SP-SAML & Idp-OIDC

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SP-SAML & Idp-OIDC

Isuru Uyanage
Hi All, 

I'm trying to implement scenario 11 in the doc[1]. I followed following steps. 
  • Configured Google as the Service Provider(SAML)
  • Configured LinkedIn as the external Identity Provider(Open ID Connect) - refer the configuration in the attached image -> LinkedInConfig.png
  • Google SP's Authentication Type is set to Federated Authentication - LinkedIn. 
Once I tried to log in to mail.google.com with the relavant email address, it does not redirect me to LinkedIn.Instead, it gives the following error in the Browser. 

{"error_description":"A valid OAuth client could not be found for client_id: 126217798160084","error":"invalid_client"} 

I tried the same scenario by configuring Facebook as the Identity Provider using OIDC. I got the same abouve result. 
Once these are configured through the relevant connectors, they work well. 

Any thoughts on this issue are highly appreciated. 



Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev

linkedInConfig.png (1M) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP-SAML & Idp-OIDC

Farasath Ahamed
Token URL and Authorization URL are not pointing to LinkedIn endpoints. Seems like thats the issue.

Can you change the token and authorization endpoint urls to linkedIn specific values anf retry the scenario?

On Monday, December 11, 2017, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to implement scenario 11 in the doc[1]. I followed following steps. 
  • Configured Google as the Service Provider(SAML)
  • Configured LinkedIn as the external Identity Provider(Open ID Connect) - refer the configuration in the attached image -> LinkedInConfig.png
  • Google SP's Authentication Type is set to Federated Authentication - LinkedIn. 
Once I tried to log in to mail.google.com with the relavant email address, it does not redirect me to LinkedIn.Instead, it gives the following error in the Browser. 

{"error_description":"A valid OAuth client could not be found for client_id: 126217798160084","error":"invalid_client"} 

I tried the same scenario by configuring Facebook as the Identity Provider using OIDC. I got the same abouve result. 
Once these are configured through the relevant connectors, they work well. 

Any thoughts on this issue are highly appreciated. 



Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752





--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619






_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: SP-SAML & Idp-OIDC

Isuru Uyanage
Hi Farasath, 

I followed this doc[1] and it is said that they are the standard OAuth Authorization Endpoint URL  and standard Token Endpoint URL. Is there any specific value that I should change these values to other than the following. 

Authorization Endpoint URL  - https://localhost:9443/oauth2/authorize/


Step 5


Thanks 
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Mon, Dec 11, 2017 at 10:20 PM, Farasath Ahamed <[hidden email]> wrote:
Token URL and Authorization URL are not pointing to LinkedIn endpoints. Seems like thats the issue.

Can you change the token and authorization endpoint urls to linkedIn specific values anf retry the scenario?


On Monday, December 11, 2017, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to implement scenario 11 in the doc[1]. I followed following steps. 
  • Configured Google as the Service Provider(SAML)
  • Configured LinkedIn as the external Identity Provider(Open ID Connect) - refer the configuration in the attached image -> LinkedInConfig.png
  • Google SP's Authentication Type is set to Federated Authentication - LinkedIn. 
Once I tried to log in to mail.google.com with the relavant email address, it does not redirect me to LinkedIn.Instead, it gives the following error in the Browser. 

{"error_description":"A valid OAuth client could not be found for client_id: 126217798160084","error":"invalid_client"} 

I tried the same scenario by configuring Facebook as the Identity Provider using OIDC. I got the same abouve result. 
Once these are configured through the relevant connectors, they work well. 

Any thoughts on this issue are highly appreciated. 



Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752





--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619







_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: SP-SAML & Idp-OIDC

Isuru Uyanage
Hi Farasath, 
Thank you for the reply. I tried this with Google Authentication pointing to correct Authorization Endpoint URL & Token Endpoint URL using OIDC. Ignore the previous reply.
It worked.


Thanks
Isuru



Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Tue, Dec 12, 2017 at 9:36 AM, Isuru Uyanage <[hidden email]> wrote:
Hi Farasath, 

I followed this doc[1] and it is said that they are the standard OAuth Authorization Endpoint URL  and standard Token Endpoint URL. Is there any specific value that I should change these values to other than the following. 

Authorization Endpoint URL  - https://localhost:9443/oauth2/authorize/


Step 5


Thanks 
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Mon, Dec 11, 2017 at 10:20 PM, Farasath Ahamed <[hidden email]> wrote:
Token URL and Authorization URL are not pointing to LinkedIn endpoints. Seems like thats the issue.

Can you change the token and authorization endpoint urls to linkedIn specific values anf retry the scenario?


On Monday, December 11, 2017, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to implement scenario 11 in the doc[1]. I followed following steps. 
  • Configured Google as the Service Provider(SAML)
  • Configured LinkedIn as the external Identity Provider(Open ID Connect) - refer the configuration in the attached image -> LinkedInConfig.png
  • Google SP's Authentication Type is set to Federated Authentication - LinkedIn. 
Once I tried to log in to mail.google.com with the relavant email address, it does not redirect me to LinkedIn.Instead, it gives the following error in the Browser. 

{"error_description":"A valid OAuth client could not be found for client_id: 126217798160084","error":"invalid_client"} 

I tried the same scenario by configuring Facebook as the Identity Provider using OIDC. I got the same abouve result. 
Once these are configured through the relevant connectors, they work well. 

Any thoughts on this issue are highly appreciated. 



Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752





--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619








_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev