Hi I would like to use ADFS’s openID connection method.
I followed the configuration guidance for setting up OpenID.
I created an google openID account, an Auth0 account, as well as an ADFS account.
When I connect to the site I get redirected to the identity provides’ login screen. After I log in it tries to redirect to the callback URL (http://<FQDN>/login/oauth2/code/shinyproxy
) but eventually fails. Here are the provider specific openid sections, and below is the full config.
on google and auth0:
google config:
openid:
auth-url: https://accounts.google.com/o/oauth2/auth
token-url: https://www.googleapis.com/oauth2/v3/token
jwks-url: https://www.googleapis.com/oauth2/v1/certs
client-id: xxx
client-secret: xxx
auth0 config:
openid:
auth-url: https://test-dstore1.eu.auth0.com/authorize
token-url: https://test-dstore1.eu.auth0.com/oauth/token
jwks-url: https://test-dstore1.eu.auth0.com/.well-known/jwks.json
client-id: xxx
client-secret: xxx
2018-09-25 18:03:10.427 ERROR 7500 --- [ XNIO-2 task-4] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy
java.lang.StackOverflowError: null
at java.lang.StringCoding$StringDecoder.decode(StringCoding.java:153) ~[na:1.8.0_171]
at java.lang.StringCoding.decode(StringCoding.java:193) ~[na:1.8.0_171]
at java.lang.String.<init>(String.java:426) ~[na:1.8.0_171]
at java.lang.String.<init>(String.java:491) ~[na:1.8.0_171]
at java.net.SocketOutputStream.socketWrite0(Native Method) ~[na:1.8.0_171]
on ADFS:
config:
openid:
auth-url: https://URL/adfs/oauth2/authorize
token-url: https://URL/adfs/oauth2/token
jwks-url: https://URL/adfs/discovery/keys
client-id: xxx
client-secret: xxx
2018-09-19 16:42:31.413 ERROR 7445 --- [ XNIO-2 task-7] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy
java.lang.StackOverflowError: null
at java.lang.Exception.<init>(Exception.java:102) ~[na:1.8.0_171]
at java.lang.ReflectiveOperationException.<init>(ReflectiveOperationException.java:89) ~[na:1.8.0_171]
at java.lang.reflect.InvocationTargetException.<init>(InvocationTargetException.java:72) ~[na:1.8.0_171]
at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_171]
...
2018-09-19 16:42:33.652 ERROR 7445 --- [ XNIO-2 task-10] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy
java.lang.IllegalArgumentException: Missing attribute 'email' in attributes
at org.springframework.security.oauth2.core.user.DefaultOAuth2User.<init>(DefaultOAuth2User.java:67) ~[spring-security-oauth2-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.<init>(DefaultOidcUser.java:89) ~[spring-security-oauth2-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at
With the full config:
proxy:
title: Open Analytics Shiny Proxy
logo-url: http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
authentication: openid
#admin-groups: scientists
openid:
[provider dependent]
# Docker configuration
docker:
url: http://localhost:2375
port-range-start: 20000
support:
container-log-path: ./container-logs
specs:
- id: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
container-image: openanalytics/shinyproxy-demo
#access-groups: [scientists, mathematicians]
- id: 06_tabsets
container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
container-image: openanalytics/shinyproxy-demo
#access-groups: scientists
logging:
file:
shinyproxy.log
I am using the latest master version from github (2.0.4)