Sending Request from host my host machine to a virtual machine

[Uzair-Arif]

Hey I have setup the simple-web-app client on my host machine and Openid-connect server is on the virtual machine. i want to send request from host to virtual machine. how can i do that? as i am not wrong .. i need to make some changes in server.xml.. so what are those changes.?

[jricher]

In order to get simple-web-app to connect to a server on a different machine, you need to configure its servlet.xml file as described in the documentation: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration

The changes that you need to make depend on how you want the client to talk to the server. Do you want to do discovery or set things up statically? Do you want to dynamically register (and set up a registered client store) or do you want to statically register the client and configure it that way? Do you want to do signed requests or "traditional" URL query requests? All the options should be there.

[Uzair-Arif]

I just want my simple web app to work as independently now because previously i set the simple web app and openid connect server in the same tomcat server in a virtual machine but now i want them to work independently on different servers therefore i installed tomcat on my host machine and configured simple web app into it. so it is running indepently and openid connect server on the vmware is separately running.. now next task is just to talk to the openid connect server from client but this time the request goes from a separate machine and tomcat server.. and i just want the solution for that any of the easiest configuration would work for now...

[jricher]

The software can already handle what you're describing, please read the documentation. Just configure the URLs and registrations to connect the two. The client needs to know about the server's issuer URL and configuration, and the server needs to have the client registered and give the client a client_id and client_secret. Once those are all configured on both sides this will work just fine.

[Uzair-Arif]

i have replaced the "localhost" to the static ip of vm under static client configuration in the following tag

http://localhost:8080/simple-web-app/openid_connect_login

and given the new url that results after the changing in above... but it dies not work it gves error 404 not found with a long page of errors

[Uzair-Arif]

Do i need to provide any changes in the server too?

[jricher]

Yes, you need to change the server's issuer field as described in the server configuration documentation here: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Server-configuration

[Uzair-Arif]

i have done that too and sent the request on the new url but its giving 404 not found..?

[Uzair-Arif]

i have done this in both server config.xml.. and client servlet.xml but its not working http://172.20.63.245:8080/openid-connect-server/

[jricher]

If you're getting a 404, there's something wrong with your deployed servlet. Unfortunately, I can't help with your local deployment from here, as it could be any number of things. But one test you can do for the server is to make sure you can reach the homepage, log in with one of your user accounts, and reach the discovery URL for it. Based on your URL above, the discovery URL should be at http://172.20.63.245:8080/openid-connect-server/.well-known/openid-configuration and you need to make sure that the URLs listed in the JSON object there are valid and match your expected server configuration.

[Uzair-Arif]

i got this when did discovery url.. {"introspection_endpoint":"http://172.20.63.245:8080/openid-connect-server/introspect","request_parameter_supported":true,"service_documentation":"http://172.20.63.245:8080/openid-connect-server/about","response_types_supported":["code","token","id_token","id_token token"],"registration_endpoint":"http://172.20.63.245:8080/openid-connect-server/register","token_endpoint":"http://172.20.63.245:8080/openid-connect-server/token","claim_types_supported":["normal"],"request_object_signing_alg_values_supported":["RS384","RS512","RS256"],"grant_types_supported":["authorization_code","implicit","urn:ietf:params:oauth:grant-type:jwt-bearer","client_credentials","urn:ietf:params:oauth:grant_type:redelegate"],"scopes_supported":["openid","profile","email","address","phone","offline_access"],"request_uri_parameter_supported":false,"userinfo_endpoint":"http://172.20.63.245:8080/openid-connect-server/userinfo","token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","private_key_jwt","none"],"op_tos_uri":"http://172.20.63.245:8080/openid-connect-server/about","subject_types_supported":["public"],"issuer":"http://172.20.63.245:8080/openid-connect-server/","claims_parameter_supported":false,"jwks_uri":"http://172.20.63.245:8080/openid-connect-server/jwk","op_policy_uri":"http://172.20.63.245:8080/openid-connect-server/about","claims_supported":["sub","name","preferred_username","given_name","family_name","middle_name","nickname","profile","picture","website","gender","zone_info","locale","updated_time","birthdate","email","email_verified","phone_number","address"],"id_token_signing_alg_values_supported":["RS384","RS512","RS256"],"authorization_endpoint":"http://172.20.63.245:8080/openid-connect-server/authorize","require_request_uri_registration":false}

[jricher]

That looks right to me, I don't know what else in your configuration is wrong. I can tell you that the software does work across servers (as you ask in your original question above), and we run it that way all the time. All I can say now is check your configurations to make sure your URLs, client IDs, and everything else are matching up.

[Uzair-Arif]

i am able to talk to the server now..

[jricher]

That's great! What did you need to change?

[Uzair-Arif]

but when i enter username and password and after that click on authorize i i get a new dialouge box from the web browser which asks for a usernae a password why that? and if a enter something it doesnot recognize me.. and hence does not pass the authorization? what is that?

[Uzair-Arif]

this is what(that white message box asking for username and password) i get when i click on authorize.. what is that? how to tackle with that?

[Uzair-Arif]

and as i am not able to provide it anything it says unauthorized

[jricher]

You're somehow setting up your "localhost:8080" to require HTTP Basic authentication.

[Uzair-Arif]

sorry? i dont get it? what are you trying to say?

[Uzair-Arif]

what do you mean by that?

[jricher]

I mean whatever you're running on localhost:8080 is set up to require HTTP Basic authentication, which is the source of the dialog box you're seeing. From your descriptions, it's probably something in your configuration of tomcat. Do you have an app running on that server named "XDB"? Because that's what's claiming to prompt you.

[Uzair-Arif]

yes to resolve that i had to change the port 8080 on the server side but after that the same previous problem occurs of not contacting the server from home machine with an error of 404 not found.. even though i made the changes about the port in the client side too..

[Uzair-Arif]

when i click the submit button after giving the url of the server in simple web app i get this error page..

[jricher]

It looks like you changed the port but didn't change the URL that you're using? The port is required to match in the URL.

[Uzair-Arif]

i changed everything in both server and client.. the issuer URL in the server.. and client are the same.. i checked everything