<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; } body { direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10pt; }--></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Inconsolata;">
<p>Thanks... that server is what we have been using for testing, but when we try to setup our own is when we run into trouble. The application works just fine there.<br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager<br>
Clinical Applications Technical Services</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
<div style="word-wrap:break-word">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Justin P Richer <jricher@mit.edu><br>
<b>Sent:</b> Thursday, December 18, 2014 12:50 PM<br>
<b>To:</b> Felipe Polo-Wood<br>
<b>Cc:</b> mitreid-connect@mit.edu<br>
<b>Subject:</b> RE: [mitreid-connect] Unable to get authorize to work on 1.1.12</font>
<div> </div>
</div>
<div>
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Additionally, I've just been pointed to the SMART on FHIR authorization server, which is based on top of the LDAP project and MITREid Connect 1.1.10:<br>
<br>
<span dir="ltr"><a href="https://github.com/smart-on-fhir/auth-server-ldap/tree/smart-launch" target="_blank">https://github.com/smart-on-fhir/auth-server-ldap/tree/smart-launch</a><br>
<br>
They haven't upgraded from 1.1.10 to 1.1.12 yet, but perhaps this will give you a working system to start from and we can figure out what's going on.<br>
<br>
-- Justin<br>
<br>
</span>
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF229396" style="direction:ltr"><font color="#000000" face="Tahoma" size="2"><b>From:</b> mitreid-connect-bounces@mit.edu [mitreid-connect-bounces@mit.edu] on behalf of Richer, Justin P. [jricher@mitre.org]<br>
<b>Sent:</b> Thursday, December 18, 2014 12:44 PM<br>
<b>To:</b> Felipe Polo-Wood<br>
<b>Cc:</b> mitreid-connect@mit.edu<br>
<b>Subject:</b> Re: [mitreid-connect] Unable to get authorize to work on 1.1.12<br>
</font><br>
</div>
<div></div>
<div>If you're deploying with Tomcat, then 'catalina.out' should contain the application logs for the server. You can also overlay the log4j.xml configuration file and crank things up, but without even basic logs it's hard to say for sure what's going on or
what direction to look in.
<div><br>
</div>
<div> -- Justin</div>
<div><br>
<div>
<div>On Dec 18, 2014, at 12:10 PM, Felipe Polo-Wood <<a href="mailto:felipe.polowood@duke.edu" target="_blank">felipe.polowood@duke.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite"><style type="text/css" style="">
<!--
p
{margin-top:0px;
margin-bottom:0px}
-->
</style>
<div dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt; background-color:rgb(255,255,255); font-family:Inconsolata">
<p>Is there a specific log that could give us more clues?<br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager<br>
Clinical Applications Technical Services</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
<div dir="ltr" style="color:rgb(33,33,33)">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b>
<a href="mailto:mitreid-connect-bounces@mit.edu" target="_blank">mitreid-connect-bounces@mit.edu</a> <<a href="mailto:mitreid-connect-bounces@mit.edu" target="_blank">mitreid-connect-bounces@mit.edu</a>> on behalf of Felipe Polo-Wood <<a href="mailto:felipe.polowood@duke.edu" target="_blank">felipe.polowood@duke.edu</a>><br>
<b>Sent:</b> Thursday, December 18, 2014 11:35 AM<br>
<b>To:</b> Richer, Justin P.<br>
<b>Cc:</b> <a href="mailto:mitreid-connect@mit.edu" target="_blank">mitreid-connect@mit.edu</a><br>
<b>Subject:</b> Re: [mitreid-connect] Unable to get authorize to work on 1.1.12</font>
<div> </div>
</div>
<div>
<div id="divtagdefaultwrapper" style="font-size:12pt; background-color:rgb(255,255,255); font-family:Inconsolata">
<p>LDAP appears to be functioning, since I end up in the management page and am able to manage the site by adding the client and editing it, but it never sends me the redirection with the code. <br>
</p>
<p>All our initial tests were done with an actual app that works on other environments (SMART enabled), but for this simple test I have used a plain browser in both cases.<br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager<br>
Clinical Applications Technical Services</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
<div style="word-wrap:break-word">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> Richer, Justin P. <<a href="mailto:jricher@mitre.org" target="_blank">jricher@mitre.org</a>><br>
<b>Sent:</b> Thursday, December 18, 2014 11:30 AM<br>
<b>To:</b> Felipe Polo-Wood<br>
<b>Cc:</b> <a href="mailto:mitreid-connect@mit.edu" target="_blank">mitreid-connect@mit.edu</a><br>
<b>Subject:</b> Re: [mitreid-connect] Unable to get authorize to work on 1.1.12</font>
<div> </div>
</div>
<div>There shouldn't be any additional requirements, and in fact 1.1.12 should work significantly better out of the box compared to 1.1.3, which had several large known issues. Are you able to log into the server directly, without using the authorization page?
It sounds like there could be something going on with your LDAP connection that's preventing it from completing the transaction. Is there anything in your server logs that could indicate a crash or problem on the server?
<div><br>
</div>
<div>Also, which client software are you using? I'm assuming it's the same for both cases.<br>
<div><br>
</div>
<div> -- Justin</div>
<div><br>
<div>
<div>On Dec 18, 2014, at 11:13 AM, Felipe Polo-Wood <<a href="mailto:felipe.polowood@duke.edu" target="_blank">felipe.polowood@duke.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite"><style type="text/css" style="">
<!--
p
{margin-top:0px;
margin-bottom:0px}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
-->
</style>
<div dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt; background-color:rgb(255,255,255); font-family:Inconsolata">
<div><br class="webkit-block-placeholder">
</div>
<p class="p1"><span class="s1">We were having problems with 1.1.3 and it was suggested to upgrade to 1.1.12. We haven't had much success, so I decided to run some tests in a very clean scenario with as little change as possible. So, here it is:</span></p>
<p class="p1"><span class="s1"><br>
</span></p>
<p class="p1"><span class="s1">I took a vainilla 1.1.3 and made one simple change to the sample client: add
<a href="http://www.duke.edu/" id="lnk147249" target="_blank">http://www.duke.edu</a> as a redirect. I then whitelisted the client.</span></p>
<p class="p1"><span style="font-size:12pt">When calling </span><span style="font-size:12pt"><a href="http://xxx/ldap-openid-connect-server-113/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code" id="lnk507984" target="_blank">http://xxx/ldap-openid-connect-server-113/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code</a> </span><span style="font-size:12pt">it </span><span style="font-size:12pt">prompts
me f</span><span style="font-size:12pt">or credentials and then redirects me to </span>
<a href="http://www.duke.edu/?code=xxxxxxx" id="lnk660789" target="_blank" style="font-size:12pt">http://www.duke.edu/?code=xxxxxxx</a><span style="font-size:12pt"> </span></p>
<p class="p1"><span class="s1"></span><span style="font-size:12pt">Subsequent ac</span><span style="font-size:12pt">cess sends me directly w/o prompting for credentials.</span></p>
<p class="p1"><span style="font-size:12pt">On the management page it shows "</span><span style="font-size:12pt">There have been 1 user of this system who have logged in to 1 total site, for a total of 1 site approval" </span><span style="font-size:12pt">and
the client shows up </span><span style="font-size:12pt">in the “Manage Approved Sites” page.</span></p>
<p class="p2"><span class="s1"></span><br>
</p>
<p class="p1"><span class="s1">When trying to repeat that simple scenario in 1.1.12... added the redirect and whitelisted the client.</span></p>
<p class="p1"><span class="s1"></span><span style="font-size:12pt"><a href="http://vml-catstools2:8080/ldap-openid-connect-server/authorize?client_id=client&redirect_uri=theclient://callback&scope=openid%20profile&response_type=code" id="lnk509122" target="_blank">http://xxx/ldap-openid-connect-server/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code</a>
it </span><span style="font-size:12pt">prompts me for credentials every time and after the credentials it redirects me to the
<a href="http://xxx/ldap-openid-" target="_blank">http://xxx/ldap-openid-</a></span><span style="font-size:12pt">connect-server management page, where it displays "</span><span style="font-size:12pt">There hav</span><span style="font-size:12pt">e been 0 users of
this system who have authorized 0 applications, with a total of 0 site approvals" and the client never shows up in the "Manage Approved Sites" page.<br>
</span></p>
<p class="p1"><span style="font-size:12pt"><br>
</span></p>
<p class="p1">Was there some change that requires some extra step or configuration for this simple scenario to work on 1.1.12?<br>
</p>
<p class="p1"><br>
</p>
<p class="p1">Thanks,<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager<br>
Clinical Applications Technical Services</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
mitreid-connect mailing list<br>
<a href="mailto:mitreid-connect@mit.edu" target="_blank">mitreid-connect@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" target="_blank">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>