nynymike commented on Jan 26

We get a lot of questions about CORS support. It's supported, but unclearly documented.

GluuFederation/oxAuth#458 (comment)

nynymike added the enhancement label on Jan 26

Re-creating from old repo, since old repos are removed***

It was:

• authnRequestBinding - If set to "HTTP-POST", then authentication request sent to entryPoint will use POST HTTP method (SAML's HTTP POST binding), otherwise defaults to HTTP method (HTTP Redirect binding)

I changed it to:

• authnRequestBinding - "HTTP-POST" for Post binding or "HTTP" for redirect binding.

I'm not sure if that is correct. And what does "default" mean? Does it mean if the value is left blank? Does it mean the authnRequestBinding is omitted entirely?

https://gluu.org/docs/supergluu/3.0.0/developer-guide/

If you scan QR-code at first time and your device UDID doesn't attached to your user then app will do enroll, first need prepare data properties:

Durring registerring app generates an unique keyHandle, keyPair (public/private keys) to sign all data and uses ECC algoritm to encode and data.

Now we need make all information in one byte array. Also need to set one aditional parameter which determines if we decided approve or deny our request:

String resultJsonResponse contains result JSON. From result JSON we can extract some additionl information. Also we can check if enroll/authentication was success or not using this filed - u2fOperationResult.getStatus().

I tried to install gluu 3.1.2 on CentOS 7.3.1611. I had the following two issues:

• Setting of FD limit gave an error (as stated by your documentation). Workaround:
  ulimit -n 262144
  Test of success with:
  [root@ServerSsoAuth01 ~]# ulimit -Hn
262144

• The "Azure" chapter mentions you need to set selinux to "permissive" mode. This was omitted for naked CentOs, which caused the following error on startup of the container:
  /sbin/gluu-serverd-3.1.2 status
  ...
  Mar 19 10:58:03 ServerSsoAuth01.mydomain.test systemd-nspawn[939]: [FAILED] Failed to start LSB: Bring up/down networking.
  ...
  Of course, no connection to the gluu GUI was possible.

Changed the following line to permissive in
/etc/selinux/config

SELINUX=permissive

After a reboot, the gluu GUI was now accessible via https 443

I would suggest to append these two points to the "Preparation before installation" section for CentOS.

mzico commented on Mar 22 2016

Tree view and documentations of LDAP structure in Gluu CE

@mzico mzico self-assigned this on Mar 22 2016

Re-creating from old repo, since old repos are removed***

Hi. On this section of documentation explains how to add a new non supported languages. But on the oxTrust UI we can add non supported language only oxAtuh configuration tab. For oxTrust there is no any option to adding a new non supported language.

mzico commented on Apr 6 2016

See if we can SSO Gitlab with Gluu Server. If possible, then we need to prepare a doc and publish.
Gitlab doc: http://doc.gitlab.com/ee/integration/saml.html

@aveekbu aveekbu was assigned by mzico on Apr 6 2016

@mzico mzico added the enhancement label on Apr 6 2016

@mzico mzico changed the title from [not urgent] gitlab SAML integration with Gluu Server to gitlab SAML integration with Gluu Server on Apr 6 2016

aveekbu commented on Apr 6 2016

I've installed gitlabCE. but later I've found that SAML2.0 authentication with IdP needs gitlabEE Enterprise Edition to be installed along with secure https. But I've got 404 error when trying to reach (http://doc.gitlab.com/ee/install/installation.md#using-https) the docs.

I'll keep an eye on them and trying to figure how to install an EE version instead of a CE version.

@aveekbu Try this. This link is for GitLab CE SAML integration

zamilskhan commented on Aug 5 2016

Any update on this one?

Add your reaction

Edit comment
Delete comment

Nemykal commented on Aug 15 2016

+1 this would be good to have. Gitlab supports some other integrations for auth besides SAML too https://gitlab.com/help/integration/omniauth.md#initial-omniauth-configuration

zamilskhan commented on Aug 16 2016

This is a work in progress. We hope to get this done soon.

@bashou

Add your reaction

Edit comment
Delete comment

bashou commented on Nov 25 2016

Maybe some updates ? (Thanks !)

@mzico mzico self-assigned this on Nov 25 2016

Re-creating from old repo, since old repos are removed***

Hi guys, I've found the following notes in the docs:

Shouldn't they be removed?

/opt/gluu-server-3.0.2/install/community-edition-setup# ./setup.py
File "./setup.py", line 108
self.jreDestinationPath = '/opt/jdk1.8.0_%s' % self.jre_version
^
TabError: inconsistent use of tabs and spaces in indentation

Ubuntu 16.04 AWS

Doc: https://github.com/GluuFederation/docs-ce-prod/blob/3.1.2/3.1.2/source/integration/sswebapps/openidc-rp.md

Problem:

• RP server installation started with Deb package ( so.. that's Ubuntu/Debian ): https://github.com/GluuFederation/docs-ce-prod/blob/3.1.2/3.1.2/source/integration/sswebapps/openidc-rp.md#apache-web-server

• mod_auth_openIDC installation is for rpm ( so.. that's CentOS/RHEL ): https://github.com/GluuFederation/docs-ce-prod/blob/3.1.2/3.1.2/source/integration/sswebapps/openidc-rp.md#installation-1

This wiki link should be move to production.

The current production version should be replace as it is not up to date.

Step-1 Followed the Gluu upgrade document till Install the latest version of the Gluu server section .

Step-2 Followed below command to Install Gluu CE 3.1.1
Add Gluu Repository - # echo "deb https://repo.gluu.org/ubuntu/ xenial main" > /etc/apt/sources.list.d/gluu-repo.list

Add Gluu GPG Key - # curl https://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add -

Update/Clean Repo - # apt-get update

Install Gluu Server - # apt-get install gluu-server-3.1.1

During Installation I got this error

OS- Ubuntu Server 16.04.x

In Gluu Doc version 3.0.1 and 3.0.2, under Administration Guide -> Interception Scripts, the hyperlink for "Sample Client Registration Script" (https://gluu.org/docs/ce/3.0.1/admin-guide/sample-client-registration-script) is not available. Currently clicking on that link redirects back to Gluu's homepage.

willow9886 commented on Dec 5 2016 • edited willow9886 edited this issue 5 months ago

We have new logging software for CE Clusters: https://github.com/GluuFederation/message-consumer

We need to update our docs to reflect the new loggin mechanism.

@willow9886 willow9886 assigned zamilskhan and jschristie on Dec 5 2016

@willow9886 willow9886 added this to the CE 3.0 milestone on Dec 5 2016

Re-creating from old repo, since old repos are removed***

It's blank... https://gluu.org/docs/ce/3.1.3/reference/JSON-oxauth-prop/

In the document https_gluu.conf location mentioned as /etc/httpd/conf.d/
However no such location available. I found below 2 locations for https_gluu.conf . Please fix the document with correct path.
./etc/apache2/sites-available/https_gluu.conf
./etc/apache2/sites-enabled/https_gluu.conf

nynymike commented on Jul 25 2015

We need an article under http://www.gluu.org/docs/articles/ on how to configure CAS. For example, add custom authentication script, add CAS login url. Also what about enrollment? For example, the person successfully authenticates in CAS, but is not present in the Gluu Server? Is that possible? Or does it require the users to be already present?

@mzico mzico self-assigned this on Jul 27 2015

Re-creating from old repo, since old repos are removed***

I follow this docs to run oxTrust on eclipse https://gluu.org/docs/ce/3.1.3/developer-guide/oxtrust-eclipse/#import-projects
but these images is too blur and not clear for me to understand what need to be configured.
https://gluu.org/docs/ce/3.1.3/img/developer/oxtrust/deployinjetty.png
https://gluu.org/docs/ce/3.1.3/img/developer/oxtrust/deployinjetty.png

Can anyone please help to take better screenshot and update the documents ?
Thanks

The following are some minor corrections for docs-ce-prod

https://gluu.org/docs/ce/operation/backup/#tarball-method
Typos in tarball method: a. #, b. # (the letter and then the period are unnecesary...)

https://gluu.org/docs/ce/reference/oxldap/
Two words apparently swapped: It says "component's container". Isn't it "container's components"?.
Also there, should there be a period after "Setup Script Options"?.
In the row "certsDir" of the table, it says "Path of the certificates stored". Personally I don't understand the idea conveyed well.

https://gluu.org/docs/ce/api-guide/api/
A typo in "Please se the following"

https://gluu.org/docs/ce/api-guide/scim-api/
In SCIM2.0 section, there are many tables whose description & example columns are empty. It would look nicer if they could remain hidden as information is completed - This is merely an opinion.
Also look the table corresponding to Type: it has no rows at all.

https://gluu.org/docs/ce/api-guide/uma-api/
A typo perhaps in: "manipulate the protect resources", does it mean "protected"?

mzico commented on Mar 3

Need some detail documentation on asimba.xml.
i.e.


3600
60
100

What does this expire, interval and max means?

@mzico mzico self-assigned this on Mar 3

Re-creating from old repo, since old repos are removed***

create documentation for cache provider switching (in-memory, redis, memcached)

Configuration > JSON configuration > 'Cache Provider Configuration'

3.1.3

nynymike commented on Jun 29 2015

Is this a problem in the Swagger --> Markdown generation? I don't see the response and error codes.

https://cloud.githubusercontent.com/assets/3717101/8410259/a3e0c30c-1e42-11e5-8408-699853dc6123.png

@nynymike nynymike changed the title from Missing Response and Error Codes to Missing Response JSON(Response) on Jun 29 2015

@nynymike nynymike changed the title from Missing Response JSON(Response) to Missing JSON(Response) on Jun 29 2015

@qbert2k qbert2k was assigned by nynymike on Jun 29 2015

@yuriyz

Add your reaction

Edit comment
Delete comment
Owner This user is the owner of the docs-2.4.4-old repository.
yuriyz commented on Jun 29 2015

those codes are hidden deeply in our code. Swagger have no idea about it. We should link it, so swagger can pick it up or otherwise write down it directly in annotation (which is bad because it will duplicate what is already in code anyway).

@yuriyz yuriyz assigned yuriyz and unassigned qbert2k on Jul 15 2015

@yuriyz yuriyz added a commit that referenced this issue on Jul 15 2015

@yuriyz docs #21 : added error codes to oic-authorization e998e07

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 15 2015

@yuriyz Authorize WS : added error codes for swagger docs https://github.com/… …

151f49f

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 15 2015

@yuriyz Token WS : added error codes for swagger docs https://github.com/Gluu… …

a6956c3

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 15 2015

@yuriyz Token WS : added error codes for swagger docs https://github.com/Gluu… …

cdedf99

@yuriyz yuriyz added a commit that referenced this issue on Jul 15 2015

@yuriyz docs #21 : added error codes to oic-token f1aec75

@yuriyz

Add your reaction

Edit comment
Delete comment
Owner This user is the owner of the docs-2.4.4-old repository.
yuriyz commented on Jul 15 2015

@nynymike I've checked swagger implementation and according to their implementation it not possible to inline error codes from code. We have to inline it in swagger annotations directly.
https://github.com/swagger-api/swagger-core/wiki/Annotations

I will do following:
1.put error code directly in swagger annotations in oxauth code
2.regenerate markdown
3.update it in docs

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 15 2015

@yuriyz User Info WS : added error codes for swagger docs https://github.com/… …

593a7d3

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 15 2015

@yuriyz Register Client WS : added error codes for swagger docs https://githu… …

8e5d529

@yuriyz yuriyz added a commit that referenced this issue on Jul 15 2015

@yuriyz User Info docs #21 - updated error codes bef3f32

@yuriyz yuriyz added a commit that referenced this issue on Jul 15 2015

@yuriyz Register Client docs #21 - updated error codes 6146519

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 16 2015

@yuriyz End session WS : added error codes for swagger docs https://github.co… …

e6298b9

@yuriyz yuriyz added a commit that referenced this issue on Jul 16 2015

@yuriyz End Session WS docs #21 - updated error codes a918857

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 23 2015

@yuriyz @yurem Authorize WS : added error codes for swagger docs https://github.com/… …

ce1a4cd

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 23 2015

@yuriyz @yurem Token WS : added error codes for swagger docs https://github.com/Gluu… …

78400ce

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 23 2015

@yuriyz @yurem Token WS : added error codes for swagger docs https://github.com/Gluu… …

495a605

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 23 2015

@yuriyz @yurem User Info WS : added error codes for swagger docs https://github.com/… …

890fa44

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 23 2015

@yuriyz @yurem Register Client WS : added error codes for swagger docs https://githu… …

84cfc5d

@yuriyz yuriyz referenced this issue in GluuFederation/oxAuth on Jul 23 2015

@yuriyz @yurem End session WS : added error codes for swagger docs https://github.co… …

Re-creating from old repo, since old repos are removed***

nynymike commented on Mar 13

I think OpenID Connect client registration needs it's own documentation page. Customers are getting it wrong a lot.

Many of the parameters correspond directly to OpenID Connect client metatdata

There are a few configuration in the form that are specific to Gluu, like "Pre-Authorization."

Also, it may be worthwhile to have a section for "common config patterns" for
1.implicit clients ( response_type token id_token )
2.web clients ( response_type code )
3.mobile clients ( response_type code )

Also, helpful hints:
1.Use asymmetric crypto and no encryption when you pass the id_token to backend API's.
2.Use public identifiers (not pairwise) for trusted internal clients.

But we should review the support forums and find other common client config mistakes (especially specifying wrong response_types).

@nynymike nynymike added the enhancement label on Mar 13

@jschristie jschristie was assigned by nynymike on Mar 13

@willow9886

Add your reaction

Edit comment
Delete comment
Owner This user is the owner of the docs-3.0.1 repository.
willow9886 commented on Apr 4

@jschristie let's prioritize this... it's important that our openid connect functionality is properly documented.

Re-creating from old repo, since old repos are removed*********

With an upgrade from 3.1.1 to 3.1.2 fresh in my head, I wanted to provide some comments for the document.

Branch 3.1.2
docs-ce-prod
File: 3.1.2/source/upgrade/index.md

line 68:
$WAR_URL - is this needed here? If so, perhaps some more inline documentation about it?

line 90:
service solserver stop (was: Service)

line 98:
# wget ... (add a space after prompt for consistency)
Should we 'chown ldap:ldap gluu.schema'?

line 105:
If we are not being guided to replace 'custom.schema', is this sort of general warning?
If keeping this, consider saying '... changes done to custom.schema' (dropping 'and').

line 109:
So if upgrading from 3.1.1 to 3.1.2, are we essentially done here? It's not explicit whether we are done, or if we need to upgrade more.

I don't see anywhere how to create a ticket.
@mzico said to create a ticket about #24 (comment)
Can someone please explain what that means?

oxAuth supports Passing Request Parameters as JWTs, signed and encrypted, by value or by request URI.

The documentation should be added to:
https://gluu.org/docs/ce/3.0.1/api-guide/openid-connect-api/

Please check: http://openid.net/specs/openid-connect-core-1_0.html#JWTRequests

InCommon metadata is very large, causing the JVM to crash when you try to "trust it". We need to add a note to the docs that when you create a TR with InCommon (or other large federation), you need to increase the JVM size of oxTrust.

for some reason the JSON Configuration is not working. All 4 tabs are showing empty.

Any idea what approach to use to find the root cause of this?

https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/deployinjetty.png
https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/vmarguments.png
https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/jettyverchng.png
https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/configurationlistener.png

These are being compressed for size and lossy, sampling compression. The combination prevents it from being legible.

In the update documentation (https://gluu.org/docs/ce/2.4.4/upgrade/updating/) it should be mentioned that you need to enablethe gluu repos.

On the installation page one of the last steps is to disable the repos (https://gluu.org/docs/ce/installation-guide/install/#5-disable-gluu-repositories)..

gluu.jpg is an image of a complex shape. It should not be sample compressed.

Tomcat is still being mentioned here:

https://gluu.org/docs/ce/authn-guide/customauthn/
https://gluu.org/docs/ce/integration/saml-sp/
https://gluu.org/docs/ce/operation/faq/
https://gluu.org/docs/ce/installation-guide/setup_py/

almost sure it should be changed to "Jetty"

Following pages have Broken links in Gluu Server 3.1.2 document

Interception Scripts
https://www.gluu.org/docs/ce/3.1.2/admin-guide/user-management/#ldap-synchronization
https://www.gluu.org/docs/ce/3.1.2/authn-guide/intro.md/
Introduction(User Authentication)
https://gluu.org/docs/ce/3.1.2/admin-guide/openid-connect.md/#authentication

Duo Security
https://www.gluu.org/docs/ce/3.1.2/authn-guide/DuoExternalAuthenticator.py
Custom Script Tutorial
https://www.gluu.org/docs/reference/interception-scripts/#authentication
https://www.gluu.org/docs/ce/3.1.2/operation/faq.md/#revert-an-authentication-method
Open ID Connect Provider
https://www.gluu.org/docs/ce/3.1.2/ce/authn-guide/passport.md/
https://www.gluu.org/docs/ce/3.1.2/ce/authn-guide/basic.md/
https://www.gluu.org/docs/ce/3.1.2/authn-guide/intro.md/#configuring-account-lockout
OXD Oauth 2.0
https://gluu.org/docs/oxd/protocol/
Apache mod_auth_openidc
https://www.gluu.org/docs/ce/3.1.2/integration/integration/OpenIdConnectDiscoveryAction.java

Google Apps
https://www.gluu.org/docs/ce/3.1.2/integration/saas/admin.google.com
SalesForce
https://www.gluu.org/docs/admin-guide/configuration/#attributes
Upgrades
https://www.gluu.org/docs/ce/3.1.2/upgrade/manual-update.md
FAQ
https://www.gluu.org/docs/ce/3.1.2/operation/upgrade/update-war.md

Localization

https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_de.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_en.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_bg.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_es.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_it.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_fr.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_ru.properties
https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/resources/messages_tr.properties

I'm using Gluu server as SAML IDP.
As you know, SAML in Gluu server doesn't support Single Logout so I'm using frontchannel logout feature of OpenID Connect.
When I use 'https:///idp/logout.jsp' to logout, it works well. It make me logout from both Gluu server and federated 3rd-party.
But when I try to logout with 'https:///identity/logout' which is in Gluu server itself for logout, it doesn't work with federated site, only with Gluu server itself.
It is normal behavior because of I'm using SAML not OpenID Connect, please consider that make it works with SAML too.

Please refer to the screenshot and fix the problem with the partly obscured dropdown menu :)

At https://gluu.org/docs/ce/developer-guide/oxtrust-eclipse/ it says "Download Silver Edition from: https://downloads.symas.com/SDLPWeb"
Maybe there is a way to take users more directly to download links

Fix the wording here. Also the instructions don't seem to be correct. I had to right click on oxtrust-server and then Maven > Update Project then put a check beside oxtrust > oxtrust-server and I'm still not even sure if that's correct. I can't find "oxtrust > server project".

https://github.com/GluuFederation/docs-ce-prod/blob/3.1.0/3.1.0/source/developer-guide/oxtrust-eclipse.md

This is what it currently says. It has spelling mistakes and grammatical errors.

In order for jetty to correcty serve those styles close the oxtrust-static
project in eclipse and by updating the project under Maven > Update Project on oxtrust > server project. **

In this page: https://github.com/GluuFederation/docs-ce-prod/tree/3.1.2/3.1.2/source/authn-guide/inbound-saml-passport.md

If only one external SAML IDP needs to be supported ... consider following the SAML interception script instructions.

Checking the instructions and .py, this is clearly a script for use with asimba

But in the note just below it, the message conveyed is like Asimba should not be used more

...sounds like contradiction

Hi. In this link explains Resource object. Problem is Resource object has not description field. It must be display_name. I am using gluu server 3.1.0. When I set description system through error

attribute 'description' not allowed

But if I set display_name everything is ok

Right now we have a hotchpotch doc on mod_auth_openidc ( https://gluu.org/docs/ce/3.1.3/integration/sswebapps/openidc-rp/ ).

Problems:

• CentOS and Ubuntu based configuration is mixed up; no separation.
• It doesn't work with 3.1.3

I think we should just publish one doc based on Ubuntu / CentOS instead of what we have right now.
Here is a cleaner version for Ubuntu 14.04 + mod_auth_openIDC + Gluu Server 3.1.3: https://github.com/GluuFederation/support-docs/blob/master/howto/mod_auth_openidc/ubuntu.md

Take a look here: https://www.gluu.org/resources/documents/standards/uma/

The link associated to "read our UMA documentation" is pointing to kantara. It should be pointing to gluu. The very same link (kantara) is already used two paragraphs above.

We should install this extension in order to improve how lists are picked up from Github to Mkdocs.

https://github.com/radude/mdx_truly_sane_lists

'csync2' installation and configuration is blank in: https://gluu.org/docs/ce/3.1.2/installation-guide/cluster/#2-enable-replication .. just one line... Next we should install csync2 for file system replication.

We should elaborate it.

On this page: https://gluu.org/docs/ce/3.0.2/developer-guide/oxtrust-eclipse/

Some images are too small to be legible.

https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/deployinjetty.png
https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/vmarguments.png
https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/jettyverchng.png
https://gluu.org/docs/ce/3.0.2/img/developer/oxtrust/configurationlistener.png

Please check docs for 3.1.1 as well.

This is our first step of combining two custom authN script. I think we can put it there in our public doc for users to see how such scenario works and how it's possible to 'combine' two scripts together.

In this situation we combined CAS2 script + Duo script and generated a combined script which allowing users to:

• 1st authentication with organizational remote CAS2 server
• 2nd phase of authentication with organization's Gluu Server's Duo

Here is the doc: https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/cas2_duo

Doc link: https://gluu.org/docs/ce/3.1.3/operation/backup/#ldif-data-backup

Issues:

• Specified export command can't run if ldap server is in running state. We need to add command which can perform task at runtime
• No commands for import-ldif

• https://gluu.org/docs/ce/3.1.2/
• Found using Chrome Version 65.0.3325.181 (Official Build) (32-bit)
• Windows Version 10.0.14393 Build 14393 (x64)
• No console output
• Looks like this:
  

Currently I have tried to install Gluu in my private server, but I followed the installation guide, all are done by scripts, there are some

If possible to provide step-by-step guide of installation in a hard way? especially, I would like ignore the SSL/HTTPS and ngnix config in the development stage.

I was trying to figure out what Logout Session Required means in the OpenID Connect client form, and I couldn't find it anywhere in the docs. There is no tooltips for this field in oxTrust either. It might be useful to synchronize these.

It would be worthwhile to navigate oxTrust, and for each form, create a corresponding docs page in the reference section that details the purpose of each field of the form.