Greetings. Trying to get Odoo12 (running on Ubuntu 18.04) to work with Gluu 4.1 as Identity Provider.
This is freshly installed setup (not yet production, though trying to get it ready to be so).
Anyone have any ideas where the mismatch might be happening?
Anyone here ever setup any version of Odoo with Gluu on the backend?
For
some reason I'm getting an error of invalid client from Odoo side,
without additional information. While as far as I can tell the Gluu side
is providing "Success" response for authentication.
https://e.rpgresearch.com/web/login
Click the button below the Odoo login: RpgResearchOdooGluuOauth.
Which shows this link:
https://au.rpgresearch.com/oxauth/restv1/authorize?response_type=token&client_id=e2c14ce1-f76a-4008-a83e-3a95a15dd82a&redirect_uri=https%3A%2F%2Fe.rpgresearch.com%2Fauth_oauth%2Fsignin&scope=False&state={%22d%22%3A+%22odoo12%22%2C+%22p%22%3A+4%2C+%22r%22%3A+%22https%253A%252F%252Fe.rpgresearch.com%252Fweb%22}
But just get error page: "Access Denied" https://e.rpgresearch.com/web/login?oauth_error=2
Log output: /var/log/odoo12/odoo.log
2020-06-03
20:45:28,644 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020
20:45:28] "GET /auth_oauth/signin HTTP/1.0" 200 - 0 0.000 0.003
2020-06-03 20:45:28,769 746 ERROR odoo12 odoo.addons.auth_oauth.controllers.main: OAuth2: invalid_client
Traceback (most recent call last):
File "/opt/odoo/odoo12/odoo/addons/auth_oauth/controllers/main.py", line 133, in signin
credentials = env['res.users'].sudo().auth_oauth(provider, kw)
File "/opt/odoo/odoo12/odoo/addons/auth_oauth/models/res_users.py", line 96, in auth_oauth
validation = self._auth_oauth_validate(provider, access_token)
File "/opt/odoo/odoo12/odoo/addons/auth_oauth/models/res_users.py", line 36, in _auth_oauth_validate
raise Exception(validation['error'])
Exception: invalid_client
2020-06-03
20:45:28,771 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020
20:45:28] "GET
/auth_oauth/signin?error_description=The+request+is+missing+a+required+parameter%2C+includes+an+unsupported+parameter+or+parameter+value%2C+or+is+otherwise+malformed.&state={%22d%22%3A+%22odoo12%22%2C+%22p%22%3A+4%2C+%22r%22%3A+%22https%3A%2F%2Fe.rpgresearch.com%2Fweb%22}&error=invalid_request
HTTP/1.0" 303 - 4 0.002 0.095
2020-06-03 20:45:28,904 746 INFO
odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020 20:45:28] "GET
/web/login?oauth_error=2 HTTP/1.0" 200 - 129 0.043 0.081
2020-06-03
20:45:29,081 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020
20:45:29] "POST /website/translations HTTP/1.0" 200 - 14 0.011 0.018
On the gluu server's Apache server log (chroot'd enviro): /var/log/apache2/other_vhosts_access.log
au.rpgresearch.com:443
96.79.202.21 - - [03/Jun/2020:15:04:47 -0700] "GET
/oxauth/restv1/authorize?response_type=token&client_id=e2c14ce1-f76a-4008-a83e-3a95a15dd82a&redirect_uri=https%3A%2F%2Fe.rpgresearch.com%2Fauth_oauth%2Fsignin&scope=openid&state={%22d%22%3A+%22odoo12%22%2C+%22p%22%3A+4%2C+%22r%22%3A+%22https%253A%252F%252Fe.rpgresearch.com%252Fweb%22}
HTTP/1.1" 302 3904 "-" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61
Safari/537.36"
au.rpgresearch.com:443 96.79.202.18 - -
[03/Jun/2020:15:04:47 -0700] "GET /oxauth/restv1/token HTTP/1.1" 401
4266 "-" "python-requests/2.20.0"
Output from gluu shows: "Successful": /opt/opendj/logs/ tail -f * | grep e2c14ce1-f76a-4008-a83e-3a95a15dd82a
[03/Jun/2020:22:18:54
+0000] SEARCH REQ conn=210 op=8 msgID=9
base="inum=e2c14ce1-f76a-4008-a83e-3a95a15dd82a,ou=clients,o=gluu"
scope=base filter="(objectClass=*)" attrs="ALL"
{"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":50296},"server":{"ip":"127.0.0.1","port":1636},"request":{"protocol":"LDAPS","operation":"SEARCH","connId":210,"msgId":9,"dn":"inum=e2c14ce1-f76a-4008-a83e-3a95a15dd82a,ou=clients,o=gluu","scope":"base","filter":"(objectClass=*)","attrs":["ALL"]},"transactionId":"0","response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-06-03T22:18:54.711Z","_id":"a9b04644-00da-4625-8a36-d09e3e093b93-11819"}
Any ideas what might be off that is leading Odoo to generate that "Wrong client" error?
Odoo Oauth config values:
Odoo Menu > Settings > General Settings > Ingegrations >OAuth Authentication > OAuth Providers>
• Provider Name: RPG Research Gluu 4.1
• CLient ID: e2c14ce1-f76a-4008-a83e-3a95a15dd82a
• Allowed: Checked
• Body: RpgResearchOdooGluuOauth
• Authentication URL: https://au.rpgresearch.com/oxauth/restv1/authorize
• Scope: <blank> (also tried openid, or email, no difference in error message).
• Validation URL: https://au.rpgresearch.com/oxauth/restv1/token
• Data URL: https://au.rpgresearch.com/oxauth/restv1/userinfo
Gluu OpenID config values:
• Client ID: e2c14ce1-f76a-4008-a83e-3a95a15dd82a
Client secret: ***************
• Client Name: RpgResearchOdooGluuOauth
• Client Description: OAuth Client for RPG Research Odoo + Gluu
• Redirect Login URI:
• https://e.rpgresearch.com/auth_oauth/signin
• Scopes <blank > (also tried with just openid, or email, with no difference in error)
• Application Type: Web
• Subject Type: pairwise
• Authentication method: client_secret_basic
• Grant Type: authorization_code
Anyone have any ideas where the mismatch might be?
Anyone here ever connected any version of Odoo to Gluu?
Thanks for any suggestions!
This is a real show-stopper. Can some one please provide some suggestions of things to try to help point in the right direction to trying to get this working? Thanks!