possible. So, here it is:</span></p>
<p class="p1"><span class="s1"><br>
</span></p>
<p class="p1"><span class="s1">I took a vainilla 1.1.3 and made one simple change to the sample client: add
<a href="http://www.duke.edu/" id="lnk147249">http://www.duke.edu</a> as a redirect. I then whitelisted the client.</span></p>
<p class="p1"><span style="font-size:12pt">When calling </span><span style="font-size:12pt"><a href="http://xxx/ldap-openid-connect-server-113/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code" id="lnk507984">http://xxx/ldap-openid-connect-server-113/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code</a> </span><span style="font-size:12pt">it </span><span style="font-size:12pt">prompts
me f</span><span style="font-size:12pt">or credentials and then redirects me to </span>
<a href="http://www.duke.edu/?code=xxxxxxx" id="lnk660789" style="font-size:12pt">http://www.duke.edu/?code=xxxxxxx</a><span style="font-size:12pt">​ </span></p>
<p class="p1"><span class="s1"></span><span style="font-size:12pt">Subsequent ac</span><span style="font-size:12pt">cess sends me directly w/o prompting for credentials.</span></p>
<p class="p1"><span style="font-size:12pt">On the management page it shows "</span><span style="font-size:12pt">There have been 1 user of this system who have logged in to 1 total site, for a total of 1 site approval" </span><span style="font-size:12pt">and
the client shows up </span><span style="font-size:12pt">in the “Manage Approved Sites” page.</span></p>
<p class="p2"><span class="s1"></span><br>
</p>
<p class="p1"><span class="s1">When trying to repeat that simple scenario in 1.1.12... added the redirect and whitelisted the client.</span></p>
<p class="p1"><span class="s1"></span><span style="font-size:12pt"><a href="http://vml-catstools2:8080/ldap-openid-connect-server/authorize?client_id=client&redirect_uri=theclient://callback&scope=openid%20profile&response_type=code" id="lnk509122">http://xxx/ldap-openid-connect-server/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code</a>
it </span><span style="font-size:12pt">prompts me for credentials every time and after the credentials it redirects me to the
<a href="http://xxx/ldap-openid-">http://xxx/ldap-openid-</a></span><span style="font-size:12pt">connect-server management page, where it displays "</span><span style="font-size:12pt">There hav</span><span style="font-size:12pt">e been 0 users of this system
who have authorized 0 applications, with a total of 0 site approvals" and the client never shows up in the "Manage Approved Sites" page.<br>
</span></p>
<p class="p1"><span style="font-size:12pt"><br>
</span></p>
<p class="p1">Was there some change that requires some extra step or configuration for this simple scenario to work on 1.1.12?<br>
</p>
<p class="p1"><br>
</p>
<p class="p1">Thanks,<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager<br>
Clinical Applications Technical Services</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
mitreid-connect mailing list<br>
<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a><br>
http://mailman.mit.edu/mailman/listinfo/mitreid-connect<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>