[mitreid-connect] Unable to get authorize to work on 1.1.12

Richer, Justin P. jricher at mitre.org
Thu Dec 18 11:30:14 EST 2014

There shouldn't be any additional requirements, and in fact 1.1.12 should work significantly better out of the box compared to 1.1.3, which had several large known issues. Are you able to log into the server directly, without using the authorization page? It sounds like there could be something going on with your LDAP connection that's preventing it from completing the transaction. Is there anything in your server logs that could indicate a crash or problem on the server?

Also, which client software are you using? I'm assuming it's the same for both cases.

 -- Justin

On Dec 18, 2014, at 11:13 AM, Felipe Polo-Wood <felipe.polowood at duke.edu<mailto:felipe.polowood at duke.edu>> wrote:

We were having problems with 1.1.3 and it was suggested to upgrade to 1.1.12.  We haven't had much success, so I decided to run some tests in a very clean scenario with as little change as possible.  So, here it is:

I took a vainilla 1.1.3 and made one simple change to the sample client: add http://www.duke.edu<http://www.duke.edu/> as a redirect.  I then whitelisted the client.

When calling http://xxx/ldap-openid-connect-server-113/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code it prompts me for credentials and then redirects me to http://www.duke.edu/?code=xxxxxxx​

Subsequent access sends me directly w/o prompting for credentials.

On the management page it shows "There have been 1 user of this system who have logged in to 1 total site, for a total of 1 site approval" and the client shows up in the “Manage Approved Sites” page.

When trying to repeat that simple scenario in 1.1.12... added the redirect and whitelisted the client.

http://xxx/ldap-openid-connect-server/authorize?client_id=client&redirect_uri=http://www.duke.edu&scope=openid%20profile&response_type=code<http://vml-catstools2:8080/ldap-openid-connect-server/authorize?client_id=client&redirect_uri=theclient://callback&scope=openid%20profile&response_type=code> it prompts me for credentials every time and after the credentials it redirects me to the http://xxx/ldap-openid-connect-server management page, where it displays "There have been 0 users of this system who have authorized 0 applications, with a total of 0 site approvals" and the client never shows up in the "Manage Approved Sites" page.

Was there some change that requires some extra step or configuration for this simple scenario to work on 1.1.12?


Felipe Polo-Wood
Sr. Manager
Clinical Applications Technical Services
Office: +1.919.668.2268
Mobile: +1.919.741.4213
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20141218/990889c1/attachment.htm

More information about the mitreid-connect mailing list