· 7 years ago · Jun 29, 2018, 06:50 PM
118:41:40 06/29/18 Changing Couchbase servive rest_port port to 28091 from file
218:41:40 06/29/18 Restarting Couchbase
318:41:40 06/29/18 Running: /usr/sbin/service stop couchbase-server
418:41:40 06/29/18 Run: /usr/sbin/service stop couchbase-server with result code: 1
518:41:40 06/29/18 Running: /usr/sbin/service start couchbase-server
618:41:40 06/29/18 Run: /usr/sbin/service start couchbase-server with result code: 1
718:41:55 06/29/18 Running: /opt/couchbase/bin/couchbase-cli cluster-init --cluster localhost:28091 --cluster-username admin --cluster-password secret --services data,index,query,fts --cluster-ramsize 4096
818:41:55 06/29/18 ERROR: _ - Total quota (4096MB) exceeds the maximum allowed quota (2745MB) on node 'ns_1@127.0.0.1'
9
1018:41:55 06/29/18 Exporting Couchbase SSL certificate to /etc/certs/couchbase.pem
1118:41:55 06/29/18 Running command: /opt/couchbase/bin/couchbase-cli ssl-manage --cluster localhost:28091 --username admin --password secret --cluster-cert-info > /etc/certs/couchbase.pem
1218:41:56 06/29/18 Running: /opt/jre/bin/keytool -import -trustcacerts -alias u144.gluu.info_couchbase -file /etc/certs/couchbase.pem -keystore /etc/certs/couchbase.pkcs12 -storepass newsecret -noprompt
1318:41:56 06/29/18 keytool error: java.lang.Exception: Input not an X.509 certificate
14
1518:41:56 06/29/18 Running: /opt/couchbase/bin/couchbase-cli bucket-create --cluster localhost:28091 --username admin --password secret --bucket gluu --bucket-type couchbase --bucket-ramsize 1024 --wait
1618:41:56 06/29/18 ERROR: Cluster is not initialized, use cluster-init to initialize the cluster
17
1818:41:56 06/29/18 Running Couchbase index creation for gluu bucket
1918:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/index_gluu.n1ql
2018:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/index_gluu.n1ql
2118:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
22 [0m
23
24
25 Path to history file for the shell : /root/.cbq_history
26CREATE PRIMARY INDEX def_primary on `gluu` USING GSI WITH {"defer_build":true};
27[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
28
29...
30
31
32CREATE INDEX def_oxTicket ON `gluu`(oxTicket) USING GSI WITH {"defer_build":true};
33[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
34
35
36
37CREATE INDEX def_oxAuthCreation ON `gluu`(oxAuthCreation) USING GSI WITH {"defer_build":true};
38[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
39
40
41
42BUILD INDEX ON `gluu` (def_dn,def_objectClass,def_uid,def_cn,def_mail,def_owner,def_member,def_displayName,def_description,def_iname,def_inum,def_uniqueIdentifier,def_oxAuthSessionId,def_oxId,def_oxExternalUid,def_oxRequestId,def_oxAuthClientId,def_oxAuthGrantId,def_oxAuthAuthorizationCode,def_oxAuthTokenCode,def_oxSectorIdentifier,def_oxState,def_oxAuthExpiration,def_oxApplication,def_creationDate,def_oxLastAccessTime,def_oxStartDate,def_oxEndDate,def_oxApplicationType,def_oxMetricType,def_oxDeviceHashCode,def_oxAuthSessionDn,def_oxScriptType,def_gluuStatus,def_oxTicket,def_oxAuthCreation) USING GSI;
43[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
44
45
46
47
4818:41:56 06/29/18 Importing ldif file ./output/base.ldif to Couchebase
4918:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/base.n1ql
5018:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/base.n1ql
5118:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
52 [0m
53
54
55 Path to history file for the shell : /root/.cbq_history
56UPSERT INTO `gluu` (KEY, VALUE) VALUES ("_", {"dn": "o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "TT", "description": "Welcome to oxTrust!", "gluuOrgShortName": "TT", "objectClass": ["top", "gluuOrganization"], "o": "@!7194.95E2.1D42.FF59!0001!6975.2B50", "gluuThemeColor": "166309", "scimAuthMode": "basic", "scimStatus": "disabled", "gluuManagerGroup": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0003!60B7,ou=groups,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "gluuAddPersonCapability": "enabled"});
57[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
58
59
60
61
6218:41:56 06/29/18 Importing ldif file ./output/appliance.ldif to Couchebase
6318:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/appliance.n1ql
6418:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/appliance.n1ql
6518:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
66 [0m
67
68
69 Path to history file for the shell : /root/.cbq_history
70UPSERT INTO `gluu` (KEY, VALUE) VALUES ("appliances_@!7194.95E2.1D42.FF59!0002!E0DF.3C2F", {"gluuVdsCacheRefreshEnabled": "disabled", "oxAuthenticationMode": "auth_ldap_server", "gluuMaxLogSize": "200", "oxLogViewerConfig": "{ \"log_template\":[ { \"value1\":\"oxAuth logs\", \"value2\":\"/opt/gluu/jetty/oxauth/logs/*.log\", \"description\":\"\" }, { \"value1\":\"oxTrust logs\", \"value2\":\"/opt/gluu/jetty/identity/logs/*.log\", \"description\":\"\" } ]}", "gluuScimEnabled": "disabled", "objectClass": ["top", "gluuAppliance"], "gluuManageIdentityPermission": "enabled", "oxTrustStoreConf": "{\"useJreCertificates\":true}", "oxCacheConfiguration": "{\"cacheProviderType\": \"IN_MEMORY\", \"memcachedConfiguration\": {\"servers\":\"localhost:11211\", \"maxOperationQueueLength\":100000, \"bufferSize\":32768, \"defaultPutExpiration\":60, \"connectionFactoryType\": \"DEFAULT\"}, \"inMemoryConfiguration\": {\"defaultPutExpiration\":60}, \"redisConfiguration\":{\"servers\":\"localhost:6379\", \"defaultPutExpiration\": 60}}", "gluuWhitePagesEnabled": "disabled", "gluuFederationHostingEnabled": "disabled", "dn": "inum=@!7194.95E2.1D42.FF59!0002!E0DF.3C2F,ou=appliances,o=gluu", "gluuPassportEnabled": "disabled", "oxTrustCacheRefreshServerIpAddress": "255.255.255.255", "inum": "@!7194.95E2.1D42.FF59!0002!E0DF.3C2F", "oxTrustAuthenticationMode": "auth_ldap_server", "gluuOrgProfileMgt": "disabled", "oxIDPAuthentication": "{\"type\": \"auth\", \"name\": null, \"level\": 0, \"priority\": 1, \"enabled\": true, \"version\": 0, \"config\": \"{\\\"configId\\\": \\\"auth_ldap_server\\\", \\\"servers\\\": [\\\"localhost:1636\\\"], \\\"maxConnections\\\": 1000, \\\"bindDN\\\": \\\"cn=directory manager\\\", \\\"bindPassword\\\": \\\"X5UvQyfWQIM=\\\", \\\"useSSL\\\": \\\"true\\\", \\\"baseDNs\\\": [\\\"o=gluu\\\"], \\\"primaryKey\\\": \\\"uid\\\", \\\"localPrimaryKey\\\": \\\"uid\\\", \\\"useAnonymousBind\\\": false, \\\"enabled\\\": true}\" }"});
71[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
72
73
74
75
7618:41:56 06/29/18 Importing ldif file ./output/attributes.ldif to Couchebase
7718:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/attributes.n1ql
7818:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/attributes.n1ql
7918:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
80 [0m
81
82
83 Path to history file for the shell : /root/.cbq_history
84UPSERT INTO `gluu` (KEY, VALUE) VALUES ("attributes_@!7194.95E2.1D42.FF59!0001!6975.2B50!0005!29DA", {"dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0005!29DA,ou=attributes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "gluuAttributeType": "string", "description": "XRI i-number, persistent non-reassignable identifier", "gluuStatus": "active", "gluuAttributeEditType": "admin", "urn": "urn:gluu:dir:attribute-def:inum", "oxAuthClaimName": "inum", "gluuAttributeOrigin": "gluuPerson", "objectClass": ["top", "gluuAttribute"], "gluuAttributeViewType": ["user", "admin"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0005!29DA", "displayName": "Inum", "gluuAttributeName": "inum"});
85[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
86
87
88...
89
90
91UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scopes_@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!C4F5.F66C", {"oxScriptDn": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!CB5B.3211,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!C4F5.F66C,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "permission", "description": "View your user permission and roles.", "objectClass": ["oxAuthCustomScope", "top"], "oxScopeType": "dynamic", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!C4F5.F66C", "defaultScope": "true"});
92[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
93
94
95
96
9718:41:56 06/29/18 Importing ldif file ./output/clients.ldif to Couchebase
9818:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/clients.n1ql
9918:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/clients.n1ql
10018:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
101 [0m
102
103
104 Path to history file for the shell : /root/.cbq_history
105UPSERT INTO `gluu` (KEY, VALUE) VALUES ("clients_@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!E548.9BCA", {"oxAuthPostLogoutRedirectURI": ["https://u144.gluu.info/identity/authentication/finishlogout"], "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!E548.9BCA,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxAuthResponseType": "code", "oxClaimRedirectURI": "https://u144.gluu.info/oxauth/restv1/uma/gather_claims", "oxAuthTrustedClient": "true", "objectClass": ["oxAuthClient", "top"], "oxPersistClientAuthorizations": "false", "oxAuthLogoutSessionRequired": "true", "oxAuthGrantType": ["authorization_code", "implicit", "refresh_token"], "oxAuthSubjectType": "public", "oxAuthIdTokenSignedResponseAlg": "HS256", "oxAuthClientSecret": "i8Lfnm256Rp0i1FRCvasLg==", "oxAuthScope": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!F0C4,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!10B2,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!764C,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!E548.9BCA", "displayName": "oxTrust Admin GUI", "oxAuthAppType": "web", "oxAuthRedirectURI": ["https://u144.gluu.info/identity/scim/auth", "https://u144.gluu.info/identity/authentication/authcode", "https://u144.gluu.info/identity/authentication/getauthcode", "https://u144.gluu.info/idp/auth-code.jsp", "https://u144.gluu.info/cas/login", "https://u144.gluu.info/oxauth/restv1/uma/gather_claims?authentication=true"], "oxAuthTokenEndpointAuthMethod": "client_secret_basic"});
106[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
107
108
109
110
11118:41:56 06/29/18 Importing ldif file ./output/people.ldif to Couchebase
11218:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/people.n1ql
11318:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/people.n1ql
11418:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
115 [0m
116
117
118 Path to history file for the shell : /root/.cbq_history
119UPSERT INTO `gluu` (KEY, VALUE) VALUES ("people_@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB", {"website": "https://www.gluu.org/", "preferredUsername": "admin", "uid": ["admin"], "objectClass": ["top", "gluuPerson", "gluuCustomPerson"], "middleName": "Admin", "userPassword": "SSHA}BUz671biUqKJ/5PHYS73Dj66ST5xDTdE", "emailVerified": "true", "mail": "admin@u144.gluu.info", "phoneNumberVerified": "true", "profile": "https://www.facebook.com/gluufederation/", "picture": "https://www.gluu.org/wp-content/themes/gluu/images/gl.png", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB", "nickname": "Admin", "telephoneNumber": "555-1212", "c": "US", "displayName": "Default Admin User", "gluuStatus": "active", "gender": "male", "birthdate": "20170907123010.485Z", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB,ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "sn": "User", "memberOf": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0003!60B7,ou=groups,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "givenName": "Admin", "zoneinfo": "America/Los_Angeles"});
120[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
121
122
123
124
12518:41:56 06/29/18 Importing ldif file ./output/groups.ldif to Couchebase
12618:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/groups.n1ql
12718:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/groups.n1ql
12818:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
129 [0m
130
131
132 Path to history file for the shell : /root/.cbq_history
133UPSERT INTO `gluu` (KEY, VALUE) VALUES ("groups_@!7194.95E2.1D42.FF59!0001!6975.2B50!0003!60B7", {"dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0003!60B7,ou=groups,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "Gluu Manager Group", "gluuStatus": "active", "objectClass": ["top", "gluuGroup"], "gluuGroupType": "gluuManagerGroup", "member": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB,ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0003!60B7"});
134[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
135
136
137
138
13918:41:56 06/29/18 Importing ldif file ./static/cache-refresh/o_site.ldif to Couchebase
14018:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/o_site.n1ql
14118:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/o_site.n1ql
14218:41:56 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
143 [0m
144
145
146 Path to history file for the shell : /root/.cbq_history
147
14818:41:56 06/29/18 Importing ldif file ./output/scripts.ldif to Couchebase
14918:41:56 06/29/18 Running Couchbase query from file /tmp/n1ql/scripts.n1ql
15018:41:56 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/scripts.n1ql
15118:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
152 [0m
153
154
155 Path to history file for the shell : /root/.cbq_history
156UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!2124.0CF1", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!2124.0CF1,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "25", "displayName": "cert", "description": "Cert authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "#\n# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom javax.faces.context import FacesContext\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.oxauth.service import UserService, AuthenticationService\nfrom org.xdi.util import StringHelper\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.xdi.oxauth.service import EncryptionService\nfrom java.util import Arrays\nfrom org.xdi.oxauth.cert.fingerprint import FingerprintHelper\nfrom org.xdi.oxauth.cert.validation import GenericCertificateVerifier, PathCertificateVerifier, OCSPCertificateVerifier, CRLCertificateVerifier\nfrom org.xdi.oxauth.cert.validation.model import ValidationStatus\nfrom org.xdi.oxauth.util import CertUtil\nfrom org.xdi.oxauth.service.net import HttpService\nfrom org.apache.http.params import CoreConnectionPNames\n\nimport sys\nimport base64\nimport urllib\n\nimport java\nimport json\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Cert. Initialization\"\n\n if not (configurationAttributes.containsKey(\"chain_cert_file_path\")):\n print \"Cert. Initialization. Property chain_cert_file_path is mandatory\"\n return False\n\n if not (configurationAttributes.containsKey(\"map_user_cert\")):\n print \"Cert. Initialization. Property map_user_cert is mandatory\"\n return False\n\n chain_cert_file_path = configurationAttributes.get(\"chain_cert_file_path\").getValue2()\n\n self.chain_certs = CertUtil.loadX509CertificateFromFile(chain_cert_file_path)\n if self.chain_certs == None:\n print \"Cert. Initialization. Failed to load chain certificates from '%s'\" % chain_cert_file_path\n return False\n\n print \"Cert. Initialization. Loaded '%d' chain certificates\" % self.chain_certs.size()\n \n crl_max_response_size = 5 * 1024 * 1024 # 10Mb\n if configurationAttributes.containsKey(\"crl_max_response_size\"):\n crl_max_response_size = StringHelper.toInteger(configurationAttributes.get(\"crl_max_response_size\").getValue2(), crl_max_response_size)\n print \"Cert. Initialization. CRL max response size is '%d'\" % crl_max_response_size\n\n # Define array to order methods correctly\n self.validator_types = [ 'generic', 'path', 'ocsp', 'crl']\n self.validators = { 'generic' : [GenericCertificateVerifier(), False],\n 'path' : [PathCertificateVerifier(False), False],\n 'ocsp' : [OCSPCertificateVerifier(), False],\n 'crl' : [CRLCertificateVerifier(crl_max_response_size), False] }\n\n for type in self.validator_types:\n validator_param_name = \"use_%s_validator\" % type\n if configurationAttributes.containsKey(validator_param_name):\n validator_status = StringHelper.toBoolean(configurationAttributes.get(validator_param_name).getValue2(), False)\n self.validators[type][1] = validator_status\n\n print \"Cert. Initialization. Validation method '%s' status: '%s'\" % (type, self.validators[type][1])\n\n self.map_user_cert = StringHelper.toBoolean(configurationAttributes.get(\"map_user_cert\").getValue2(), False)\n print \"Cert. Initialization. map_user_cert: '%s'\" % self.map_user_cert\n\n self.enabled_recaptcha = self.initRecaptcha(configurationAttributes)\n print \"Cert. Initialization. enabled_recaptcha: '%s'\" % self.enabled_recaptcha\n\n print \"Cert. Initialized successfully\"\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Cert. Destroy\"\n\n for type in self.validator_types:\n self.validators[type][0].destroy()\n\n print \"Cert. Destroyed successfully\"\n\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n user_name = credentials.getUsername()\n\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n if step == 1:\n print \"Cert. Authenticate for step 1\"\n login_button = ServerUtil.getFirstValue(requestParameters, \"loginForm:loginButton\")\n if StringHelper.isEmpty(login_button):\n print \"Cert. Authenticate for step 1. Form were submitted incorrectly\"\n return False\n if self.enabled_recaptcha:\n print \"Cert. Authenticate for step 1. Validating recaptcha response\"\n recaptcha_response = ServerUtil.getFirstValue(requestParameters, \"g-recaptcha-response\")\n\n recaptcha_result = self.validateRecaptcha(recaptcha_response)\n print \"Cert. Authenticate for step 1. recaptcha_result: '%s'\" % recaptcha_result\n \n return recaptcha_result\n\n return True\n elif step == 2:\n print \"Cert. Authenticate for step 2\"\n\n # Validate if user selected certificate\n cert_x509 = self.getSessionAttribute(\"cert_x509\")\n if cert_x509 == None:\n print \"Cert. Authenticate for step 2. User not selected any certs\"\n identity.setWorkingParameter(\"cert_selected\", False)\n \n # Return True to inform user how to reset workflow\n return True\n else:\n identity.setWorkingParameter(\"cert_selected\", True)\n x509Certificate = self.certFromString(cert_x509)\n\n subjectX500Principal = x509Certificate.getSubjectX500Principal()\n print \"Cert. Authenticate for step 2. User selected certificate with DN '%s'\" % subjectX500Principal\n \n # Validate certificates which user selected\n valid = self.validateCertificate(x509Certificate)\n if not valid:\n print \"Cert. Authenticate for step 2. Certificate DN '%s' is not valid\" % subjectX500Principal\n identity.setWorkingParameter(\"cert_valid\", False)\n \n # Return True to inform user how to reset workflow\n return True\n\n identity.setWorkingParameter(\"cert_valid\", True)\n \n # Calculate certificate fingerprint\n x509CertificateFingerprint = self.calculateCertificateFingerprint(x509Certificate)\n identity.setWorkingParameter(\"cert_x509_fingerprint\", x509CertificateFingerprint)\n print \"Cert. Authenticate for step 2. Fingerprint is '%s' of certificate with DN '%s'\" % (x509CertificateFingerprint, subjectX500Principal)\n \n # Attempt to find user by certificate fingerprint\n cert_user_external_uid = \"cert:%s\" % x509CertificateFingerprint\n print \"Cert. Authenticate for step 2. Attempting to find user by oxExternalUid attribute value %s\" % cert_user_external_uid\n\n find_user_by_external_uid = userService.getUserByAttribute(\"oxExternalUid\", cert_user_external_uid)\n if find_user_by_external_uid == None:\n print \"Cert. Authenticate for step 2. Failed to find user\"\n \n if self.map_user_cert:\n print \"Cert. Authenticate for step 2. Storing cert_user_external_uid for step 3\"\n identity.setWorkingParameter(\"cert_user_external_uid\", cert_user_external_uid)\n return True\n else:\n print \"Cert. Authenticate for step 2. Mapping cert to user account is not allowed\"\n identity.setWorkingParameter(\"cert_count_login_steps\", 2)\n return False\n\n foundUserName = find_user_by_external_uid.getUserId()\n print \"Cert. Authenticate for step 2. foundUserName: \" + foundUserName\n\n logged_in = False\n userService = CdiUtil.bean(UserService)\n logged_in = authenticationService.authenticate(foundUserName)\n \n print \"Cert. Authenticate for step 2. Setting count steps to 2\"\n identity.setWorkingParameter(\"cert_count_login_steps\", 2)\n\n return logged_in\n elif step == 3:\n print \"Cert. Authenticate for step 3\"\n\n cert_user_external_uid = self.getSessionAttribute(\"cert_user_external_uid\")\n if cert_user_external_uid == None:\n print \"Cert. Authenticate for step 3. cert_user_external_uid is empty\"\n return False\n\n user_password = credentials.getPassword()\n\n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if (not logged_in):\n return False\n\n # Double check just to make sure. We did checking in previous step\n # Check if there is user which has cert_user_external_uid\n # Avoid mapping user cert to more than one IDP account\n find_user_by_external_uid = userService.getUserByAttribute(\"oxExternalUid\", cert_user_external_uid)\n if find_user_by_external_uid == None:\n # Add cert_user_external_uid to user's external GUID list\n find_user_by_external_uid = userService.addUserAttribute(user_name, \"oxExternalUid\", cert_user_external_uid)\n if find_user_by_external_uid == None:\n print \"Cert. Authenticate for step 3. Failed to update current user\"\n return False\n\n return True\n \n return True\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n print \"Cert. Prepare for step %d\" % step\n identity = CdiUtil.bean(Identity)\n \n if step == 1:\n if self.enabled_recaptcha:\n identity.setWorkingParameter(\"recaptcha_site_key\", self.recaptcha_creds['site_key'])\n elif step == 2:\n # Store certificate in session\n facesContext = CdiUtil.bean(FacesContext)\n externalContext = facesContext.getExternalContext()\n request = externalContext.getRequest()\n\n # Try to get certificate from header X-ClientCert\n clientCertificate = externalContext.getRequestHeaderMap().get(\"X-ClientCert\")\n if clientCertificate != None:\n x509Certificate = self.certFromPemString(clientCertificate)\n identity.setWorkingParameter(\"cert_x509\", self.certToString(x509Certificate))\n print \"Cert. Prepare for step 2. Storing user certificate obtained from 'X-ClientCert' header\"\n return True\n\n # Try to get certificate from attribute javax.servlet.request.X509Certificate\n x509Certificates = request.getAttribute('javax.servlet.request.X509Certificate')\n if (x509Certificates != None) and (len(x509Certificates) > 0):\n identity.setWorkingParameter(\"cert_x509\", self.certToString(x509Certificates[0]))\n print \"Cert. Prepare for step 2. Storing user certificate obtained from 'javax.servlet.request.X509Certificate' attribute\"\n return True\n\n if step < 4:\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return Arrays.asList(\"cert_selected\", \"cert_valid\", \"cert_x509\", \"cert_x509_fingerprint\", \"cert_count_login_steps\", \"cert_user_external_uid\")\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n cert_count_login_steps = self.getSessionAttribute(\"cert_count_login_steps\")\n if cert_count_login_steps != None:\n return cert_count_login_steps\n else:\n return 3\n\n def getPageForStep(self, configurationAttributes, step):\n if step == 1:\n return \"/auth/cert/login.xhtml\"\n if step == 2:\n return \"/auth/cert/cert-login.xhtml\"\n elif step == 3:\n cert_selected = self.getSessionAttribute(\"cert_selected\")\n if True != cert_selected:\n return \"/auth/cert/cert-not-selected.xhtml\"\n\n cert_valid = self.getSessionAttribute(\"cert_valid\")\n if True != cert_valid:\n return \"/auth/cert/cert-invalid.xhtml\"\n \n return \"/login.xhtml\"\n\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def processBasicAuthentication(self, credentials):\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if (not logged_in):\n return None\n\n find_user_by_uid = authenticationService.getAuthenticatedUser()\n if (find_user_by_uid == None):\n print \"Cert. Process basic authentication. Failed to find user '%s'\" % user_name\n return None\n \n return find_user_by_uid\n\n def getSessionAttribute(self, attribute_name):\n identity = CdiUtil.bean(Identity)\n\n # Try to get attribute value from Seam event context\n if identity.isSetWorkingParameter(attribute_name):\n return identity.getWorkingParameter(attribute_name)\n \n # Try to get attribute from persistent session\n session_id = identity.getSessionId()\n if session_id == None:\n return None\n\n session_attributes = session_id.getSessionAttributes()\n if session_attributes == None:\n return None\n\n if session_attributes.containsKey(attribute_name):\n return session_attributes.get(attribute_name)\n\n return None\n\n def calculateCertificateFingerprint(self, x509Certificate):\n print \"Cert. Calculate fingerprint for certificate DN '%s'\" % x509Certificate.getSubjectX500Principal()\n \n publicKey = x509Certificate.getPublicKey()\n \n # Use oxAuth implementation\n fingerprint = FingerprintHelper.getPublicKeySshFingerprint(publicKey)\n \n return fingerprint \n\n def validateCertificate(self, x509Certificate):\n subjectX500Principal = x509Certificate.getSubjectX500Principal()\n\n print \"Cert. Validating certificate with DN '%s'\" % subjectX500Principal\n \n validation_date = java.util.Date()\n\n for type in self.validator_types:\n if self.validators[type][1]:\n result = self.validators[type][0].validate(x509Certificate, self.chain_certs, validation_date)\n print \"Cert. Validate certificate: '%s'. Validation method '%s' result: '%s'\" % (subjectX500Principal, type, result)\n \n if (result.getValidity() != ValidationStatus.CertificateValidity.VALID):\n print \"Cert. Certificate: '%s' is invalid\" % subjectX500Principal\n return False\n \n return True\n\n def certToString(self, x509Certificate):\n if x509Certificate == None:\n return None\n return base64.b64encode(x509Certificate.getEncoded())\n\n def certFromString(self, x509CertificateEncoded):\n x509CertificateDecoded = base64.b64decode(x509CertificateEncoded)\n return CertUtil.x509CertificateFromBytes(x509CertificateDecoded)\n\n def certFromPemString(self, pemCertificate):\n x509CertificateEncoded = pemCertificate.replace(\"-----BEGIN CERTIFICATE-----\", \"\").replace(\"-----END CERTIFICATE-----\", \"\").strip()\n return self.certFromString(x509CertificateEncoded)\n\n def initRecaptcha(self, configurationAttributes):\n print \"Cert. Initialize recaptcha\"\n if not configurationAttributes.containsKey(\"credentials_file\"):\n return False\n\n cert_creds_file = configurationAttributes.get(\"credentials_file\").getValue2()\n\n # Load credentials from file\n f = open(cert_creds_file, 'r')\n try:\n creds = json.loads(f.read())\n except:\n print \"Cert. Initialize recaptcha. Failed to load credentials from file: %s\" % cert_creds_file\n return False\n finally:\n f.close()\n \n try:\n recaptcha_creds = creds[\"recaptcha\"]\n except:\n print \"Cert. Initialize recaptcha. Invalid credentials file '%s' format:\" % cert_creds_file\n return False\n \n self.recaptcha_creds = None\n if recaptcha_creds[\"enabled\"]:\n print \"Cert. Initialize recaptcha. Recaptcha is enabled\"\n\n encryptionService = CdiUtil.bean(EncryptionService)\n\n site_key = recaptcha_creds[\"site_key\"]\n secret_key = recaptcha_creds[\"secret_key\"]\n\n try:\n site_key = encryptionService.decrypt(site_key)\n except:\n # Ignore exception. Value is not encrypted\n print \"Cert. Initialize recaptcha. Assuming that 'site_key' in not encrypted\"\n\n try:\n secret_key = encryptionService.decrypt(secret_key)\n except:\n # Ignore exception. Value is not encrypted\n print \"Cert. Initialize recaptcha. Assuming that 'secret_key' in not encrypted\"\n\n \n self.recaptcha_creds = { 'site_key' : site_key, \"secret_key\" : secret_key }\n print \"Cert. Initialize recaptcha. Recaptcha is configured correctly\"\n\n return True\n else:\n print \"Cert. Initialize recaptcha. Recaptcha is disabled\"\n\n return False\n\n def validateRecaptcha(self, recaptcha_response):\n print \"Cert. Validate recaptcha response\"\n\n facesContext = CdiUtil.bean(FacesContext)\n request = facesContext.getExternalContext().getRequest()\n\n remoteip = ServerUtil.getIpAddress(request)\n print \"Cert. Validate recaptcha response. remoteip: '%s'\" % remoteip\n\n httpService = CdiUtil.bean(HttpService)\n\n http_client = httpService.getHttpsClient()\n http_client_params = http_client.getParams()\n http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)\n \n recaptcha_validation_url = \"https://www.google.com/recaptcha/api/siteverify\"\n recaptcha_validation_request = urllib.urlencode({ \"secret\" : self.recaptcha_creds['secret_key'], \"response\" : recaptcha_response, \"remoteip\" : remoteip })\n recaptcha_validation_headers = { \"Content-type\" : \"application/x-www-form-urlencoded\", \"Accept\" : \"application/json\" }\n\n try:\n http_service_response = httpService.executePost(http_client, recaptcha_validation_url, None, recaptcha_validation_headers, recaptcha_validation_request)\n http_response = http_service_response.getHttpResponse()\n except:\n print \"Cert. Validate recaptcha response. Exception: \", sys.exc_info()[1]\n return False\n\n try:\n if not httpService.isResponseStastusCodeOk(http_response):\n print \"Cert. Validate recaptcha response. Get invalid response from validation server: \", str(http_response.getStatusLine().getStatusCode())\n httpService.consume(http_response)\n return False\n \n response_bytes = httpService.getResponseContent(http_response)\n response_string = httpService.convertEntityToString(response_bytes)\n httpService.consume(http_response)\n finally:\n http_service_response.closeConnection()\n\n if response_string == None:\n print \"Cert. Validate recaptcha response. Get empty response from validation server\"\n return False\n \n response = json.loads(response_string)\n \n return response[\"success\"]\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}", "{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!2124.0CF1", "oxConfigurationProperty": ["{\"value1\":\"chain_cert_file_path\",\"value2\":\"/etc/certs/chain_cert.pem\",\"description\":\"\"}", "{\"value1\":\"credentials_file\",\"value2\":\"/etc/certs/cert_creds.json\",\"description\":\"\"}", "{\"value1\":\"map_user_cert\",\"value2\":\"true\",\"description\":\"\"}", "{\"value1\":\"use_generic_validator\",\"value2\":\"true\",\"description\":\"\"}", "{\"value1\":\"use_path_validator\",\"value2\":\"true\",\"description\":\"\"}", "{\"value1\":\"use_ocsp_validator\",\"value2\":\"true\",\"description\":\"\"}", "{\"value1\":\"use_crl_validator\",\"value2\":\"false\",\"description\":\"\"}", "{\"value1\":\"crl_max_response_size\",\"value2\":\"10485760\",\"description\":\"\"}"]});
157[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
158
159
160
161UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!2FDB.CF02", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!2FDB.CF02,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "60", "displayName": "passport_social", "description": "Passport authentication module", "gluuStatus": "false", "objectClass": ["oxCustomScript", "top"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Arvind Tomar\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom javax.faces.context import FacesContext\nfrom javax.faces.application import FacesMessage\nfrom org.gluu.jsf2.message import FacesMessages\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList, HashMap, IdentityHashMap\nfrom org.xdi.oxauth.client import TokenClient, TokenRequest, UserInfoClient\nfrom org.xdi.oxauth.model.common import GrantType, AuthenticationMethod\nfrom org.xdi.oxauth.model.jwt import Jwt, JwtClaimName\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import UserService, ClientService, AuthenticationService\nfrom org.xdi.oxauth.model.common import User\nfrom org.xdi.util import StringHelper\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.gluu.jsf2.service import FacesService\nfrom org.xdi.oxauth.model.util import Base64Util\nfrom org.python.core.util import StringUtil\nfrom org.xdi.oxauth.service.net import HttpService\n\nimport json\nimport java\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n print \"Passport-social: Initialized successfully\"\n\n def init(self, configurationAttributes):\n print \"Passport-social: Initialization init method call\"\n self.extensionModule = None\n self.attributesMapping = None\n if (configurationAttributes.containsKey(\"generic_remote_attributes_list\") and\n configurationAttributes.containsKey(\"generic_local_attributes_list\")):\n\n remoteAttributesList = configurationAttributes.get(\"generic_remote_attributes_list\").getValue2()\n if (StringHelper.isEmpty(remoteAttributesList)):\n print \"Passport-social: Initialization. The property generic_remote_attributes_list is empty\"\n return False\n\n localAttributesList = configurationAttributes.get(\"generic_local_attributes_list\").getValue2()\n if (StringHelper.isEmpty(localAttributesList)):\n print \"Passport-social: Initialization. The property generic_local_attributes_list is empty\"\n return False\n\n self.attributesMapping = self.prepareAttributesMapping(remoteAttributesList, localAttributesList)\n if (self.attributesMapping == None):\n print \"Passport-social: Initialization. The attributes mapping isn't valid\"\n return False\n\n if (configurationAttributes.containsKey(\"extension_module\")):\n extensionModuleName = configurationAttributes.get(\"extension_module\").getValue2()\n try:\n self.extensionModule = __import__(extensionModuleName)\n extensionModuleInitResult = self.extensionModule.init(configurationAttributes)\n if (not extensionModuleInitResult):\n return False\n except ImportError, ex:\n print \"Passport-social: Initialization. Failed to load generic_extension_module:\", extensionModuleName\n print \"Passport-social: Initialization. Unexpected error:\", ex\n return False\n else:\n print(\"Passport-social: Extension module key not found\")\n return True\n\n def destroy(self, configurationAttributes):\n print \"Passport-social: Basic. Destroy method call\"\n print \"Passport-social: Basic. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def getUserValueFromAuth(self, remote_attr, requestParameters):\n try:\n toBeFeatched = \"loginForm:\" + remote_attr\n return ServerUtil.getFirstValue(requestParameters, toBeFeatched)\n except Exception, err:\n print(\"Passport-social: Exception inside getUserValueFromAuth \" + str(err))\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n extensionResult = self.extensionAuthenticate(configurationAttributes, requestParameters, step)\n if extensionResult != None:\n return extensionResult\n\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n try:\n UserId = self.getUserValueFromAuth(\"userid\", requestParameters)\n except Exception, err:\n print \"Passport-social: Error: \" + str(err)\n\n useBasicAuth = StringHelper.isEmptyString(UserId)\n\n # Use basic method to log in\n if useBasicAuth:\n print \"Passport-social: Basic Authentication\"\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n userService = CdiUtil.bean(UserService)\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n print \"Passport-social: Basic Authentication returning %s\" % logged_in\n return logged_in\n else:\n facesContext = CdiUtil.bean(FacesContext)\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n uidRemoteAttr = self.getUidRemoteAttr()\n if uidRemoteAttr == None:\n print \"Cannot retrieve uid remote attribute\"\n return False\n else:\n uidRemoteAttrValue = self.getUserValueFromAuth(uidRemoteAttr, requestParameters)\n if \"shibboleth\" in self.getUserValueFromAuth(\"provider\", requestParameters):\n externalUid = \"passport-saml:%s\" % uidRemoteAttrValue\n else:\n externalUid = \"passport-%s:%s\" % (self.getUserValueFromAuth(\"provider\", requestParameters), uidRemoteAttrValue)\n\n email = self.getUserValueFromAuth(\"email\", requestParameters)\n if StringHelper.isEmptyString(email):\n facesMessages = CdiUtil.bean(FacesMessages)\n facesMessages.setKeepMessages()\n self.clearFacesMessages(facesContext)\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"Please provide your email.\")\n\n print \"Passport-social: Email was not received\"\n return False\n\n userByMail = userService.getUserByAttribute(\"mail\", email)\n userByUid = userService.getUserByAttribute(\"oxExternalUid\", externalUid)\n\n doUpdate = False\n doAdd = False\n if userByUid!=None:\n print \"User with externalUid '%s' already exists\" % externalUid\n if userByMail!=None:\n if userByMail.getUserId()==userByUid.getUserId():\n doUpdate = True\n else:\n doUpdate = True\n else:\n if userByMail==None:\n doAdd = True\n\n if doUpdate:\n foundUser = userByUid\n #update user with remote attributes coming\n for attributesMappingEntry in self.attributesMapping.entrySet():\n remoteAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n localAttributeValue = self.getUserValueFromAuth(remoteAttribute, requestParameters)\n\n if (localAttribute != None) and (localAttribute != \"provider\") and (localAttributeValue != \"undefined\"):\n try:\n value = foundUser.getAttributeValues(str(localAttribute))[0]\n if value != localAttributeValue:\n foundUser.setAttribute(localAttribute, localAttributeValue)\n except Exception, err:\n print(\"Error in update Attribute \" + str(err))\n\n try:\n foundUserName = foundUser.getUserId()\n print \"Passport-social: Updating user %s\" % foundUserName\n\n userService.updateUser(foundUser)\n userAuthenticated = authenticationService.authenticate(foundUserName)\n print \"Passport-social: Is user authenticated = \" + str(userAuthenticated)\n\n return userAuthenticated\n except Exception, err:\n return False\n\n if doAdd:\n newUser = User()\n #Fill user attrs\n newUser.setAttribute(\"oxExternalUid\", externalUid)\n\n for attributesMappingEntry in self.attributesMapping.entrySet():\n remoteAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n localAttributeValue = self.getUserValueFromAuth(remoteAttribute, requestParameters)\n\n if (localAttribute != None) and (localAttribute != \"provider\") and (localAttributeValue != \"undefined\"):\n newUser.setAttribute(localAttribute, localAttributeValue)\n\n try:\n print \"Passport-social: Adding user %s\" % externalUid\n foundUser = userService.addUser(newUser, True)\n foundUserName = foundUser.getUserId()\n\n userAuthenticated = authenticationService.authenticate(foundUserName)\n print \"Passport-social: User added successfully and isUserAuthenticated = \" + str(userAuthenticated)\n\n return userAuthenticated\n except Exception, err:\n print \"Passport-social: Error in adding user:\" + str(err)\n return False\n\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n extensionResult = self.extensionPrepareForStep(configurationAttributes, requestParameters, step)\n if extensionResult != None:\n return extensionResult\n\n if (step == 1):\n print \"Passport-social: Prepare for Step 1 method call\"\n identity = CdiUtil.bean(Identity)\n sessionId = identity.getSessionId()\n sessionAttribute = sessionId.getSessionAttributes()\n print \"Passport-social: session %s\" % sessionAttribute\n oldState = sessionAttribute.get(\"state\")\n if(oldState == None):\n print \"Passport-social: old state is none\"\n return True\n else:\n print \"Passport-social: state is obtained\"\n try:\n stateBytes = Base64Util.base64urldecode(oldState)\n state = StringUtil.fromBytes(stateBytes)\n stateObj = json.loads(state)\n print stateObj[\"provider\"]\n for y in stateObj:\n print (y,':',stateObj[y])\n httpService = CdiUtil.bean(HttpService)\n facesService = CdiUtil.bean(FacesService)\n facesContext = CdiUtil.bean(FacesContext)\n httpclient = httpService.getHttpsClient()\n headersMap = HashMap()\n headersMap.put(\"Accept\", \"text/json\")\n host = facesContext.getExternalContext().getRequest().getServerName()\n url = \"https://\"+host+\"/passport/token\"\n print \"Passport-social: url %s\" %url\n resultResponse = httpService.executeGet(httpclient, url , headersMap)\n http_response = resultResponse.getHttpResponse()\n response_bytes = httpService.getResponseContent(http_response)\n szResponse = httpService.convertEntityToString(response_bytes)\n print \"Passport-social: szResponse %s\" % szResponse\n tokenObj = json.loads(szResponse)\n print \"Passport-social: /passport/auth/saml/\"+stateObj[\"provider\"]+\"/\"+tokenObj[\"token_\"]\n facesService.redirectToExternalURL(\"/passport/auth/saml/\"+stateObj[\"provider\"]+\"/\"+tokenObj[\"token_\"])\n\n except Exception, err:\n print str(err)\n return True\n return True\n else:\n return True\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 1\n\n def getPageForStep(self, configurationAttributes, step):\n extensionResult = self.extensionGetPageForStep(configurationAttributes, step)\n if extensionResult != None:\n return extensionResult\n\n if (step == 1):\n return \"/auth/passport/passportlogin.xhtml\"\n return \"/auth/passport/passportpostlogin.xhtml\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):\n try:\n remoteAttributesListArray = StringHelper.split(remoteAttributesList, \",\")\n if (ArrayHelper.isEmpty(remoteAttributesListArray)):\n print(\"Passport-social: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property\")\n return None\n\n localAttributesListArray = StringHelper.split(localAttributesList, \",\")\n if (ArrayHelper.isEmpty(localAttributesListArray)):\n print(\"Passport-social: PrepareAttributesMapping. There is no attributes specified in localAttributesList property\")\n return None\n\n if (len(remoteAttributesListArray) != len(localAttributesListArray)):\n print(\"Passport-social: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal\")\n return None\n\n attributeMapping = IdentityHashMap()\n containsUid = False\n i = 0\n count = len(remoteAttributesListArray)\n while (i < count):\n remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])\n localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])\n attributeMapping.put(remoteAttribute, localAttribute)\n if (StringHelper.equalsIgnoreCase(localAttribute, \"uid\")):\n containsUid = True\n\n i = i + 1\n\n if (not containsUid):\n print \"Passport-social: PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute\"\n return None\n\n return attributeMapping\n except Exception, err:\n print(\"Passport-social: Exception inside prepareAttributesMapping \" + str(err))\n\n def getUidRemoteAttr(self):\n try:\n for attributesMappingEntry in self.attributesMapping.entrySet():\n remoteAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n if localAttribute == \"uid\":\n return remoteAttribute\n except Exception, err:\n print(\"Passport-social: Exception inside getUidRemoteAttr \" + str(err))\n\n return None\n\n def extensionAuthenticate(self, configurationAttributes, requestParameters, step):\n if (self.extensionModule == None):\n return None\n\n try:\n result = self.extensionModule.authenticate(configurationAttributes, requestParameters, step)\n print \"Passport-social: Extension. Authenticate: '%s'\" % result\n\n return result\n except Exception, ex:\n print \"Passport-social: Extension. Authenticate. Failed to execute postLogin method\"\n print \"Passport-social: Extension. Authenticate. Unexpected error:\", ex\n except java.lang.Throwable, ex:\n print \"Passport-social: Extension. Authenticate. Failed to execute postLogin method\"\n ex.printStackTrace()\n\n return True\n\n def extensionGetPageForStep(self, configurationAttributes, step):\n if (self.extensionModule == None):\n return None\n\n try:\n result = self.extensionModule.getPageForStep(configurationAttributes, step)\n print \"Passport-social: Extension. Get page for Step: '%s'\" % result\n\n return result\n except Exception, ex:\n print \"Passport-social: Extension. Get page for Step. Failed to execute postLogin method\"\n print \"Passport-social: Extension. Get page for Step. Unexpected error:\", ex\n except java.lang.Throwable, ex:\n print \"Passport-social: Extension. Get page for Step. Failed to execute postLogin method\"\n ex.printStackTrace()\n\n return None\n\n def extensionPrepareForStep(self, configurationAttributes, requestParameters, step):\n if (self.extensionModule == None):\n return None\n\n try:\n result = self.extensionModule.prepareForStep(configurationAttributes, requestParameters, step)\n print \"Passport-social: Extension. Prepare for Step: '%s'\" % result\n\n return result\n except Exception, ex:\n print \"Passport-social: Extension. Prepare for Step. Failed to execute postLogin method\"\n print \"Passport-social: Extension. Prepare for Step. Unexpected error:\", ex\n except java.lang.Throwable, ex:\n print \"Passport-social: Extension. Prepare for Step. Failed to execute postLogin method\"\n ex.printStackTrace()\n\n return None\n\n def clearFacesMessages(self, context):\n\n if context!=None:\n try:\n iterator = context.getMessages()\n while iterator.hasNext():\n iterator.next()\n iterator.remove()\n except:\n print \"Error clearing faces messages\"", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!2FDB.CF02", "oxConfigurationProperty": ["{\"value1\":\"key_store_file\",\"value2\":\"/etc/certs/passport-rp.jks\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"key_store_password\",\"value2\":\"secret\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"generic_remote_attributes_list\",\"value2\":\"username, email, name, name, givenName, familyName, provider\",\"description\":\"\"}", "{\"value1\":\"generic_local_attributes_list\",\"value2\":\"uid, mail, cn, displayName, givenName, sn, provider\",\"description\":\"\"}"]});
162[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
163
164
165
166UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!CB5B.3211", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!CB5B.3211,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "dynamic_permission", "description": "Permission Dynamic Scope script", "gluuStatus": "true", "objectClass": ["oxCustomScript", "top"], "programmingLanguage": "python", "oxScriptType": "dynamic_scope", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2016, Gluu\r\n#\r\n# Author: Yuriy Movchan\r\n#\r\n\r\nfrom org.xdi.model.custom.script.type.scope import DynamicScopeType\r\nfrom org.xdi.service.cdi.util import CdiUtil\r\nfrom org.xdi.oxauth.service import UserService\r\nfrom org.xdi.util import StringHelper, ArrayHelper\r\nfrom java.util import Arrays, ArrayList\r\n\r\nimport java\r\n\r\nclass DynamicScope(DynamicScopeType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"Permission dynamic scope. Initialization\"\r\n\r\n print \"Permission dynamic scope. Initialized successfully\"\r\n\r\n return True \r\n\r\n def destroy(self, configurationAttributes):\r\n print \"Permission dynamic scope. Destroy\"\r\n print \"Permission dynamic scope. Destroyed successfully\"\r\n return True \r\n\r\n # Update Json Web token before signing/encrypring it\r\n # dynamicScopeContext is org.xdi.oxauth.service.external.context.DynamicScopeExternalContext\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def update(self, dynamicScopeContext, configurationAttributes):\r\n print \"Permission dynamic scope scope. Update method\"\r\n\r\n authorizationGrant = dynamicScopeContext.getAuthorizationGrant()\r\n user = dynamicScopeContext.getUser()\r\n jsonWebResponse = dynamicScopeContext.getJsonWebResponse()\r\n claims = jsonWebResponse.getClaims()\r\n\r\n userService = CdiUtil.bean(UserService)\r\n roles = userService.getCustomAttribute(user, \"role\")\r\n if roles != None:\r\n claims.setClaim(\"role\", roles.getValues())\r\n\r\n return True\r\n\r\n def getSupportedClaims(self, configurationAttributes):\r\n return Arrays.asList(\"role\")\r\n\r\n def getApiVersion(self):\r\n return 2\r\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!CB5B.3211"});
167[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
168
169
170
171UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.4A65", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.4A65,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "id_generator", "description": "Sample Id Generator script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "id_generator", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.model.custom.script.type.id import IdGeneratorType\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList\n\nimport java\n\nclass IdGenerator(IdGeneratorType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Id generator. Initialization\"\n print \"Id generator. Initialized successfully\"\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Id generator. Destroy\"\n print \"Id generator. Destroyed successfully\"\n return True \n\n def getApiVersion(self):\n return 1\n\n # Id generator init method\n # appId is application Id\n # idType is Id Type\n # idPrefix is Id Prefix\n # user is org.gluu.oxtrust.model.GluuCustomPerson\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\n def generateId(self, appId, idType, idPrefix, configurationAttributes):\n print \"Id generator. Generate Id\"\n print \"Id generator. Generate Id. AppId: '\", appId, \"', IdType: '\", idType, \"', IdPrefix: '\", idPrefix, \"'\"\n\n # Return None or empty string to trigger default Id generation method\n return None\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.4A65"});
172[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
173
174
175
176UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.5621", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.5621,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "org_name", "description": "Sample Dynamic Scope script for org_name", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "dynamic_scope", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2016, Gluu\r\n#\r\n# Author: Yuriy Movchan\r\n#\r\n\r\nfrom org.xdi.model.custom.script.type.scope import DynamicScopeType\r\nfrom org.xdi.oxauth.service import UserService\r\nfrom org.xdi.util import StringHelper, ArrayHelper\r\nfrom java.util import Arrays, ArrayList\r\n\r\nimport java\r\n\r\nclass DynamicScope(DynamicScopeType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"Dynamic scope. Initialization\"\r\n\r\n print \"Dynamic scope. Initialized successfully\"\r\n\r\n return True \r\n\r\n def destroy(self, configurationAttributes):\r\n print \"Dynamic scope. Destroy\"\r\n print \"Dynamic scope. Destroyed successfully\"\r\n return True \r\n\r\n # Update Json Web token before signing/encrypring it\r\n # dynamicScopeContext is org.xdi.oxauth.service.external.context.DynamicScopeExternalContext\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def update(self, dynamicScopeContext, configurationAttributes):\r\n print \"Dynamic scope. Update method\"\r\n\r\n dynamicScopes = dynamicScopeContext.getDynamicScopes()\r\n authorizationGrant = dynamicScopeContext.getAuthorizationGrant()\r\n user = dynamicScopeContext.getUser()\r\n jsonWebResponse = dynamicScopeContext.getJsonWebResponse()\r\n claims = jsonWebResponse.getClaims()\r\n\r\n # Add organization name if there is scope = org_name\r\n claims.setClaim(\"org_name\", \"Gluu, Inc.\")\r\n\r\n return True\r\n\r\n def getSupportedClaims(self, configurationAttributes):\r\n return Arrays.asList(\"org_name\")\r\n\r\n def getApiVersion(self):\r\n return 2\r\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.5621"});
177[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
178
179
180
181UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.5622", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.5622,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "work_phone", "description": "Sample Dynamic Scope script for work_phone", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "dynamic_scope", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2016, Gluu\r\n#\r\n# Author: Yuriy Movchan\r\n#\r\n\r\nfrom org.xdi.model.custom.script.type.scope import DynamicScopeType\r\nfrom org.xdi.service.cdi.util import CdiUtil\r\nfrom org.xdi.oxauth.service import UserService\r\nfrom org.xdi.util import StringHelper, ArrayHelper\r\nfrom java.util import Arrays, ArrayList\r\n\r\nimport java\r\n\r\nclass DynamicScope(DynamicScopeType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"Dynamic scope. Initialization\"\r\n\r\n print \"Dynamic scope. Initialized successfully\"\r\n\r\n return True \r\n\r\n def destroy(self, configurationAttributes):\r\n print \"Dynamic scope. Destroy\"\r\n print \"Dynamic scope. Destroyed successfully\"\r\n return True \r\n\r\n # Update Json Web token before signing/encrypring it\r\n # dynamicScopeContext is org.xdi.oxauth.service.external.context.DynamicScopeExternalContext\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def update(self, dynamicScopeContext, configurationAttributes):\r\n print \"Dynamic scope. Update method\"\r\n\r\n dynamicScopes = dynamicScopeContext.getDynamicScopes()\r\n authorizationGrant = dynamicScopeContext.getAuthorizationGrant()\r\n user = dynamicScopeContext.getUser()\r\n jsonWebResponse = dynamicScopeContext.getJsonWebResponse()\r\n claims = jsonWebResponse.getClaims()\r\n\r\n # Add work phone if there is scope = work_phone\r\n userService = CdiUtil.bean(UserService)\r\n workPhone = userService.getCustomAttribute(user, \"telephoneNumber\")\r\n if workPhone != None:\r\n claims.setClaim(\"work_phone\", workPhone.getValues())\r\n\r\n return True\r\n\r\n def getSupportedClaims(self, configurationAttributes):\r\n return Arrays.asList(\"work_phone\")\r\n\r\n def getApiVersion(self):\r\n return 2\r\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!031C.5622"});
182[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
183
184
185
186UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!13D3.E7AD", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!13D3.E7AD,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "cache_refresh", "description": "Sample Cache Refresh script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "cache_refresh", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.model.custom.script.type.user import CacheRefreshType\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList\nfrom org.gluu.oxtrust.model import GluuCustomAttribute\n\nimport java\n\nclass CacheRefresh(CacheRefreshType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Cache refresh. Initialization\"\n print \"Cache refresh. Initialized successfully\"\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Cache refresh. Destroy\"\n print \"Cache refresh. Destroyed successfully\"\n return True \n\n # Update user entry before persist it\n # user is org.gluu.oxtrust.model.GluuCustomPerson\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\n def updateUser(self, user, configurationAttributes):\n print \"Cache refresh. UpdateUser method\"\n\n attributes = user.getCustomAttributes()\n\n # Add new attribute preferredLanguage\n attrPrefferedLanguage = GluuCustomAttribute(\"preferredLanguage\", \"en-us\")\n attributes.add(attrPrefferedLanguage)\n\n # Add new attribute userPassword\n attrUserPassword = GluuCustomAttribute(\"userPassword\", \"test\")\n attributes.add(attrUserPassword)\n\n # Update givenName attribute\n for attribute in attributes:\n attrName = attribute.getName()\n if ((\"givenname\" == StringHelper.toLowerCase(attrName)) and StringHelper.isNotEmpty(attribute.getValue())):\n attribute.setValue(StringHelper.removeMultipleSpaces(attribute.getValue()) + \" (updated)\")\n\n return True\n\n def getApiVersion(self):\n return 1\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!13D3.E7AD"});
187[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
188
189
190
191UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!24FD.B96E", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!24FD.B96E,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "90", "displayName": "yubicloud", "description": "OTP Validation of passwords using Yubicloud authentication module", "gluuStatus": "false", "objectClass": ["oxCustomScript", "top"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan, Arunmozhi\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import UserService\nfrom org.xdi.util import StringHelper\n\nimport java\n\nimport urllib2\nimport urllib\nimport uuid\n\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Yubicloud. Initialization\"\n\n self.api_server = configurationAttributes.get(\"yubicloud_uri\").getValue2()\n self.api_key = configurationAttributes.get(\"yubicloud_api_key\").getValue2()\n self.client_id = configurationAttributes.get(\"yubicloud_id\").getValue2()\n\n return True\n\n def destroy(self, configurationAttributes):\n print \"Yubicloud. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n if (step == 1):\n print \"Yubicloud. Authenticate for step 1\"\n\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n username = credentials.getUsername()\n otp = credentials.getPassword()\n\n # Validate otp length\n if len(otp) < 32 or len(otp) > 48:\n print \"Yubicloud. Invalid OTP length\"\n return False\n\n user_service = CdiUtil.bean(UserService)\n user = user_service.getUser(username)\n\n public_key = user.getAttribute('yubikeyId')\n\n # Match the user with the yubikey\n if public_key not in otp:\n print \"Yubicloud. Public Key not matching OTP\"\n return False\n\n data = \"\"\n try:\n nonce = str(uuid.uuid4()).replace(\"-\", \"\")\n params = urllib.urlencode({\"id\": self.client_id, \"otp\": otp, \"nonce\": nonce})\n url = \"https://\" + self.api_server + \"/wsapi/2.0/verify/?\" + params\n f = urllib2.urlopen(url)\n data = f.read()\n except Exception as e:\n print \"Yubicloud. Exception \", e\n\n if 'status=OK' in data:\n user_service.authenticate(username)\n print \"Yubicloud. Authentication Successful\"\n return True\n\n print \"Yubicloud. End of Step 1. Returning False.\"\n return False\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n if (step == 1):\n print \"Yubicloud. Prepare for Step 1\"\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 1\n\n def getPageForStep(self, configurationAttributes, step):\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!24FD.B96E", "oxConfigurationProperty": ["{\"value1\":\"yubicloud_uri\",\"value2\":\"api.yubico.com\",\"description\":\"\"}", "{\"value1\":\"yubicloud_api_key\",\"value2\":\"\",\"description\":\"\"}", "{\"value1\":\"yubicloud_id\",\"value2\":\"\",\"description\":\"\"}"]});
192[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
193
194
195
196UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F995", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F995,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "uma_rpt_policy", "description": "Sample UMA RPT Policy", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "uma_rpt_policy", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2017, Gluu\r\n#\r\n# Author: Yuriy Zabrovarnyy\r\n#\r\n# Call sequence\r\n# 1. First is call constructor of the Script __init__\r\n# 2. Next init() method\r\n# 3. Next getRequiredClaims() - method returns required claims, so UMA engine checks whether\r\n# in request RP provided all claims that are required. Pay attention that there can be\r\n# multiple scripts bound to the scopes, means that UMA engine will build set of required claims\r\n# from all scripts. If not all claims are provided need_info error is sent to RP.\r\n# During need_info construction getClaimsGatheringScriptName() method is called\r\n# 4. authorize() method is called if all required claims are provided.\r\n# 5. destroy()\r\n\r\nfrom org.xdi.model.custom.script.type.uma import UmaRptPolicyType\r\nfrom org.xdi.model.uma import ClaimDefinitionBuilder\r\nfrom java.lang import String\r\n\r\nclass UmaRptPolicy(UmaRptPolicyType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"RPT Policy. Initializing ...\"\r\n print \"RPT Policy. Initialized successfully\"\r\n\r\n return True\r\n\r\n def destroy(self, configurationAttributes):\r\n print \"RPT Policy. Destroying ...\"\r\n print \"RPT Policy. Destroyed successfully\"\r\n return True\r\n\r\n def getApiVersion(self):\r\n return 1\r\n\r\n # Returns required claims definitions.\r\n # This method must provide definition of all claims that is used in 'authorize' method.\r\n # Note : name in both places must match.\r\n # %1$s - placeholder for issuer. It uses standard Java Formatter, docs : https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html\r\n def getRequiredClaims(self, context): # context is reference of org.xdi.oxauth.uma.authorization.UmaAuthorizationContext\r\n json = \"\"\"[\r\n {\r\n \"issuer\" : [ \"%1$s\" ],\r\n \"name\" : \"country\",\r\n \"claim_token_format\" : [ \"http://openid.net/specs/openid-connect-core-1_0.html#IDToken\" ],\r\n \"claim_type\" : \"string\",\r\n \"friendly_name\" : \"country\"\r\n },\r\n {\r\n \"issuer\" : [ \"%1$s\" ],\r\n \"name\" : \"city\",\r\n \"claim_token_format\" : [ \"http://openid.net/specs/openid-connect-core-1_0.html#IDToken\" ],\r\n \"claim_type\" : \"string\",\r\n \"friendly_name\" : \"city\"\r\n }\r\n ]\"\"\"\r\n context.addRedirectUserParam(\"customUserParam1\", \"value1\") # pass some custom parameters to need_info uri. It can be removed if you don't need custom parameters.\r\n return ClaimDefinitionBuilder.build(String.format(json, context.getIssuer()))\r\n\r\n # Main authorization method. Must return True or False.\r\n def authorize(self, context): # context is reference of org.xdi.oxauth.uma.authorization.UmaAuthorizationContext\r\n print \"RPT Policy. Authorizing ...\"\r\n\r\n if context.getClaim(\"country\") == 'US' and context.getClaim(\"city\") == 'NY':\r\n print \"Authorized successfully!\"\r\n return True\r\n\r\n return False\r\n\r\n # Returns name of the Claims-Gathering script which will be invoked if need_info error is returned.\r\n def getClaimsGatheringScriptName(self, context): # context is reference of org.xdi.oxauth.uma.authorization.UmaAuthorizationContext\r\n context.addRedirectUserParam(\"customUserParam2\", \"value2\") # pass some custom parameters to need_info uri. It can be removed if you don't need custom parameters.\r\n return \"sampleClaimsGathering\"", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F995", "oxConfigurationProperty": ["{\"value1\":\"allowed_clients\",\"value2\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!BCB0.4376, @!7194.95E2.1D42.FF59!0001!6975.2B50!0008!D185.70B0\",\"description\":\"\"}"]});
197[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
198
199
200
201UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F9A5", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F9A5,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "scim_access_policy", "description": "Sample client authz UMA RPT Policy", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "uma_rpt_policy", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2017, Gluu\n#\n# Author: Jose Gonzalez\n# Adapted from previous 3.0.1 script of Yuriy Movchan\n#\n# oxConfigurationProperty required:\n# allowed_clients - comma separated list of dns of allowed clients\n# (i.e. the SCIM RP client)\n\nfrom org.xdi.model.custom.script.type.uma import UmaRptPolicyType\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.model.uma import ClaimDefinitionBuilder\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList, HashSet\nfrom java.lang import String\n\nclass UmaRptPolicy(UmaRptPolicyType):\n\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"RPT Policy. Initializing ...\"\n self.clientsSet = self.prepareClientsSet(configurationAttributes)\n print \"RPT Policy. Initialized successfully\"\n return True\n\n def destroy(self, configurationAttributes):\n print \"RPT Policy. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def getRequiredClaims(self, context):\n json = \"\"\"[\n ]\"\"\"\n return ClaimDefinitionBuilder.build(json)\n\n def authorize(self, context): # context is reference of org.xdi.oxauth.uma.authorization.UmaAuthorizationContext\n print \"RPT Policy. Authorizing ...\"\n\n client_id=context.getClient().getClientId()\n print \"UmaRptPolicy. client_id = %s\" % client_id\n\n if (StringHelper.isEmpty(client_id)):\n return False\n \n if (self.clientsSet.contains(client_id)):\n print \"UmaRptPolicy. Authorizing client\"\n return True\n else:\n print \"UmaRptPolicy. Client isn't authorized\"\n return False\n\n def getClaimsGatheringScriptName(self, context):\n return \"\"\n\n def prepareClientsSet(self, configurationAttributes):\n clientsSet = HashSet()\n if (not configurationAttributes.containsKey(\"allowed_clients\")):\n return clientsSet\n\n allowedClientsList = configurationAttributes.get(\"allowed_clients\").getValue2()\n if (StringHelper.isEmpty(allowedClientsList)):\n print \"UmaRptPolicy. The property allowed_clients is empty\"\n return clientsSet \n\n allowedClientsListArray = StringHelper.split(allowedClientsList, \",\")\n if (ArrayHelper.isEmpty(allowedClientsListArray)):\n print \"UmaRptPolicy. No clients specified in allowed_clients property\"\n return clientsSet\n \n # Convert to HashSet to quick search\n i = 0\n count = len(allowedClientsListArray)\n while (i < count):\n client = allowedClientsListArray[i]\n clientsSet.add(client)\n i = i + 1\n\n return clientsSet\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F9A5", "oxConfigurationProperty": ["{\"value1\":\"allowed_clients\",\"value2\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!BCB0.4376, @!7194.95E2.1D42.FF59!0001!6975.2B50!0008!D185.70B0\",\"description\":\"\"}"]});
202[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
203
204
205
206UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F996", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F996,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "1", "displayName": "sampleClaimsGathering", "description": "Sample UMA Claims Gathering", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "uma_claims_gathering", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2017, Gluu\r\n#\r\n# Author: Yuriy Zabrovarnyy\r\n#\r\n\r\nfrom org.xdi.model.custom.script.type.uma import UmaClaimsGatheringType\r\n\r\nclass UmaClaimsGathering(UmaClaimsGatheringType):\r\n\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"Claims-Gathering. Initializing ...\"\r\n print \"Claims-Gathering. Initialized successfully\"\r\n\r\n return True\r\n\r\n def destroy(self, configurationAttributes):\r\n print \"Claims-Gathering. Destroying ...\"\r\n print \"Claims-Gathering. Destroyed successfully\"\r\n return True\r\n\r\n def getApiVersion(self):\r\n return 1\r\n\r\n\r\n # Main gather method. Must return True (if gathering performed successfully) or False (if fail).\r\n # Method must set claim into context (via context.putClaim('name', value)) in order to persist it (otherwise it will be lost).\r\n # All user entered values can be access via Map<String, String> context.getPageClaims()\r\n def gather(self, step, context): # context is reference of org.xdi.oxauth.uma.authorization.UmaGatherContext\r\n print \"Claims-Gathering. Gathering ...\"\r\n\r\n if step == 1:\r\n if (context.getPageClaims().containsKey(\"country\")):\r\n country = context.getPageClaims().get(\"country\")\r\n print \"Country: \" + country\r\n\r\n context.putClaim(\"country\", country)\r\n return True\r\n\r\n print \"Claims-Gathering. 'country' is not provided on step 1.\"\r\n return False\r\n\r\n elif step == 2:\r\n if (context.getPageClaims().containsKey(\"city\")):\r\n city = context.getPageClaims().get(\"city\")\r\n print \"City: \" + city\r\n\r\n context.putClaim(\"city\", city)\r\n print \"Claims-Gathering. 'city' is not provided on step 2.\"\r\n return True\r\n\r\n return False\r\n\r\n def getNextStep(self, step, context):\r\n return -1\r\n\r\n def prepareForStep(self, step, context):\r\n if step == 10 and not context.isAuthenticated():\r\n # user is not authenticated, so we are redirecting user to authorization endpoint\r\n # client_id is specified via configuration attribute.\r\n # Make sure that given client has redirect_uri to Claims-Gathering Endpoint with parameter authentication=true\r\n # Sample https://sample.com/restv1/uma/gather_claims?authentication=true\r\n # If redirect to external url is performated, make sure that viewAction has onPostback=\"true\" (otherwise redirect will not work)\r\n # After user is authenticated then within the script it's possible to get user attributes as\r\n # context.getUser(\"uid\", \"sn\")\r\n # If user is authenticated to current AS (to the same server, not external one) then it's possible to\r\n # access Connect session attributes directly (no need to obtain id_token after redirect with 'code').\r\n # To fetch attributes please use getConnectSessionAttributes() method.\r\n\r\n print \"User is not authenticated. Redirect for authentication ...\"\r\n clientId = context.getConfigurationAttributes().get(\"client_id\").getValue2()\r\n redirectUri = context.getClaimsGatheringEndpoint() + \"?authentication=true\" # without authentication=true parameter it will not work\r\n authorizationUrl = context.getAuthorizationEndpoint() + \"?client_id=\" + clientId + \"&redirect_uri=\" + redirectUri + \"&scope=openid&response_type=code\"\r\n context.redirectToExternalUrl(authorizationUrl) # redirect to external url\r\n return False\r\n if step == 10 and context.isAuthenticated(): # example how to get session attribute if user is authenticated to same AS\r\n arc = context.getConnectSessionAttributes().get(\"acr\")\r\n\r\n return True\r\n\r\n def getStepsCount(self, context):\r\n return 2\r\n\r\n def getPageForStep(self, step, context):\r\n if step == 1:\r\n return \"/uma2/sample/country.xhtml\"\r\n elif step == 2:\r\n return \"/uma2/sample/city.xhtml\"\r\n return \"\"", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F996"});
207[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
208
209
210
211UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!4BBE.C6A8", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!4BBE.C6A8,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "basic_lock", "description": "Basic (with user locking) authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import UserService, AuthenticationService\nfrom org.xdi.util import StringHelper\nfrom org.gluu.site.ldap.persistence.exception import AuthenticationException\n\nimport java\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Basic (lock account). Initialization\"\n\n self.invalidLoginCountAttribute = \"oxCountInvalidLogin\"\n if configurationAttributes.containsKey(\"invalid_login_count_attribute\"):\n self.invalidLoginCountAttribute = configurationAttributes.get(\"invalid_login_count_attribute\").getValue2()\n else:\n print \"Basic (lock account). Initialization. Using default attribute\"\n\n self.maximumInvalidLoginAttemps = 3\n if configurationAttributes.containsKey(\"maximum_invalid_login_attemps\"):\n self.maximumInvalidLoginAttemps = StringHelper.toInteger(configurationAttributes.get(\"maximum_invalid_login_attemps\").getValue2())\n else:\n print \"Basic (lock account). Initialization. Using default number attempts\"\n\n print \"Basic (lock account). Initialized successfully. invalid_login_count_attribute: '%s', maximum_invalid_login_attemps: '%s'\" % (self.invalidLoginCountAttribute, self.maximumInvalidLoginAttemps)\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Basic (lock account). Destroy\"\n print \"Basic (lock account). Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n if step == 1:\n print \"Basic (lock account). Authenticate for step 1\"\n\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n try:\n logged_in = authenticationService.authenticate(user_name, user_password)\n except AuthenticationException:\n print \"Basic (lock account). Authenticate. Failed to authenticate user '%s'\" % user_name\n\n if not logged_in:\n countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute)\n countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0)\n\n if countInvalidLogin < self.maximumInvalidLoginAttemps:\n countInvalidLogin = countInvalidLogin + 1\n self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin))\n\n if countInvalidLogin >= self.maximumInvalidLoginAttemps:\n self.lockUser(user_name)\n \n return False\n\n self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0))\n\n return True\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n if step == 1:\n print \"Basic (lock account). Prepare for Step 1\"\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 1\n\n def getPageForStep(self, configurationAttributes, step):\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def getUserAttributeValue(self, user_name, attribute_name):\n if StringHelper.isEmpty(user_name):\n return None\n\n userService = CdiUtil.bean(UserService)\n\n find_user_by_uid = userService.getUser(user_name, attribute_name)\n if find_user_by_uid == None:\n return None\n\n custom_attribute_value = userService.getCustomAttribute(find_user_by_uid, attribute_name)\n if custom_attribute_value == None:\n return None\n \n attribute_value = custom_attribute_value.getValue()\n\n print \"Basic (lock account). Get user attribute. User's '%s' attribute '%s' value is '%s'\" % (user_name, attribute_name, attribute_value)\n\n return attribute_value\n\n def setUserAttributeValue(self, user_name, attribute_name, attribute_value):\n if StringHelper.isEmpty(user_name):\n return None\n\n userService = CdiUtil.bean(UserService)\n\n find_user_by_uid = userService.getUser(user_name)\n if find_user_by_uid == None:\n return None\n \n userService.setCustomAttribute(find_user_by_uid, attribute_name, attribute_value)\n updated_user = userService.updateUser(find_user_by_uid)\n\n print \"Basic (lock account). Set user attribute. User's '%s' attribute '%s' value is '%s'\" % (user_name, attribute_name, attribute_value)\n\n return updated_user\n\n def lockUser(self, user_name):\n if StringHelper.isEmpty(user_name):\n return None\n\n userService = CdiUtil.bean(UserService)\n\n find_user_by_uid = userService.getUser(user_name)\n if (find_user_by_uid == None):\n return None\n\n status_attribute_value = userService.getCustomAttribute(find_user_by_uid, \"gluuStatus\")\n if status_attribute_value != None:\n user_status = status_attribute_value.getValue()\n if StringHelper.equals(user_status, \"inactive\"):\n print \"Basic (lock account). Lock user. User '%s' locked already\" % user_name\n return\n \n userService.setCustomAttribute(find_user_by_uid, \"gluuStatus\", \"inactive\")\n updated_user = userService.updateUser(find_user_by_uid)\n\n print \"Basic (lock account). Lock user. User '%s' locked\" % user_name\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}", "{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!4BBE.C6A8", "oxConfigurationProperty": ["{\"value1\":\"invalid_login_count_attribute\",\"value2\":\"oxCountInvalidLogin\",\"description\":\"\"}", "{\"value1\":\"maximum_invalid_login_attemps\",\"value2\":\"3\",\"description\":\"\"}"]});
212[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
213
214
215
216UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.AF9C", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.AF9C,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "90", "displayName": "uaf", "description": "UAF authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\n# Requires the following custom properties and values:\n# uaf_server_uri: <idp_hostname>\n#\n# These are non mandatory custom properties and values:\n# uaf_policy_name: default\n# send_push_notifaction: false\n# registration_uri: https://<idp_hostname>/identity/register\n# qr_options: { width: 400, height: 400 }\n\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.oxauth.service import UserService, AuthenticationService, SessionIdService\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.xdi.oxauth.model.config import Constants\nfrom javax.ws.rs.core import Response\nfrom java.util import Arrays\nfrom org.xdi.oxauth.service.net import HttpService\nfrom org.apache.http.params import CoreConnectionPNames\n\nimport sys\nimport java\nimport json\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"UAF. Initialization\"\n\n if not configurationAttributes.containsKey(\"uaf_server_uri\"):\n print \"UAF. Initialization. Property uaf_server_uri is mandatory\"\n return False\n\n self.uaf_server_uri = configurationAttributes.get(\"uaf_server_uri\").getValue2()\n\n self.uaf_policy_name = \"default\"\n if configurationAttributes.containsKey(\"uaf_policy_name\"):\n self.uaf_policy_name = configurationAttributes.get(\"uaf_policy_name\").getValue2()\n\n self.send_push_notifaction = False\n if configurationAttributes.containsKey(\"send_push_notifaction\"):\n self.send_push_notifaction = StringHelper.toBoolean(configurationAttributes.get(\"send_push_notifaction\").getValue2(), False)\n\n self.registration_uri = None\n if configurationAttributes.containsKey(\"registration_uri\"):\n self.registration_uri = configurationAttributes.get(\"registration_uri\").getValue2()\n\n self.customQrOptions = {}\n if configurationAttributes.containsKey(\"qr_options\"):\n self.customQrOptions = configurationAttributes.get(\"qr_options\").getValue2()\n\n print \"UAF. Initializing HTTP client\"\n httpService = CdiUtil.bean(HttpService)\n self.http_client = httpService.getHttpsClient()\n http_client_params = self.http_client.getParams()\n http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)\n\n print \"UAF. Initialized successfully. uaf_server_uri: '%s', uaf_policy_name: '%s', send_push_notifaction: '%s', registration_uri: '%s', qr_options: '%s'\" % (self.uaf_server_uri, self.uaf_policy_name, self.send_push_notifaction, self.registration_uri, self.customQrOptions)\n \n print \"UAF. Initialized successfully\"\n return True\n\n def destroy(self, configurationAttributes):\n print \"UAF. Destroy\"\n print \"UAF. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n session_attributes = identity.getSessionId().getSessionAttributes()\n\n self.setRequestScopedParameters(identity)\n\n if (step == 1):\n print \"UAF. Authenticate for step 1\"\n\n user_name = credentials.getUsername()\n\n authenticated_user = self.processBasicAuthentication(credentials)\n if authenticated_user == None:\n return False\n\n uaf_auth_method = \"authenticate\"\n # Uncomment this block if you need to allow user second device registration\n #enrollment_mode = ServerUtil.getFirstValue(requestParameters, \"loginForm:registerButton\")\n #if StringHelper.isNotEmpty(enrollment_mode):\n # uaf_auth_method = \"enroll\"\n \n if uaf_auth_method == \"authenticate\":\n user_enrollments = self.findEnrollments(credentials)\n if len(user_enrollments) == 0:\n uaf_auth_method = \"enroll\"\n print \"UAF. Authenticate for step 1. There is no UAF enrollment for user '%s'. Changing uaf_auth_method to '%s'\" % (user_name, uaf_auth_method)\n\n print \"UAF. Authenticate for step 1. uaf_auth_method: '%s'\" % uaf_auth_method\n \n identity.setWorkingParameter(\"uaf_auth_method\", uaf_auth_method)\n\n return True\n elif (step == 2):\n print \"UAF. Authenticate for step 2\"\n\n session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()\n if StringHelper.isEmpty(session_id):\n print \"UAF. Prepare for step 2. Failed to determine session_id\"\n return False\n\n user = authenticationService.getAuthenticatedUser()\n if (user == None):\n print \"UAF. Authenticate for step 2. Failed to determine user name\"\n return False\n user_name = user.getUserId()\n\n uaf_auth_result = ServerUtil.getFirstValue(requestParameters, \"auth_result\")\n if uaf_auth_result != \"success\":\n print \"UAF. Authenticate for step 2. auth_result is '%s'\" % uaf_auth_result\n return False\n\n # Restore state from session\n uaf_auth_method = session_attributes.get(\"uaf_auth_method\")\n\n if not uaf_auth_method in ['enroll', 'authenticate']:\n print \"UAF. Authenticate for step 2. Failed to authenticate user. uaf_auth_method: '%s'\" % uaf_auth_method\n return False\n\n # Request STATUS_OBB\n if True:\n #TODO: Remove this condition\n # It's workaround becuase it's not possible to call STATUS_OBB 2 times. First time on browser and second ime on server\n uaf_user_device_handle = ServerUtil.getFirstValue(requestParameters, \"auth_handle\")\n else:\n uaf_obb_auth_method = session_attributes.get(\"uaf_obb_auth_method\")\n uaf_obb_server_uri = session_attributes.get(\"uaf_obb_server_uri\")\n uaf_obb_start_response = session_attributes.get(\"uaf_obb_start_response\")\n\n # Prepare STATUS_OBB\n uaf_obb_start_response_json = json.loads(uaf_obb_start_response)\n uaf_obb_status_request_dictionary = { \"operation\": \"STATUS_%s\" % uaf_obb_auth_method,\n \"userName\": user_name,\n \"needDetails\": 1,\n \"oobStatusHandle\": uaf_obb_start_response_json[\"oobStatusHandle\"],\n }\n \n uaf_obb_status_request = json.dumps(uaf_obb_status_request_dictionary, separators=(',',':'))\n print \"UAF. Authenticate for step 2. Prepared STATUS request: '%s' to send to '%s'\" % (uaf_obb_status_request, uaf_obb_server_uri)\n\n uaf_status_obb_response = self.executePost(uaf_obb_server_uri, uaf_obb_status_request)\n if uaf_status_obb_response == None:\n return False\n\n print \"UAF. Authenticate for step 2. Get STATUS response: '%s'\" % uaf_status_obb_response\n uaf_status_obb_response_json = json.loads(uaf_status_obb_response)\n \n if uaf_status_obb_response_json[\"statusCode\"] != 4000:\n print \"UAF. Authenticate for step 2. UAF operation status is invalid. statusCode: '%s'\" % uaf_status_obb_response_json[\"statusCode\"]\n return False\n\n uaf_user_device_handle = uaf_status_obb_response_json[\"additionalInfo\"][\"authenticatorsResult\"][\"handle\"]\n\n if StringHelper.isEmpty(uaf_user_device_handle):\n print \"UAF. Prepare for step 2. Failed to get UAF handle\"\n return False\n\n uaf_user_external_uid = \"uaf:%s\" % uaf_user_device_handle\n print \"UAF. Authenticate for step 2. UAF handle: '%s'\" % uaf_user_external_uid\n\n if uaf_auth_method == \"authenticate\":\n # Validate if user used device with same keYHandle\n user_enrollments = self.findEnrollments(credentials)\n if len(user_enrollments) == 0:\n uaf_auth_method = \"enroll\"\n print \"UAF. Authenticate for step 2. There is no UAF enrollment for user '%s'.\" % user_name\n return False\n \n for user_enrollment in user_enrollments:\n if StringHelper.equalsIgnoreCase(user_enrollment, uaf_user_device_handle):\n print \"UAF. Authenticate for step 2. There is UAF enrollment for user '%s'. User authenticated successfully\" % user_name\n return True\n else:\n userService = CdiUtil.bean(UserService)\n\n # Double check just to make sure. We did checking in previous step\n # Check if there is user which has uaf_user_external_uid\n # Avoid mapping user cert to more than one IDP account\n find_user_by_external_uid = userService.getUserByAttribute(\"oxExternalUid\", uaf_user_external_uid)\n if find_user_by_external_uid == None:\n # Add uaf_user_external_uid to user's external GUID list\n find_user_by_external_uid = userService.addUserAttribute(user_name, \"oxExternalUid\", uaf_user_external_uid)\n if find_user_by_external_uid == None:\n print \"UAF. Authenticate for step 2. Failed to update current user\"\n return False\n \n return True\n\n return False\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n session_attributes = identity.getSessionId().getSessionAttributes()\n\n self.setRequestScopedParameters(identity)\n\n if (step == 1):\n return True\n elif (step == 2):\n print \"UAF. Prepare for step 2\"\n\n session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()\n if StringHelper.isEmpty(session_id):\n print \"UAF. Prepare for step 2. Failed to determine session_id\"\n return False\n\n user = authenticationService.getAuthenticatedUser()\n if (user == None):\n print \"UAF. Prepare for step 2. Failed to determine user name\"\n return False\n\n uaf_auth_method = session_attributes.get(\"uaf_auth_method\")\n if StringHelper.isEmpty(uaf_auth_method):\n print \"UAF. Prepare for step 2. Failed to determine auth_method\"\n return False\n\n print \"UAF. Prepare for step 2. uaf_auth_method: '%s'\" % uaf_auth_method\n\n uaf_obb_auth_method = \"OOB_REG\"\n uaf_obb_server_uri = self.uaf_server_uri + \"/nnl/v2/reg\" \n if StringHelper.equalsIgnoreCase(uaf_auth_method, \"authenticate\"):\n uaf_obb_auth_method = \"OOB_AUTH\"\n uaf_obb_server_uri = self.uaf_server_uri + \"/nnl/v2/auth\" \n\n # Prepare START_OBB\n uaf_obb_start_request_dictionary = { \"operation\": \"START_%s\" % uaf_obb_auth_method,\n \"userName\": user.getUserId(),\n \"policyName\": \"default\",\n \"oobMode\":\n { \"qr\": \"true\", \"rawData\": \"false\", \"push\": \"false\" } \n }\n\n uaf_obb_start_request = json.dumps(uaf_obb_start_request_dictionary, separators=(',',':'))\n print \"UAF. Prepare for step 2. Prepared START request: '%s' to send to '%s'\" % (uaf_obb_start_request, uaf_obb_server_uri)\n\n # Request START_OBB\n uaf_obb_start_response = self.executePost(uaf_obb_server_uri, uaf_obb_start_request)\n if uaf_obb_start_response == None:\n return False\n\n print \"UAF. Prepare for step 2. Get START response: '%s'\" % uaf_obb_start_response\n uaf_obb_start_response_json = json.loads(uaf_obb_start_response)\n\n # Prepare STATUS_OBB\n #TODO: Remove needDetails parameter\n uaf_obb_status_request_dictionary = { \"operation\": \"STATUS_%s\" % uaf_obb_auth_method,\n \"userName\": user.getUserId(),\n \"needDetails\": 1,\n \"oobStatusHandle\": uaf_obb_start_response_json[\"oobStatusHandle\"],\n }\n\n uaf_obb_status_request = json.dumps(uaf_obb_status_request_dictionary, separators=(',',':'))\n print \"UAF. Prepare for step 2. Prepared STATUS request: '%s' to send to '%s'\" % (uaf_obb_status_request, uaf_obb_server_uri)\n\n identity.setWorkingParameter(\"uaf_obb_auth_method\", uaf_obb_auth_method)\n identity.setWorkingParameter(\"uaf_obb_server_uri\", uaf_obb_server_uri)\n identity.setWorkingParameter(\"uaf_obb_start_response\", uaf_obb_start_response)\n identity.setWorkingParameter(\"qr_image\", uaf_obb_start_response_json[\"modeResult\"][\"qrCode\"][\"qrImage\"])\n identity.setWorkingParameter(\"uaf_obb_status_request\", uaf_obb_status_request)\n\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return Arrays.asList(\"uaf_auth_method\", \"uaf_obb_auth_method\", \"uaf_obb_server_uri\", \"uaf_obb_start_response\")\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 2\n\n def getPageForStep(self, configurationAttributes, step):\n if (step == 2):\n return \"/auth/uaf/login.xhtml\"\n\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def setRequestScopedParameters(self, identity):\n if self.registration_uri != None:\n identity.setWorkingParameter(\"external_registration_uri\", self.registration_uri)\n identity.setWorkingParameter(\"qr_options\", self.customQrOptions)\n\n def processBasicAuthentication(self, credentials):\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if not logged_in:\n return None\n\n find_user_by_uid = authenticationService.getAuthenticatedUser()\n if find_user_by_uid == None:\n print \"UAF. Process basic authentication. Failed to find user '%s'\" % user_name\n return None\n \n return find_user_by_uid\n\n def findEnrollments(self, credentials):\n result = []\n\n userService = CdiUtil.bean(UserService)\n user_name = credentials.getUsername()\n user = userService.getUser(user_name, \"oxExternalUid\")\n if user == None:\n print \"UAF. Find enrollments. Failed to find user\"\n return result\n \n user_custom_ext_attribute = userService.getCustomAttribute(user, \"oxExternalUid\")\n if user_custom_ext_attribute == None:\n return result\n \n uaf_prefix = \"uaf:\"\n uaf_prefix_length = len(uaf_prefix) \n for user_external_uid in user_custom_ext_attribute.getValues():\n index = user_external_uid.find(uaf_prefix)\n if index != -1:\n enrollment_uid = user_external_uid[uaf_prefix_length:]\n result.append(enrollment_uid)\n \n return result\n\n def executePost(self, request_uri, request_data):\n httpService = CdiUtil.bean(HttpService)\n\n request_headers = { \"Content-type\" : \"application/json; charset=UTF-8\", \"Accept\" : \"application/json\" }\n\n try:\n http_service_response = httpService.executePost(self.http_client, request_uri, None, request_headers, request_data)\n http_response = http_service_response.getHttpResponse()\n except:\n print \"UAF. Validate POST response. Exception: \", sys.exc_info()[1]\n return None\n\n try:\n if not httpService.isResponseStastusCodeOk(http_response):\n print \"UAF. Validate POST response. Get invalid response from server: %s\" % str(http_response.getStatusLine().getStatusCode())\n httpService.consume(http_response)\n return None\n \n response_bytes = httpService.getResponseContent(http_response)\n response_string = httpService.convertEntityToString(response_bytes)\n httpService.consume(http_response)\n \n return response_string\n finally:\n http_service_response.closeConnection()\n return None\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}", "{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.AF9C", "oxConfigurationProperty": ["{\"value1\":\"uaf_server_uri\",\"value2\":\"https://u144.gluu.info\",\"description\":\"\"}", "{\"value1\":\"uaf_policy_name\",\"value2\":\"default\",\"description\":\"\"}", "{\"value1\":\"qr_options\",\"value2\":\"{ width: 400, height: 400 }\",\"description\":\"\"}", "{\"value1\":\"registration_uri\",\"value2\":\"https://u144.gluu.info/identity/register\",\"description\":\"\"}", "{\"value1\":\"send_push_notifaction\",\"value2\":\"false\",\"description\":\"\"}"]});
217[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
218
219
220
221UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.D4BF", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.D4BF,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "50", "displayName": "otp", "description": "HOTP/TOPT authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\n# Requires the following custom properties and values:\n# otp_type: totp/htop\n# issuer: Gluu Inc\n# otp_conf_file: /etc/certs/otp_configuration.json\n#\n# These are non mandatory custom properties and values:\n# label: Gluu OTP\n# qr_options: { width: 400, height: 400 }\n# registration_uri: https://ce-dev.gluu.org/identity/register\n\nimport jarray\nimport json\nimport sys\nfrom com.google.common.io import BaseEncoding\nfrom com.lochbridge.oath.otp import HOTP\nfrom com.lochbridge.oath.otp import HOTPValidator\nfrom com.lochbridge.oath.otp import HmacShaAlgorithm\nfrom com.lochbridge.oath.otp import TOTP\nfrom com.lochbridge.oath.otp.keyprovisioning import OTPAuthURIBuilder\nfrom com.lochbridge.oath.otp.keyprovisioning import OTPKey\nfrom com.lochbridge.oath.otp.keyprovisioning.OTPKey import OTPType\nfrom java.security import SecureRandom\nfrom java.util import Arrays\nfrom java.util.concurrent import TimeUnit\nfrom javax.faces.application import FacesMessage\nfrom org.gluu.jsf2.message import FacesMessages\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.oxauth.service import UserService, AuthenticationService, SessionIdService\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.util import StringHelper\n\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"OTP. Initialization\"\n\n if not configurationAttributes.containsKey(\"otp_type\"):\n print \"OTP. Initialization. Property otp_type is mandatory\"\n return False\n self.otpType = configurationAttributes.get(\"otp_type\").getValue2()\n\n if not self.otpType in [\"hotp\", \"totp\"]:\n print \"OTP. Initialization. Property value otp_type is invalid\"\n return False\n\n if not configurationAttributes.containsKey(\"issuer\"):\n print \"OTP. Initialization. Property issuer is mandatory\"\n return False\n self.otpIssuer = configurationAttributes.get(\"issuer\").getValue2()\n\n self.customLabel = None\n if configurationAttributes.containsKey(\"label\"):\n self.customLabel = configurationAttributes.get(\"label\").getValue2()\n\n self.customQrOptions = {}\n if configurationAttributes.containsKey(\"qr_options\"):\n self.customQrOptions = configurationAttributes.get(\"qr_options\").getValue2()\n\n self.registrationUri = None\n if configurationAttributes.containsKey(\"registration_uri\"):\n self.registrationUri = configurationAttributes.get(\"registration_uri\").getValue2()\n\n validOtpConfiguration = self.loadOtpConfiguration(configurationAttributes)\n if not validOtpConfiguration:\n return False\n \n print \"OTP. Initialized successfully\"\n return True\n\n def destroy(self, configurationAttributes):\n print \"OTP. Destroy\"\n print \"OTP. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n self.setRequestScopedParameters(identity)\n\n if step == 1:\n print \"OTP. Authenticate for step 1\"\n authenticated_user = self.processBasicAuthentication(credentials)\n if authenticated_user == None:\n return False\n\n otp_auth_method = \"authenticate\"\n # Uncomment this block if you need to allow user second OTP registration\n #enrollment_mode = ServerUtil.getFirstValue(requestParameters, \"loginForm:registerButton\")\n #if StringHelper.isNotEmpty(enrollment_mode):\n # otp_auth_method = \"enroll\"\n \n if otp_auth_method == \"authenticate\":\n user_enrollments = self.findEnrollments(authenticated_user.getUserId())\n if len(user_enrollments) == 0:\n otp_auth_method = \"enroll\"\n print \"OTP. Authenticate for step 1. There is no OTP enrollment for user '%s'. Changing otp_auth_method to '%s'\" % (authenticated_user.getUserId(), otp_auth_method)\n \n if otp_auth_method == \"enroll\":\n print \"OTP. Authenticate for step 1. Setting count steps: '%s'\" % 3\n identity.setWorkingParameter(\"otp_count_login_steps\", 3)\n\n print \"OTP. Authenticate for step 1. otp_auth_method: '%s'\" % otp_auth_method\n identity.setWorkingParameter(\"otp_auth_method\", otp_auth_method)\n\n return True\n elif step == 2:\n print \"OTP. Authenticate for step 2\"\n\n authenticationService = CdiUtil.bean(AuthenticationService)\n user = authenticationService.getAuthenticatedUser()\n if user == None:\n print \"OTP. Authenticate for step 2. Failed to determine user name\"\n return False\n\n session_id_validation = self.validateSessionId(identity)\n if not session_id_validation:\n return False\n\n # Restore state from session\n otp_auth_method = identity.getWorkingParameter(\"otp_auth_method\")\n if otp_auth_method == 'enroll':\n auth_result = ServerUtil.getFirstValue(requestParameters, \"auth_result\")\n if not StringHelper.isEmpty(auth_result):\n print \"OTP. Authenticate for step 2. User not enrolled OTP\"\n return False\n\n print \"OTP. Authenticate for step 2. Skipping this step during enrollment\"\n return True\n\n otp_auth_result = self.processOtpAuthentication(requestParameters, user.getUserId(), identity, otp_auth_method)\n print \"OTP. Authenticate for step 2. OTP authentication result: '%s'\" % otp_auth_result\n\n return otp_auth_result\n elif step == 3:\n print \"OTP. Authenticate for step 3\"\n\n authenticationService = CdiUtil.bean(AuthenticationService)\n user = authenticationService.getAuthenticatedUser()\n if user == None:\n print \"OTP. Authenticate for step 2. Failed to determine user name\"\n return False\n\n session_id_validation = self.validateSessionId(identity)\n if not session_id_validation:\n return False\n\n # Restore state from session\n otp_auth_method = identity.getWorkingParameter(\"otp_auth_method\")\n if otp_auth_method != 'enroll':\n return False\n\n otp_auth_result = self.processOtpAuthentication(requestParameters, user.getUserId(), identity, otp_auth_method)\n print \"OTP. Authenticate for step 3. OTP authentication result: '%s'\" % otp_auth_result\n\n return otp_auth_result\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n self.setRequestScopedParameters(identity)\n\n if step == 1:\n print \"OTP. Prepare for step 1\"\n\n return True\n elif step == 2:\n print \"OTP. Prepare for step 2\"\n\n session_id_validation = self.validateSessionId(identity)\n if not session_id_validation:\n return False\n\n otp_auth_method = identity.getWorkingParameter(\"otp_auth_method\")\n print \"OTP. Prepare for step 2. otp_auth_method: '%s'\" % otp_auth_method\n\n if otp_auth_method == 'enroll':\n authenticationService = CdiUtil.bean(AuthenticationService)\n user = authenticationService.getAuthenticatedUser()\n if user == None:\n print \"OTP. Prepare for step 2. Failed to load user enty\"\n return False\n\n if self.otpType == \"hotp\":\n otp_secret_key = self.generateSecretHotpKey()\n otp_enrollment_request = self.generateHotpSecretKeyUri(otp_secret_key, self.otpIssuer, user.getAttribute(\"displayName\"))\n elif self.otpType == \"totp\":\n otp_secret_key = self.generateSecretTotpKey()\n otp_enrollment_request = self.generateTotpSecretKeyUri(otp_secret_key, self.otpIssuer, user.getAttribute(\"displayName\"))\n else:\n print \"OTP. Prepare for step 2. Unknown OTP type: '%s'\" % self.otpType\n return False\n\n print \"OTP. Prepare for step 2. Prepared enrollment request for user: '%s'\" % user.getUserId()\n identity.setWorkingParameter(\"otp_secret_key\", self.toBase64Url(otp_secret_key))\n identity.setWorkingParameter(\"otp_enrollment_request\", otp_enrollment_request)\n\n return True\n elif step == 3:\n print \"OTP. Prepare for step 3\"\n\n session_id_validation = self.validateSessionId(identity)\n if not session_id_validation:\n return False\n\n otp_auth_method = identity.getWorkingParameter(\"otp_auth_method\")\n print \"OTP. Prepare for step 3. otp_auth_method: '%s'\" % otp_auth_method\n\n if otp_auth_method == 'enroll':\n return True\n\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return Arrays.asList(\"otp_auth_method\", \"otp_count_login_steps\", \"otp_secret_key\", \"otp_enrollment_request\")\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n identity = CdiUtil.bean(Identity)\n\n if identity.isSetWorkingParameter(\"otp_count_login_steps\"):\n return StringHelper.toInteger(\"%s\" % identity.getWorkingParameter(\"otp_count_login_steps\"))\n else:\n return 2\n\n def getPageForStep(self, configurationAttributes, step):\n if step == 2:\n identity = CdiUtil.bean(Identity)\n \n otp_auth_method = identity.getWorkingParameter(\"otp_auth_method\")\n print \"OTP. Gep page for step 2. otp_auth_method: '%s'\" % otp_auth_method\n \n if otp_auth_method == 'enroll':\n return \"/auth/otp/enroll.xhtml\"\n else:\n return \"/auth/otp/otplogin.xhtml\"\n elif step == 3:\n return \"/auth/otp/otplogin.xhtml\"\n\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def setRequestScopedParameters(self, identity):\n if self.registrationUri != None:\n identity.setWorkingParameter(\"external_registration_uri\", self.registrationUri)\n\n if self.customLabel != None:\n identity.setWorkingParameter(\"qr_label\", self.customLabel)\n\n identity.setWorkingParameter(\"qr_options\", self.customQrOptions)\n\n def loadOtpConfiguration(self, configurationAttributes):\n print \"OTP. Load OTP configuration\"\n if not configurationAttributes.containsKey(\"otp_conf_file\"):\n return False\n\n otp_conf_file = configurationAttributes.get(\"otp_conf_file\").getValue2()\n\n # Load configuration from file\n f = open(otp_conf_file, 'r')\n try:\n otpConfiguration = json.loads(f.read())\n except:\n print \"OTP. Load OTP configuration. Failed to load configuration from file:\", otp_conf_file\n return False\n finally:\n f.close()\n \n # Check configuration file settings\n try:\n self.hotpConfiguration = otpConfiguration[\"htop\"]\n self.totpConfiguration = otpConfiguration[\"totp\"]\n \n hmacShaAlgorithm = self.totpConfiguration[\"hmacShaAlgorithm\"]\n hmacShaAlgorithmType = None\n\n if StringHelper.equalsIgnoreCase(hmacShaAlgorithm, \"sha1\"):\n hmacShaAlgorithmType = HmacShaAlgorithm.HMAC_SHA_1\n elif StringHelper.equalsIgnoreCase(hmacShaAlgorithm, \"sha256\"):\n hmacShaAlgorithmType = HmacShaAlgorithm.HMAC_SHA_256\n elif StringHelper.equalsIgnoreCase(hmacShaAlgorithm, \"sha512\"):\n hmacShaAlgorithmType = HmacShaAlgorithm.HMAC_SHA_512\n else:\n print \"OTP. Load OTP configuration. Invalid TOTP HMAC SHA algorithm: '%s'\" % hmacShaAlgorithm\n \n self.totpConfiguration[\"hmacShaAlgorithmType\"] = hmacShaAlgorithmType\n except:\n print \"OTP. Load OTP configuration. Invalid configuration file '%s' format. Exception: '%s'\" % (otp_conf_file, sys.exc_info()[1])\n return False\n \n\n return True\n\n def processBasicAuthentication(self, credentials):\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if not logged_in:\n return None\n\n find_user_by_uid = authenticationService.getAuthenticatedUser()\n if find_user_by_uid == None:\n print \"OTP. Process basic authentication. Failed to find user '%s'\" % user_name\n return None\n \n return find_user_by_uid\n\n def findEnrollments(self, user_name, skipPrefix = True):\n result = []\n\n userService = CdiUtil.bean(UserService)\n user = userService.getUser(user_name, \"oxExternalUid\")\n if user == None:\n print \"OTP. Find enrollments. Failed to find user\"\n return result\n \n user_custom_ext_attribute = userService.getCustomAttribute(user, \"oxExternalUid\")\n if user_custom_ext_attribute == None:\n return result\n\n otp_prefix = \"%s:\" % self.otpType\n \n otp_prefix_length = len(otp_prefix) \n for user_external_uid in user_custom_ext_attribute.getValues():\n index = user_external_uid.find(otp_prefix)\n if index != -1:\n if skipPrefix:\n enrollment_uid = user_external_uid[otp_prefix_length:]\n else:\n enrollment_uid = user_external_uid\n\n result.append(enrollment_uid)\n \n return result\n\n def validateSessionId(self, identity):\n session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()\n if StringHelper.isEmpty(session_id):\n print \"OTP. Validate session id. Failed to determine session_id\"\n return False\n\n otp_auth_method = identity.getWorkingParameter(\"otp_auth_method\")\n if not otp_auth_method in ['enroll', 'authenticate']:\n print \"OTP. Validate session id. Failed to authenticate user. otp_auth_method: '%s'\" % otp_auth_method\n return False\n\n return True\n\n def processOtpAuthentication(self, requestParameters, user_name, identity, otp_auth_method):\n facesMessages = CdiUtil.bean(FacesMessages)\n facesMessages.setKeepMessages()\n\n userService = CdiUtil.bean(UserService)\n\n otpCode = ServerUtil.getFirstValue(requestParameters, \"loginForm:otpCode\")\n if StringHelper.isEmpty(otpCode):\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"Failed to authenticate. OTP code is empty\")\n print \"OTP. Process OTP authentication. otpCode is empty\"\n\n return False\n \n if otp_auth_method == \"enroll\":\n # Get key from session\n otp_secret_key_encoded = identity.getWorkingParameter(\"otp_secret_key\")\n if otp_secret_key_encoded == None:\n print \"OTP. Process OTP authentication. OTP secret key is invalid\"\n return False\n \n otp_secret_key = self.fromBase64Url(otp_secret_key_encoded)\n\n if self.otpType == \"hotp\":\n validation_result = self.validateHotpKey(otp_secret_key, 1, otpCode)\n \n if (validation_result != None) and validation_result[\"result\"]:\n print \"OTP. Process HOTP authentication during enrollment. otpCode is valid\"\n # Store HOTP Secret Key and moving factor in user entry\n otp_user_external_uid = \"hotp:%s;%s\" % ( otp_secret_key_encoded, validation_result[\"movingFactor\"] )\n\n # Add otp_user_external_uid to user's external GUID list\n find_user_by_external_uid = userService.addUserAttribute(user_name, \"oxExternalUid\", otp_user_external_uid)\n if find_user_by_external_uid != None:\n return True\n\n print \"OTP. Process HOTP authentication during enrollment. Failed to update user entry\"\n elif self.otpType == \"totp\":\n validation_result = self.validateTotpKey(otp_secret_key, otpCode)\n if (validation_result != None) and validation_result[\"result\"]:\n print \"OTP. Process TOTP authentication during enrollment. otpCode is valid\"\n # Store TOTP Secret Key and moving factor in user entry\n otp_user_external_uid = \"totp:%s\" % otp_secret_key_encoded\n\n # Add otp_user_external_uid to user's external GUID list\n find_user_by_external_uid = userService.addUserAttribute(user_name, \"oxExternalUid\", otp_user_external_uid)\n if find_user_by_external_uid != None:\n return True\n\n print \"OTP. Process TOTP authentication during enrollment. Failed to update user entry\"\n elif otp_auth_method == \"authenticate\":\n user_enrollments = self.findEnrollments(user_name)\n\n if len(user_enrollments) == 0:\n print \"OTP. Process OTP authentication. There is no OTP enrollment for user '%s'\" % user_name\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"There is no valid OTP user enrollments\")\n return False\n\n if self.otpType == \"hotp\":\n for user_enrollment in user_enrollments:\n user_enrollment_data = user_enrollment.split(\";\")\n otp_secret_key_encoded = user_enrollment_data[0]\n\n # Get current moving factor from user entry\n moving_factor = StringHelper.toInteger(user_enrollment_data[1])\n otp_secret_key = self.fromBase64Url(otp_secret_key_encoded)\n\n # Validate TOTP\n validation_result = self.validateHotpKey(otp_secret_key, moving_factor, otpCode)\n if (validation_result != None) and validation_result[\"result\"]:\n print \"OTP. Process HOTP authentication during authentication. otpCode is valid\"\n otp_user_external_uid = \"hotp:%s;%s\" % ( otp_secret_key_encoded, moving_factor )\n new_otp_user_external_uid = \"hotp:%s;%s\" % ( otp_secret_key_encoded, validation_result[\"movingFactor\"] )\n \n # Update moving factor in user entry\n find_user_by_external_uid = userService.replaceUserAttribute(user_name, \"oxExternalUid\", otp_user_external_uid, new_otp_user_external_uid)\n if find_user_by_external_uid != None:\n return True\n \n print \"OTP. Process HOTP authentication during authentication. Failed to update user entry\"\n elif self.otpType == \"totp\":\n for user_enrollment in user_enrollments:\n otp_secret_key = self.fromBase64Url(user_enrollment)\n\n # Validate TOTP\n validation_result = self.validateTotpKey(otp_secret_key, otpCode)\n if (validation_result != None) and validation_result[\"result\"]:\n print \"OTP. Process TOTP authentication during authentication. otpCode is valid\"\n return True\n\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"Failed to authenticate. OTP code is invalid\")\n print \"OTP. Process OTP authentication. OTP code is invalid\"\n\n return False\n\n # Shared HOTP/TOTP methods\n def generateSecretKey(self, keyLength):\n bytes = jarray.zeros(keyLength, \"b\")\n secureRandom = SecureRandom()\n secureRandom.nextBytes(bytes)\n \n return bytes\n \n # HOTP methods\n def generateSecretHotpKey(self):\n keyLength = self.hotpConfiguration[\"keyLength\"]\n \n return self.generateSecretKey(keyLength)\n\n def generateHotpKey(self, secretKey, movingFactor):\n digits = self.hotpConfiguration[\"digits\"]\n\n hotp = HOTP.key(secretKey).digits(digits).movingFactor(movingFactor).build()\n \n return hotp.value()\n\n def validateHotpKey(self, secretKey, movingFactor, totpKey):\n lookAheadWindow = self.hotpConfiguration[\"lookAheadWindow\"]\n digits = self.hotpConfiguration[\"digits\"]\n\n htopValidationResult = HOTPValidator.lookAheadWindow(lookAheadWindow).validate(secretKey, movingFactor, digits, totpKey)\n if htopValidationResult.isValid():\n return { \"result\": True, \"movingFactor\": htopValidationResult.getNewMovingFactor() }\n\n return { \"result\": False, \"movingFactor\": None }\n\n def generateHotpSecretKeyUri(self, secretKey, issuer, userDisplayName):\n digits = self.hotpConfiguration[\"digits\"]\n\n secretKeyBase32 = self.toBase32(secretKey)\n otpKey = OTPKey(secretKeyBase32, OTPType.HOTP)\n label = issuer + \" %s\" % userDisplayName\n\n otpAuthURI = OTPAuthURIBuilder.fromKey(otpKey).label(label).issuer(issuer).digits(digits).build()\n\n return otpAuthURI.toUriString()\n\n # TOTP methods\n def generateSecretTotpKey(self):\n keyLength = self.totpConfiguration[\"keyLength\"]\n \n return self.generateSecretKey(keyLength)\n\n def generateTotpKey(self, secretKey):\n digits = self.totpConfiguration[\"digits\"]\n timeStep = self.totpConfiguration[\"timeStep\"]\n hmacShaAlgorithmType = self.totpConfiguration[\"hmacShaAlgorithmType\"]\n\n totp = TOTP.key(secretKey).digits(digits).timeStep(TimeUnit.SECONDS.toMillis(timeStep)).hmacSha(hmacShaAlgorithmType).build()\n \n return totp.value()\n\n def validateTotpKey(self, secretKey, totpKey):\n localTotpKey = self.generateTotpKey(secretKey)\n if StringHelper.equals(localTotpKey, totpKey):\n return { \"result\": True }\n\n return { \"result\": False }\n\n def generateTotpSecretKeyUri(self, secretKey, issuer, userDisplayName):\n digits = self.totpConfiguration[\"digits\"]\n timeStep = self.totpConfiguration[\"timeStep\"]\n\n secretKeyBase32 = self.toBase32(secretKey)\n otpKey = OTPKey(secretKeyBase32, OTPType.TOTP)\n label = issuer + \" %s\" % userDisplayName\n\n otpAuthURI = OTPAuthURIBuilder.fromKey(otpKey).label(label).issuer(issuer).digits(digits).timeStep(TimeUnit.SECONDS.toMillis(timeStep)).build()\n\n return otpAuthURI.toUriString()\n\n # Utility methods\n def toBase32(self, bytes):\n return BaseEncoding.base32().omitPadding().encode(bytes)\n\n def toBase64Url(self, bytes):\n return BaseEncoding.base64Url().encode(bytes)\n\n def fromBase64Url(self, chars):\n return BaseEncoding.base64Url().decode(chars)\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}", "{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.D4BF", "oxConfigurationProperty": ["{\"value1\":\"otp_type\",\"value2\":\"totp\",\"description\":\"\"}", "{\"value1\":\"otp_conf_file\",\"value2\":\"/etc/certs/otp_configuration.json\",\"description\":\"\"}", "{\"value1\":\"issuer\",\"value2\":\"Gluu Inc\",\"description\":\"\"}", "{\"value1\":\"label\",\"value2\":\"Gluu OTP\",\"description\":\"\"}", "{\"value1\":\"qr_options\",\"value2\":\"{ size: 400, mSize: 0.05 }\",\"description\":\"\"}", "{\"value1\":\"registration_uri\",\"value2\":\"https://u144.gluu.info/identity/register\",\"description\":\"\"}"]});
222[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
223
224
225
226UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.F9CF", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.F9CF,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "20", "displayName": "duo", "description": "DUO authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import UserService, AuthenticationService\nfrom org.xdi.service import MailService\nfrom org.xdi.util import ArrayHelper\nfrom org.xdi.util import StringHelper\nfrom java.util import Arrays\n\nimport duo_web\nimport json\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Duo. Initialization\"\n\n duo_creds_file = configurationAttributes.get(\"duo_creds_file\").getValue2()\n # Load credentials from file\n f = open(duo_creds_file, 'r')\n try:\n creds = json.loads(f.read())\n except:\n print \"Duo. Initialization. Failed to load creds from file:\", duo_creds_file\n return False\n finally:\n f.close()\n\n self.ikey = str(creds[\"ikey\"])\n self.skey = str(creds[\"skey\"])\n self.akey = str(creds[\"akey\"])\n\n self.use_duo_group = False\n if (configurationAttributes.containsKey(\"duo_group\")):\n self.duo_group = configurationAttributes.get(\"duo_group\").getValue2()\n self.use_duo_group = True\n print \"Duo. Initialization. Using Duo only if user belong to group:\", self.duo_group\n\n self.use_audit_group = False\n if (configurationAttributes.containsKey(\"audit_group\")):\n self.audit_group = configurationAttributes.get(\"audit_group\").getValue2()\n\n if (not configurationAttributes.containsKey(\"audit_group_email\")):\n print \"Duo. Initialization. Property audit_group_email is not specified\"\n return False\n\n self.audit_email = configurationAttributes.get(\"audit_group_email\").getValue2()\n self.use_audit_group = True\n\n print \"Duo. Initialization. Using audito group:\", self.audit_group\n \n if (self.use_duo_group or self.use_audit_group):\n if (not configurationAttributes.containsKey(\"audit_attribute\")):\n print \"Duo. Initialization. Property audit_attribute is not specified\"\n return False\n else:\n self.audit_attribute = configurationAttributes.get(\"audit_attribute\").getValue2()\n\n print \"Duo. Initialized successfully\"\n return True \n\n def destroy(self, configurationAttributes):\n print \"Duo. Destroy\"\n print \"Duo. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n duo_host = configurationAttributes.get(\"duo_host\").getValue2()\n\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n identity = CdiUtil.bean(Identity)\n\n if (step == 1):\n print \"Duo. Authenticate for step 1\"\n\n # Check if user authenticated alreadyin another custom script\n user = authenticationService.getAuthenticatedUser()\n if user == None:\n credentials = identity.getCredentials()\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n \n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n userService = CdiUtil.bean(UserService)\n logged_in = authenticationService.authenticate(user_name, user_password)\n \n if (not logged_in):\n return False\n \n user = authenticationService.getAuthenticatedUser()\n\n if (self.use_duo_group):\n print \"Duo. Authenticate for step 1. Checking if user belong to Duo group\"\n is_member_duo_group = self.isUserMemberOfGroup(user, self.audit_attribute, self.duo_group)\n if (is_member_duo_group):\n print \"Duo. Authenticate for step 1. User '\" + user.getUserId() + \"' member of Duo group\"\n duo_count_login_steps = 2\n else:\n self.processAuditGroup(user)\n duo_count_login_steps = 1\n\n identity.setWorkingParameter(\"duo_count_login_steps\", duo_count_login_steps)\n\n return True\n elif (step == 2):\n print \"Duo. Authenticate for step 2\"\n user = authenticationService.getAuthenticatedUser()\n if user == None:\n print \"Duo. Authenticate for step 2. Failed to determine user name\"\n return False\n\n user_name = user.getUserId()\n\n sig_response_array = requestParameters.get(\"sig_response\")\n if ArrayHelper.isEmpty(sig_response_array):\n print \"Duo. Authenticate for step 2. sig_response is empty\"\n return False\n\n duo_sig_response = sig_response_array[0]\n\n print \"Duo. Authenticate for step 2. duo_sig_response: \" + duo_sig_response\n\n authenticated_username = duo_web.verify_response(self.ikey, self.skey, self.akey, duo_sig_response)\n\n print \"Duo. Authenticate for step 2. authenticated_username: \" + authenticated_username + \", expected user_name: \" + user_name\n\n if (not StringHelper.equals(user_name, authenticated_username)):\n return False\n\n self.processAuditGroup(user)\n\n return True\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n identity = CdiUtil.bean(Identity)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n duo_host = configurationAttributes.get(\"duo_host\").getValue2()\n\n if (step == 1):\n print \"Duo. Prepare for step 1\"\n\n return True\n elif (step == 2):\n print \"Duo. Prepare for step 2\"\n\n user = authenticationService.getAuthenticatedUser()\n if (user == None):\n print \"Duo. Prepare for step 2. Failed to determine user name\"\n return False\n user_name = user.getUserId()\n\n duo_sig_request = duo_web.sign_request(self.ikey, self.skey, self.akey, user_name)\n print \"Duo. Prepare for step 2. duo_sig_request: \" + duo_sig_request\n \n identity.setWorkingParameter(\"duo_host\", duo_host)\n identity.setWorkingParameter(\"duo_sig_request\", duo_sig_request)\n\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n if step == 2:\n return Arrays.asList(\"duo_count_login_steps\", \"cas2_user_uid\")\n\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n identity = CdiUtil.bean(Identity)\n if (identity.isSetWorkingParameter(\"duo_count_login_steps\")):\n return int(identity.getWorkingParameter(\"duo_count_login_steps\"))\n\n return 2\n\n def getPageForStep(self, configurationAttributes, step):\n if (step == 2):\n return \"/auth/duo/duologin.xhtml\"\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def isUserMemberOfGroup(self, user, attribute, group):\n is_member = False\n member_of_list = user.getAttributeValues(attribute)\n if (member_of_list != None):\n for member_of in member_of_list:\n if StringHelper.equalsIgnoreCase(group, member_of) or member_of.endswith(group):\n is_member = True\n break\n\n return is_member\n\n def processAuditGroup(self, user):\n if (self.use_audit_group):\n is_member = self.isUserMemberOfGroup(user, self.audit_attribute, self.audit_group)\n if (is_member):\n print \"Duo. Authenticate for processAuditGroup. User '\" + user.getUserId() + \"' member of audit group\"\n print \"Duo. Authenticate for processAuditGroup. Sending e-mail about user '\" + user.getUserId() + \"' login to\", self.audit_email\n \n # Send e-mail to administrator\n user_id = user.getUserId()\n mailService = CdiUtil.bean(MailService)\n subject = \"User log in: \" + user_id\n body = \"User log in: \" + user_id\n mailService.sendMail(self.audit_email, subject, body)\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!5018.F9CF", "oxConfigurationProperty": ["{\"value1\":\"duo_creds_file\",\"value2\":\"/etc/certs/duo_creds.json\",\"description\":\"\"}", "{\"value1\":\"duo_host\",\"value2\":\"api-random.duosecurity.com\",\"description\":\"\"}"]});
227[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
228
229
230
231UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!522F.CDC5", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!522F.CDC5,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "update_user", "description": "Sample Update User script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "update_user", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.model.custom.script.type.user import UpdateUserType\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList\n\nimport java\n\nclass UpdateUser(UpdateUserType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Update user. Initialization\"\n print \"Update user. Initialized successfully\"\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Update user. Destroy\"\n print \"Update user. Destroyed successfully\"\n return True \n\n def getApiVersion(self):\n return 2\n\n def newUser(self, user, configurationAttributes):\n print \"Update user. newUser method\"\n\n return True\n\n def addUser(self, user, persisted, configurationAttributes):\n print \"Update user. addUser method\"\n\n return True\n\n def postAddUser(self, user, configurationAttributes):\n print \"Update user. postAddUser method\"\n\n return True\n\n # Update user entry before persistent it\n # user is org.gluu.oxtrust.model.GluuCustomPerson\n # persisted is boolean value to specify if operation type: add/modify\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\n def updateUser(self, user, persisted, configurationAttributes):\n print \"Update user. updateUser method\"\n\n uid = user.getUid()\n print \"Update user. User uid: {}\".format(uid)\n \n mail = uid + \"@example.org\"\n user.setMail(mail)\n\n return True\n\n def postUpdateUser(self, user, configurationAttributes):\n print \"Update user. postUpdateUser method\"\n\n return True\n\n def deleteUser(self, user, persisted, configurationAttributes):\n print \"Update user. deleteUser method\"\n\n return True\n\n def postDeleteUser(self, user, configurationAttributes):\n print \"Update user. postDeleteUser method\"\n\n return True\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!522F.CDC5"});
232[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
233
234
235
236UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!6EA0.8F0C", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!6EA0.8F0C,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "90", "displayName": "user_registration", "description": "Sample User Registration script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "user_registration", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2016, Gluu\r\n#\r\n# Author: Yuriy Movchan\r\n#\r\n\r\nfrom org.xdi.model.custom.script.type.user import UserRegistrationType\r\nfrom org.xdi.ldap.model import GluuStatus\r\nfrom org.xdi.util import StringHelper, ArrayHelper\r\nfrom java.util import Arrays, ArrayList\r\n\r\nimport java\r\n\r\nclass UserRegistration(UserRegistrationType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"User registration. Initialization\"\r\n\r\n self.enable_user = StringHelper.toBoolean(configurationAttributes.get(\"enable_user\").getValue2(), False)\r\n\r\n print \"User registration. Initialized successfully\"\r\n\r\n return True \r\n\r\n def destroy(self, configurationAttributes):\r\n print \"User registration. Destroy\"\r\n print \"User registration. Destroyed successfully\"\r\n return True \r\n\r\n # User registration init method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def initRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Init method\"\r\n\r\n return True\r\n\r\n # User registration pre method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def preRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Pre method\"\r\n\r\n userStatus = GluuStatus.ACTIVE\r\n if not self.enable_user:\r\n userStatus = GluuStatus.INACTIVE\r\n\r\n # Disable/Enable registered user\r\n user.setStatus(userStatus)\r\n\r\n return True\r\n\r\n # User registration post method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def postRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Post method\"\r\n\r\n return True\r\n \r\n # User confirm New Registration method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def confirmRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Confirm registration method\"\r\n\r\n return True\r\n\r\n def getApiVersion(self):\r\n return 1\r\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!6EA0.8F0C", "oxConfigurationProperty": ["{\"value1\":\"enable_user\",\"value2\":\"false\",\"description\":\"\"}"]});
237[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
238
239
240
241UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!6EA0.8F0D", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!6EA0.8F0D,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "user_confirm_registration", "description": "Sample Confirm User Registration script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "user_registration", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2016, Gluu\r\n#\r\n\r\nfrom org.xdi.service.cdi.util import CdiUtil\r\nfrom org.xdi.model.custom.script.type.user import UserRegistrationType\r\nfrom org.xdi.service import MailService\r\nfrom org.gluu.oxtrust.ldap.service import PersonService\r\nfrom org.xdi.ldap.model import GluuStatus\r\nfrom org.xdi.util import StringHelper, ArrayHelper\r\nfrom java.util import Arrays, ArrayList\r\nfrom org.xdi.config.oxtrust import AppConfiguration\r\nfrom javax.faces.context import ExternalContext\r\n\r\nimport java\r\n\r\nclass UserRegistration(UserRegistrationType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"User registration. Initialization\"\r\n print \"User registration. Initialized successfully\"\r\n\r\n return True \r\n\r\n def destroy(self, configurationAttributes):\r\n print \"User registration. Destroy\"\r\n print \"User registration. Destroyed successfully\"\r\n return True \r\n\r\n # User registration init method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def initRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Init method\"\r\n\r\n return True\r\n\r\n # User registration pre method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def preRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Pre method\"\r\n \r\n userStatus = GluuStatus.INACTIVE\r\n\r\n # Disable/Enable registered user\r\n user.setStatus(userStatus)\r\n self.guid = StringHelper.getRandomString(16)\r\n user.setGuid(self.guid)\r\n return True\r\n\r\n # User registration post method\r\n # user is org.gluu.oxtrust.model.GluuCustomPerson\r\n # requestParameters is java.util.Map<String, String[]>\r\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\r\n def postRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Post method\"\r\n appConfiguration = CdiUtil.bean(AppConfiguration)\r\n\r\n hostName = appConfiguration.getApplianceUrl()\r\n externalContext = CdiUtil.bean(ExternalContext)\r\n contextPath = externalContext.getRequest().getContextPath() \r\n\r\n mailService = CdiUtil.bean(MailService)\r\n subject = \"Confirmation mail for user registration\"\r\n body = \"User Registered for %s. Please Confirm User Registration by clicking url: %s%s/confirm/registration?code=%s\" % (user.getMail(), hostName, contextPath, self.guid)\r\n print \"User registration. Post method. Attempting to send e-mail to '%s' message '%s'\" % (user.getMail(), body)\r\n\r\n mailService.sendMail(user.getMail(), subject, body)\r\n return True\r\n\r\n def confirmRegistration(self, user, requestParameters, configurationAttributes):\r\n print \"User registration. Confirm method\"\r\n\r\n code_array = requestParameters.get(\"code\")\r\n if ArrayHelper.isEmpty(code_array):\r\n print \"User registration. Confirm method. code is empty\"\r\n return False\r\n\r\n confirmation_code = code_array[0]\r\n print \"User registration. Confirm method. code: '%s'\" % confirmation_code\r\n\r\n if confirmation_code == None:\r\n print \"User registration. Confirm method. Confirmation code not exist in request\"\r\n return False\r\n\r\n personService = CdiUtil.bean(PersonService)\r\n user = personService.getPersonByAttribute(\"oxGuid\", confirmation_code)\r\n if user == None:\r\n print \"User registration. Confirm method. There is no user by confirmation code: '%s'\" % confirmation_code\r\n return False\r\n\r\n if confirmation_code == user.getGuid():\r\n user.setStatus(GluuStatus.ACTIVE)\r\n user.setGuid(\"\")\r\n personService.updatePerson(user)\r\n print \"User registration. Confirm method. User '%s' confirmed his registration\" % user.getUid()\r\n return True\r\n\r\n print \"User registration. Confirm method. Confirmation code for user '%s' is invalid\" % user.getUid()\r\n \treturn False\r\n\r\n def getApiVersion(self):\r\n return 1\r\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!6EA0.8F0D"});
242[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
243
244
245
246UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!8BAF.80D6", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!8BAF.80D6,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "10", "displayName": "u2f", "description": "Fido U2F authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\r\n# Copyright (c) 2016, Gluu\r\n#\r\n# Author: Yuriy Movchan\r\n#\r\n\r\nimport java\r\nimport sys\r\nfrom javax.ws.rs.core import Response\r\nfrom org.jboss.resteasy.client import ClientResponseFailure\r\nfrom org.jboss.resteasy.client.exception import ResteasyClientException\r\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\r\nfrom org.xdi.oxauth.client.fido.u2f import FidoU2fClientFactory\r\nfrom org.xdi.oxauth.model.config import Constants\r\nfrom org.xdi.oxauth.security import Identity\r\nfrom org.xdi.oxauth.service import UserService, AuthenticationService, SessionIdService\r\nfrom org.xdi.oxauth.service.fido.u2f import DeviceRegistrationService\r\nfrom org.xdi.oxauth.util import ServerUtil\r\nfrom org.xdi.service.cdi.util import CdiUtil\r\nfrom org.xdi.util import StringHelper\r\n\r\n\r\nclass PersonAuthentication(PersonAuthenticationType):\r\n def __init__(self, currentTimeMillis):\r\n self.currentTimeMillis = currentTimeMillis\r\n\r\n def init(self, configurationAttributes):\r\n print \"U2F. Initialization\"\r\n\r\n print \"U2F. Initialization. Downloading U2F metadata\"\r\n u2f_server_uri = configurationAttributes.get(\"u2f_server_uri\").getValue2()\r\n u2f_server_metadata_uri = u2f_server_uri + \"/.well-known/fido-u2f-configuration\"\r\n\r\n metaDataConfigurationService = FidoU2fClientFactory.instance().createMetaDataConfigurationService(u2f_server_metadata_uri)\r\n\r\n max_attempts = 20\r\n for attempt in range(1, max_attempts + 1):\r\n try:\r\n self.metaDataConfiguration = metaDataConfigurationService.getMetadataConfiguration()\r\n break\r\n except ClientResponseFailure, ex:\r\n # Detect if last try or we still get Service Unavailable HTTP error\r\n if (attempt == max_attempts) or (ex.getResponse().getResponseStatus() != Response.Status.SERVICE_UNAVAILABLE):\r\n raise ex\r\n\r\n java.lang.Thread.sleep(3000)\r\n print \"Attempting to load metadata: %d\" % attempt\r\n except ResteasyClientException, ex:\r\n # Detect if last try or we still get Service Unavailable HTTP error\r\n if attempt == max_attempts:\r\n raise ex\r\n\r\n java.lang.Thread.sleep(3000)\r\n print \"Attempting to load metadata: %d\" % attempt\r\n \r\n print \"U2F. Initialized successfully\"\r\n return True \r\n\r\n def destroy(self, configurationAttributes):\r\n print \"U2F. Destroy\"\r\n print \"U2F. Destroyed successfully\"\r\n return True\r\n\r\n def getApiVersion(self):\r\n return 1\r\n\r\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\r\n return True\r\n\r\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\r\n return None\r\n\r\n def authenticate(self, configurationAttributes, requestParameters, step):\r\n authenticationService = CdiUtil.bean(AuthenticationService)\r\n\r\n identity = CdiUtil.bean(Identity)\r\n credentials = identity.getCredentials()\r\n\r\n user_name = credentials.getUsername()\r\n\r\n if (step == 1):\r\n print \"U2F. Authenticate for step 1\"\r\n\r\n user_password = credentials.getPassword()\r\n logged_in = False\r\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\r\n userService = CdiUtil.bean(UserService)\r\n logged_in = authenticationService.authenticate(user_name, user_password)\r\n\r\n if (not logged_in):\r\n return False\r\n\r\n return True\r\n elif (step == 2):\r\n print \"U2F. Authenticate for step 2\"\r\n\r\n token_response = ServerUtil.getFirstValue(requestParameters, \"tokenResponse\")\r\n if token_response == None:\r\n print \"U2F. Authenticate for step 2. tokenResponse is empty\"\r\n return False\r\n\r\n auth_method = ServerUtil.getFirstValue(requestParameters, \"authMethod\")\r\n if auth_method == None:\r\n print \"U2F. Authenticate for step 2. authMethod is empty\"\r\n return False\r\n\r\n authenticationService = CdiUtil.bean(AuthenticationService)\r\n user = authenticationService.getAuthenticatedUser()\r\n if (user == None):\r\n print \"U2F. Prepare for step 2. Failed to determine user name\"\r\n return False\r\n\r\n if (auth_method == 'authenticate'):\r\n print \"U2F. Prepare for step 2. Call FIDO U2F in order to finish authentication workflow\"\r\n authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)\r\n authenticationStatus = authenticationRequestService.finishAuthentication(user.getUserId(), token_response)\r\n\r\n if (authenticationStatus.getStatus() != Constants.RESULT_SUCCESS):\r\n print \"U2F. Authenticate for step 2. Get invalid authentication status from FIDO U2F server\"\r\n return False\r\n\r\n return True\r\n elif (auth_method == 'enroll'):\r\n print \"U2F. Prepare for step 2. Call FIDO U2F in order to finish registration workflow\"\r\n registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)\r\n registrationStatus = registrationRequestService.finishRegistration(user.getUserId(), token_response)\r\n\r\n if (registrationStatus.getStatus() != Constants.RESULT_SUCCESS):\r\n print \"U2F. Authenticate for step 2. Get invalid registration status from FIDO U2F server\"\r\n return False\r\n\r\n return True\r\n else:\r\n print \"U2F. Prepare for step 2. Authenticatiod method is invalid\"\r\n return False\r\n\r\n return False\r\n else:\r\n return False\r\n\r\n def prepareForStep(self, configurationAttributes, requestParameters, step):\r\n identity = CdiUtil.bean(Identity)\r\n\r\n if (step == 1):\r\n return True\r\n elif (step == 2):\r\n print \"U2F. Prepare for step 2\"\r\n\r\n session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()\r\n if StringHelper.isEmpty(session_id):\r\n print \"U2F. Prepare for step 2. Failed to determine session_id\"\r\n return False\r\n\r\n authenticationService = CdiUtil.bean(AuthenticationService)\r\n user = authenticationService.getAuthenticatedUser()\r\n if (user == None):\r\n print \"U2F. Prepare for step 2. Failed to determine user name\"\r\n return False\r\n\r\n u2f_application_id = configurationAttributes.get(\"u2f_application_id\").getValue2()\r\n\r\n # Check if user have registered devices\r\n deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)\r\n\r\n userInum = user.getAttribute(\"inum\")\r\n\r\n registrationRequest = None\r\n authenticationRequest = None\r\n\r\n deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, u2f_application_id)\r\n if (deviceRegistrations.size() > 0):\r\n print \"U2F. Prepare for step 2. Call FIDO U2F in order to start authentication workflow\"\r\n\r\n try:\r\n authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)\r\n authenticationRequest = authenticationRequestService.startAuthentication(user.getUserId(), None, u2f_application_id, session_id)\r\n except ClientResponseFailure, ex:\r\n if (ex.getResponse().getResponseStatus() != Response.Status.NOT_FOUND):\r\n print \"U2F. Prepare for step 2. Failed to start authentication workflow. Exception:\", sys.exc_info()[1]\r\n return False\r\n else:\r\n print \"U2F. Prepare for step 2. Call FIDO U2F in order to start registration workflow\"\r\n registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)\r\n registrationRequest = registrationRequestService.startRegistration(user.getUserId(), u2f_application_id, session_id)\r\n\r\n identity.setWorkingParameter(\"fido_u2f_authentication_request\", ServerUtil.asJson(authenticationRequest))\r\n identity.setWorkingParameter(\"fido_u2f_registration_request\", ServerUtil.asJson(registrationRequest))\r\n\r\n return True\r\n elif (step == 3):\r\n print \"U2F. Prepare for step 3\"\r\n\r\n return True\r\n else:\r\n return False\r\n\r\n def getExtraParametersForStep(self, configurationAttributes, step):\r\n return None\r\n\r\n def getCountAuthenticationSteps(self, configurationAttributes):\r\n return 2\r\n\r\n def getPageForStep(self, configurationAttributes, step):\r\n if (step == 2):\r\n return \"/auth/u2f/login.xhtml\"\r\n\r\n return \"\"\r\n\r\n def logout(self, configurationAttributes, requestParameters):\r\n return True\r\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!8BAF.80D6", "oxConfigurationProperty": ["{\"value1\":\"u2f_application_id\",\"value2\":\"https://u144.gluu.info\",\"description\":\"\"}", "{\"value1\":\"u2f_server_uri\",\"value2\":\"https://u144.gluu.info\",\"description\":\"\"}"]});
247[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
248
249
250
251UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!92F0.BF9E", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!92F0.BF9E,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "15", "displayName": "super_gluu", "description": "Super Gluu authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom com.google.android.gcm.server import Sender, Message\nfrom com.notnoop.apns import APNS\nfrom java.util import Arrays\nfrom org.apache.http.params import CoreConnectionPNames\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.model.config import ConfigurationFactory\nfrom org.xdi.oxauth.service import UserService, AuthenticationService, SessionIdService\nfrom org.xdi.oxauth.service.fido.u2f import DeviceRegistrationService\nfrom org.xdi.oxauth.service.net import HttpService\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.xdi.util import StringHelper\nfrom org.xdi.oxauth.service import EncryptionService\nfrom org.xdi.service import MailService\nfrom org.xdi.oxauth.service.push.sns import PushPlatform, PushSnsService \nfrom org.gluu.oxnotify.client import NotifyClientFactory \nfrom java.util import Arrays, HashMap, IdentityHashMap\n\nimport datetime\nimport urllib\n\nimport sys\nimport json\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Super-Gluu. Initialization\"\n\n if not configurationAttributes.containsKey(\"authentication_mode\"):\n print \"Super-Gluu. Initialization. Property authentication_mode is mandatory\"\n return False\n\n self.registrationUri = None\n if configurationAttributes.containsKey(\"registration_uri\"):\n self.registrationUri = configurationAttributes.get(\"registration_uri\").getValue2()\n\n authentication_mode = configurationAttributes.get(\"authentication_mode\").getValue2()\n if StringHelper.isEmpty(authentication_mode):\n print \"Super-Gluu. Initialization. Failed to determine authentication_mode. authentication_mode configuration parameter is empty\"\n return False\n \n self.oneStep = StringHelper.equalsIgnoreCase(authentication_mode, \"one_step\")\n self.twoStep = StringHelper.equalsIgnoreCase(authentication_mode, \"two_step\")\n\n if not (self.oneStep or self.twoStep):\n print \"Super-Gluu. Initialization. Valid authentication_mode values are one_step and two_step\"\n return False\n \n self.enabledPushNotifications = self.initPushNotificationService(configurationAttributes)\n\n self.androidUrl = None\n if configurationAttributes.containsKey(\"supergluu_android_download_url\"):\n self.androidUrl = configurationAttributes.get(\"supergluu_android_download_url\").getValue2()\n\n self.IOSUrl = None\n if configurationAttributes.containsKey(\"supergluu_ios_download_url\"):\n self.IOSUrl = configurationAttributes.get(\"supergluu_ios_download_url\").getValue2()\n\n self.customLabel = None\n if configurationAttributes.containsKey(\"label\"):\n self.customLabel = configurationAttributes.get(\"label\").getValue2()\n\n self.customQrOptions = {}\n if configurationAttributes.containsKey(\"qr_options\"):\n self.customQrOptions = configurationAttributes.get(\"qr_options\").getValue2()\n\n self.use_super_gluu_group = False\n if configurationAttributes.containsKey(\"super_gluu_group\"):\n self.super_gluu_group = configurationAttributes.get(\"super_gluu_group\").getValue2()\n self.use_super_gluu_group = True\n print \"Super-Gluu. Initialization. Using super_gluu only if user belong to group: %s\" % self.super_gluu_group\n\n self.use_audit_group = False\n if configurationAttributes.containsKey(\"audit_group\"):\n self.audit_group = configurationAttributes.get(\"audit_group\").getValue2()\n\n if (not configurationAttributes.containsKey(\"audit_group_email\")):\n print \"Super-Gluu. Initialization. Property audit_group_email is not specified\"\n return False\n\n self.audit_email = configurationAttributes.get(\"audit_group_email\").getValue2()\n self.use_audit_group = True\n\n print \"Super-Gluu. Initialization. Using audit group: %s\" % self.audit_group\n \n if self.use_super_gluu_group or self.use_audit_group:\n if not configurationAttributes.containsKey(\"audit_attribute\"):\n print \"Super-Gluu. Initialization. Property audit_attribute is not specified\"\n return False\n else:\n self.audit_attribute = configurationAttributes.get(\"audit_attribute\").getValue2()\n\n print \"Super-Gluu. Initialized successfully. oneStep: '%s', twoStep: '%s', pushNotifications: '%s', customLabel: '%s'\" % (self.oneStep, self.twoStep, self.enabledPushNotifications, self.customLabel)\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Super-Gluu. Destroy\"\n\n self.pushAndroidService = None\n self.pushAppleService = None\n\n print \"Super-Gluu. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 2\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n session_attributes = identity.getSessionId().getSessionAttributes()\n\n client_redirect_uri = self.getClientRedirecUri(session_attributes)\n if client_redirect_uri == None:\n print \"Super-Gluu. Authenticate. redirect_uri is not set\"\n return False\n\n self.setRequestScopedParameters(identity, step)\n\n # Validate form result code and initialize QR code regeneration if needed (retry_current_step = True)\n identity.setWorkingParameter(\"retry_current_step\", False)\n form_auth_result = ServerUtil.getFirstValue(requestParameters, \"auth_result\")\n if StringHelper.isNotEmpty(form_auth_result):\n print \"Super-Gluu. Authenticate for step %s. Get auth_result: '%s'\" % (step, form_auth_result)\n if form_auth_result in ['error']:\n return False\n\n if form_auth_result in ['timeout']:\n if ((step == 1) and self.oneStep) or ((step == 2) and self.twoStep): \n print \"Super-Gluu. Authenticate for step %s. Reinitializing current step\" % step\n identity.setWorkingParameter(\"retry_current_step\", True)\n return False\n\n userService = CdiUtil.bean(UserService)\n deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)\n if step == 1:\n print \"Super-Gluu. Authenticate for step 1\"\n\n user_name = credentials.getUsername()\n if self.oneStep:\n session_device_status = self.getSessionDeviceStatus(session_attributes, user_name)\n if session_device_status == None:\n return False\n\n u2f_device_id = session_device_status['device_id']\n\n validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status)\n if validation_result:\n print \"Super-Gluu. Authenticate for step 1. User successfully authenticated with u2f_device '%s'\" % u2f_device_id\n else:\n return False\n \n if not session_device_status['one_step']:\n print \"Super-Gluu. Authenticate for step 1. u2f_device '%s' is not one step device\" % u2f_device_id\n return False\n \n # There are two steps only in enrollment mode\n if session_device_status['enroll']:\n return validation_result\n\n identity.setWorkingParameter(\"super_gluu_count_login_steps\", 1)\n\n user_inum = session_device_status['user_inum']\n\n u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id, \"oxId\")\n if u2f_device == None:\n print \"Super-Gluu. Authenticate for step 1. Failed to load u2f_device '%s'\" % u2f_device_id\n return False\n\n logged_in = authenticationService.authenticate(user_name)\n if not logged_in:\n print \"Super-Gluu. Authenticate for step 1. Failed to authenticate user '%s'\" % user_name\n return False\n\n print \"Super-Gluu. Authenticate for step 1. User '%s' successfully authenticated with u2f_device '%s'\" % (user_name, u2f_device_id)\n \n return True\n elif self.twoStep:\n authenticated_user = self.processBasicAuthentication(credentials)\n if authenticated_user == None:\n return False\n\n if (self.use_super_gluu_group):\n print \"Super-Gluu. Authenticate for step 1. Checking if user belong to super_gluu group\"\n is_member_super_gluu_group = self.isUserMemberOfGroup(authenticated_user, self.audit_attribute, self.super_gluu_group)\n if (is_member_super_gluu_group):\n print \"Super-Gluu. Authenticate for step 1. User '%s' member of super_gluu group\" % authenticated_user.getUserId()\n super_gluu_count_login_steps = 2\n else:\n if self.use_audit_group:\n self.processAuditGroup(authenticated_user, self.audit_attribute, self.audit_group)\n super_gluu_count_login_steps = 1\n \n identity.setWorkingParameter(\"super_gluu_count_login_steps\", super_gluu_count_login_steps)\n \n if super_gluu_count_login_steps == 1:\n return True\n \n auth_method = 'authenticate'\n enrollment_mode = ServerUtil.getFirstValue(requestParameters, \"loginForm:registerButton\")\n if StringHelper.isNotEmpty(enrollment_mode):\n auth_method = 'enroll'\n \n if auth_method == 'authenticate':\n user_inum = userService.getUserInum(authenticated_user)\n u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, \"oxId\")\n if u2f_devices_list.size() == 0:\n auth_method = 'enroll'\n print \"Super-Gluu. Authenticate for step 1. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'\" % (user_name, client_redirect_uri, auth_method)\n \n print \"Super-Gluu. Authenticate for step 1. auth_method: '%s'\" % auth_method\n \n identity.setWorkingParameter(\"super_gluu_auth_method\", auth_method)\n\n return True\n\n return False\n elif step == 2:\n print \"Super-Gluu. Authenticate for step 2\"\n\n user = authenticationService.getAuthenticatedUser()\n if (user == None):\n print \"Super-Gluu. Authenticate for step 2. Failed to determine user name\"\n return False\n user_name = user.getUserId()\n\n session_attributes = identity.getSessionId().getSessionAttributes()\n\n session_device_status = self.getSessionDeviceStatus(session_attributes, user_name)\n if session_device_status == None:\n return False\n\n u2f_device_id = session_device_status['device_id']\n\n # There are two steps only in enrollment mode\n if self.oneStep and session_device_status['enroll']:\n authenticated_user = self.processBasicAuthentication(credentials)\n if authenticated_user == None:\n return False\n\n user_inum = userService.getUserInum(authenticated_user)\n \n attach_result = deviceRegistrationService.attachUserDeviceRegistration(user_inum, u2f_device_id)\n\n print \"Super-Gluu. Authenticate for step 2. Result after attaching u2f_device '%s' to user '%s': '%s'\" % (u2f_device_id, user_name, attach_result) \n\n return attach_result\n elif self.twoStep:\n if user_name == None:\n print \"Super-Gluu. Authenticate for step 2. Failed to determine user name\"\n return False\n\n validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status, user_name)\n if validation_result:\n print \"Super-Gluu. Authenticate for step 2. User '%s' successfully authenticated with u2f_device '%s'\" % (user_name, u2f_device_id)\n else:\n return False\n \n super_gluu_request = json.loads(session_device_status['super_gluu_request'])\n auth_method = super_gluu_request['method']\n if auth_method in ['enroll', 'authenticate']:\n if validation_result and self.use_audit_group:\n user = authenticationService.getAuthenticatedUser()\n self.processAuditGroup(user, self.audit_attribute, self.audit_group)\n\n return validation_result\n\n print \"Super-Gluu. Authenticate for step 2. U2F auth_method is invalid\"\n\n return False\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n identity = CdiUtil.bean(Identity)\n session_attributes = identity.getSessionId().getSessionAttributes()\n\n client_redirect_uri = self.getClientRedirecUri(session_attributes)\n if client_redirect_uri == None:\n print \"Super-Gluu. Prepare for step. redirect_uri is not set\"\n return False\n\n self.setRequestScopedParameters(identity, step)\n\n if step == 1:\n print \"Super-Gluu. Prepare for step 1\"\n if self.oneStep:\n session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()\n if StringHelper.isEmpty(session_id):\n print \"Super-Gluu. Prepare for step 2. Failed to determine session_id\"\n return False\n \n issuer = CdiUtil.bean(ConfigurationFactory).getConfiguration().getIssuer()\n super_gluu_request_dictionary = {'app': client_redirect_uri,\n 'issuer': issuer,\n 'state': session_id,\n 'created': datetime.datetime.now().isoformat()}\n\n self.addGeolocationData(session_attributes, super_gluu_request_dictionary)\n\n super_gluu_request = json.dumps(super_gluu_request_dictionary, separators=(',',':'))\n print \"Super-Gluu. Prepare for step 1. Prepared super_gluu_request:\", super_gluu_request\n \n identity.setWorkingParameter(\"super_gluu_request\", super_gluu_request)\n elif self.twoStep:\n identity.setWorkingParameter(\"display_register_action\", True)\n\n return True\n elif step == 2:\n print \"Super-Gluu. Prepare for step 2\"\n if self.oneStep:\n return True\n\n authenticationService = CdiUtil.bean(AuthenticationService)\n user = authenticationService.getAuthenticatedUser()\n if user == None:\n print \"Super-Gluu. Prepare for step 2. Failed to determine user name\"\n return False\n\n if session_attributes.containsKey(\"super_gluu_request\"):\n super_gluu_request = session_attributes.get(\"super_gluu_request\")\n if not StringHelper.equalsIgnoreCase(super_gluu_request, \"timeout\"):\n print \"Super-Gluu. Prepare for step 2. Request was generated already\"\n return True\n \n session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()\n if StringHelper.isEmpty(session_id):\n print \"Super-Gluu. Prepare for step 2. Failed to determine session_id\"\n return False\n\n auth_method = session_attributes.get(\"super_gluu_auth_method\")\n if StringHelper.isEmpty(auth_method):\n print \"Super-Gluu. Prepare for step 2. Failed to determine auth_method\"\n return False\n\n print \"Super-Gluu. Prepare for step 2. auth_method: '%s'\" % auth_method\n \n issuer = CdiUtil.bean(ConfigurationFactory).getAppConfiguration().getIssuer()\n super_gluu_request_dictionary = {'username': user.getUserId(),\n 'app': client_redirect_uri,\n 'issuer': issuer,\n 'method': auth_method,\n 'state': session_id,\n 'created': datetime.datetime.now().isoformat()}\n\n self.addGeolocationData(session_attributes, super_gluu_request_dictionary)\n\n super_gluu_request = json.dumps(super_gluu_request_dictionary, separators=(',',':'))\n print \"Super-Gluu. Prepare for step 2. Prepared super_gluu_request:\", super_gluu_request\n\n identity.setWorkingParameter(\"super_gluu_request\", super_gluu_request)\n identity.setWorkingParameter(\"super_gluu_auth_method\", auth_method)\n\n if auth_method in ['authenticate']:\n self.sendPushNotification(client_redirect_uri, user, super_gluu_request)\n\n return True\n else:\n return False\n\n def getNextStep(self, configurationAttributes, requestParameters, step):\n # If user not pass current step change step to previous\n identity = CdiUtil.bean(Identity)\n retry_current_step = identity.getWorkingParameter(\"retry_current_step\")\n if retry_current_step:\n print \"Super-Gluu. Get next step. Retrying current step\"\n\n # Remove old QR code\n identity.setWorkingParameter(\"super_gluu_request\", \"timeout\")\n\n resultStep = step\n return resultStep\n\n return -1\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n if step == 1:\n if self.oneStep: \n return Arrays.asList(\"super_gluu_request\")\n elif self.twoStep:\n return Arrays.asList(\"display_register_action\")\n elif step == 2:\n return Arrays.asList(\"super_gluu_auth_method\", \"super_gluu_request\")\n \n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n identity = CdiUtil.bean(Identity)\n if identity.isSetWorkingParameter(\"super_gluu_count_login_steps\"):\n return identity.getWorkingParameter(\"super_gluu_count_login_steps\")\n else:\n return 2\n\n def getPageForStep(self, configurationAttributes, step):\n if step == 1:\n if self.oneStep: \n return \"/auth/super-gluu/login.xhtml\"\n elif step == 2:\n if self.oneStep:\n return \"/login.xhtml\"\n else:\n identity = CdiUtil.bean(Identity)\n authmethod = identity.getWorkingParameter(\"super_gluu_auth_method\")\n print \"Super-Gluu. authmethod '%s'\" % authmethod\n if authmethod == \"enroll\":\n return \"/auth/super-gluu/login.xhtml\"\n else:\n return \"/auth/super-gluu/login.xhtml\"\n\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def processBasicAuthentication(self, credentials):\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if not logged_in:\n return None\n\n find_user_by_uid = authenticationService.getAuthenticatedUser()\n if find_user_by_uid == None:\n print \"Super-Gluu. Process basic authentication. Failed to find user '%s'\" % user_name\n return None\n \n return find_user_by_uid\n\n def validateSessionDeviceStatus(self, client_redirect_uri, session_device_status, user_name = None):\n userService = CdiUtil.bean(UserService)\n deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)\n\n u2f_device_id = session_device_status['device_id']\n\n u2f_device = None\n if session_device_status['enroll'] and session_device_status['one_step']:\n u2f_device = deviceRegistrationService.findOneStepUserDeviceRegistration(u2f_device_id)\n if u2f_device == None:\n print \"Super-Gluu. Validate session device status. There is no one step u2f_device '%s'\" % u2f_device_id\n return False\n else:\n # Validate if user has specified device_id enrollment\n user_inum = userService.getUserInum(user_name)\n\n if session_device_status['one_step']:\n user_inum = session_device_status['user_inum']\n \n u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id)\n if u2f_device == None:\n print \"Super-Gluu. Validate session device status. There is no u2f_device '%s' associated with user '%s'\" % (u2f_device_id, user_inum)\n return False\n\n if not StringHelper.equalsIgnoreCase(client_redirect_uri, u2f_device.application):\n print \"Super-Gluu. Validate session device status. u2f_device '%s' associated with other application '%s'\" % (u2f_device_id, u2f_device.application)\n return False\n \n return True\n\n def getSessionDeviceStatus(self, session_attributes, user_name):\n print \"Super-Gluu. Get session device status\"\n\n if not session_attributes.containsKey(\"super_gluu_request\"):\n print \"Super-Gluu. Get session device status. There is no Super-Gluu request in session attributes\"\n return None\n\n # Check session state extended\n if not session_attributes.containsKey(\"session_custom_state\"):\n print \"Super-Gluu. Get session device status. There is no session_custom_state in session attributes\"\n return None\n\n session_custom_state = session_attributes.get(\"session_custom_state\")\n if not StringHelper.equalsIgnoreCase(\"approved\", session_custom_state):\n print \"Super-Gluu. Get session device status. User '%s' not approve or not pass U2F authentication. session_custom_state: '%s'\" % (user_name, session_custom_state)\n return None\n\n # Try to find device_id in session attribute\n if not session_attributes.containsKey(\"oxpush2_u2f_device_id\"):\n print \"Super-Gluu. Get session device status. There is no u2f_device associated with this request\"\n return None\n\n # Try to find user_inum in session attribute\n if not session_attributes.containsKey(\"oxpush2_u2f_device_user_inum\"):\n print \"Super-Gluu. Get session device status. There is no user_inum associated with this request\"\n return None\n \n enroll = False\n if session_attributes.containsKey(\"oxpush2_u2f_device_enroll\"):\n enroll = StringHelper.equalsIgnoreCase(\"true\", session_attributes.get(\"oxpush2_u2f_device_enroll\"))\n\n one_step = False\n if session_attributes.containsKey(\"oxpush2_u2f_device_one_step\"):\n one_step = StringHelper.equalsIgnoreCase(\"true\", session_attributes.get(\"oxpush2_u2f_device_one_step\"))\n \n super_gluu_request = session_attributes.get(\"super_gluu_request\")\n u2f_device_id = session_attributes.get(\"oxpush2_u2f_device_id\")\n user_inum = session_attributes.get(\"oxpush2_u2f_device_user_inum\")\n\n session_device_status = {\"super_gluu_request\": super_gluu_request, \"device_id\": u2f_device_id, \"user_inum\" : user_inum, \"enroll\" : enroll, \"one_step\" : one_step}\n print \"Super-Gluu. Get session device status. session_device_status: '%s'\" % (session_device_status)\n \n return session_device_status\n\n def initPushNotificationService(self, configurationAttributes):\n print \"Super-Gluu. Initialize Native/SNS/Gluu notification services\"\n\n self.pushSnsMode = False\n self.pushGluuMode = False\n if configurationAttributes.containsKey(\"notification_service_mode\"):\n notificationServiceMode = configurationAttributes.get(\"notification_service_mode\").getValue2()\n if StringHelper.equalsIgnoreCase(notificationServiceMode, \"sns\"):\n return self.initSnsPushNotificationService(configurationAttributes)\n elif StringHelper.equalsIgnoreCase(notificationServiceMode, \"gluu\"):\n return self.initGluuPushNotificationService(configurationAttributes)\n\n return self.initNativePushNotificationService(configurationAttributes)\n\n def initNativePushNotificationService(self, configurationAttributes):\n print \"Super-Gluu. Initialize native notification services\"\n \n creds = self.loadPushNotificationCreds(configurationAttributes)\n if creds == None:\n return False\n \n try:\n android_creds = creds[\"android\"][\"gcm\"]\n ios_creds = creds[\"ios\"][\"apns\"]\n except:\n print \"Super-Gluu. Initialize native notification services. Invalid credentials file format\"\n return False\n \n self.pushAndroidService = None\n self.pushAppleService = None\n if android_creds[\"enabled\"]:\n self.pushAndroidService = Sender(android_creds[\"api_key\"]) \n print \"Super-Gluu. Initialize native notification services. Created Android notification service\"\n \n if ios_creds[\"enabled\"]:\n p12_file_path = ios_creds[\"p12_file_path\"]\n p12_passowrd = ios_creds[\"p12_password\"]\n\n try:\n encryptionService = CdiUtil.bean(EncryptionService)\n p12_passowrd = encryptionService.decrypt(p12_passowrd)\n except:\n # Ignore exception. Password is not encrypted\n print \"Super-Gluu. Initialize native notification services. Assuming that 'p12_passowrd' password in not encrypted\"\n\n apnsServiceBuilder = APNS.newService().withCert(p12_file_path, p12_passowrd)\n if ios_creds[\"production\"]:\n self.pushAppleService = apnsServiceBuilder.withProductionDestination().build()\n else:\n self.pushAppleService = apnsServiceBuilder.withSandboxDestination().build()\n\n self.pushAppleServiceProduction = ios_creds[\"production\"]\n\n print \"Super-Gluu. Initialize native notification services. Created iOS notification service\"\n\n enabled = self.pushAndroidService != None or self.pushAppleService != None\n\n return enabled\n\n def initSnsPushNotificationService(self, configurationAttributes):\n print \"Super-Gluu. Initialize SNS notification services\"\n self.pushSnsMode = True\n\n creds = self.loadPushNotificationCreds(configurationAttributes)\n if creds == None:\n return False\n \n try:\n sns_creds = creds[\"sns\"]\n android_creds = creds[\"android\"][\"sns\"]\n ios_creds = creds[\"ios\"][\"sns\"]\n except:\n print \"Super-Gluu. Initialize SNS notification services. Invalid credentials file format\"\n return False\n \n self.pushAndroidService = None\n self.pushAppleService = None\n if not (android_creds[\"enabled\"] or ios_creds[\"enabled\"]):\n print \"Super-Gluu. Initialize SNS notification services. SNS disabled for all platforms\"\n return False\n\n sns_access_key = sns_creds[\"access_key\"]\n sns_secret_access_key = sns_creds[\"secret_access_key\"]\n sns_region = sns_creds[\"region\"]\n\n encryptionService = CdiUtil.bean(EncryptionService)\n\n try:\n sns_secret_access_key = encryptionService.decrypt(sns_secret_access_key)\n except:\n # Ignore exception. Password is not encrypted\n print \"Super-Gluu. Initialize SNS notification services. Assuming that 'sns_secret_access_key' in not encrypted\"\n \n pushSnsService = CdiUtil.bean(PushSnsService)\n pushClient = pushSnsService.createSnsClient(sns_access_key, sns_secret_access_key, sns_region)\n\n if android_creds[\"enabled\"]:\n self.pushAndroidService = pushClient\n self.pushAndroidPlatformArn = android_creds[\"platform_arn\"]\n print \"Super-Gluu. Initialize SNS notification services. Created Android notification service\"\n\n if ios_creds[\"enabled\"]:\n self.pushAppleService = pushClient \n self.pushApplePlatformArn = ios_creds[\"platform_arn\"]\n self.pushAppleServiceProduction = ios_creds[\"production\"]\n print \"Super-Gluu. Initialize SNS notification services. Created iOS notification service\"\n\n enabled = self.pushAndroidService != None or self.pushAppleService != None\n\n return enabled\n\n def initGluuPushNotificationService(self, configurationAttributes):\n print \"Super-Gluu. Initialize Gluu notification services\"\n\n self.pushGluuMode = True\n\n creds = self.loadPushNotificationCreds(configurationAttributes)\n if creds == None:\n return False\n \n try:\n gluu_conf = creds[\"gluu\"]\n android_creds = creds[\"android\"][\"gluu\"]\n ios_creds = creds[\"ios\"][\"gluu\"]\n except:\n print \"Super-Gluu. Initialize Gluu notification services. Invalid credentials file format\"\n return False\n \n self.pushAndroidService = None\n self.pushAppleService = None\n if not (android_creds[\"enabled\"] or ios_creds[\"enabled\"]):\n print \"Super-Gluu. Initialize Gluu notification services. Gluu disabled for all platforms\"\n return False\n\n gluu_server_uri = gluu_conf[\"server_uri\"]\n notifyClientFactory = NotifyClientFactory.instance()\n metadataConfiguration = None\n try:\n metadataConfiguration = notifyClientFactory.createMetaDataConfigurationService(gluu_server_uri).getMetadataConfiguration()\n except:\n print \"Super-Gluu. Initialize Gluu notification services. Failed to load metadata. Exception: \", sys.exc_info()[1]\n return False\n\n gluuClient = notifyClientFactory.createNotifyService(metadataConfiguration)\n encryptionService = CdiUtil.bean(EncryptionService)\n\n if android_creds[\"enabled\"]:\n gluu_access_key = android_creds[\"access_key\"]\n gluu_secret_access_key = android_creds[\"secret_access_key\"]\n \n try:\n gluu_secret_access_key = encryptionService.decrypt(gluu_secret_access_key)\n except:\n # Ignore exception. Password is not encrypted\n print \"Super-Gluu. Initialize Gluu notification services. Assuming that 'gluu_secret_access_key' in not encrypted\"\n \n self.pushAndroidService = gluuClient \n self.pushAndroidServiceAuth = notifyClientFactory.getAuthorization(gluu_access_key, gluu_secret_access_key);\n print \"Super-Gluu. Initialize Gluu notification services. Created Android notification service\"\n\n if ios_creds[\"enabled\"]:\n gluu_access_key = ios_creds[\"access_key\"]\n gluu_secret_access_key = ios_creds[\"secret_access_key\"]\n \n try:\n gluu_secret_access_key = encryptionService.decrypt(gluu_secret_access_key)\n except:\n # Ignore exception. Password is not encrypted\n print \"Super-Gluu. Initialize Gluu notification services. Assuming that 'gluu_secret_access_key' in not encrypted\"\n \n self.pushAppleService = gluuClient \n self.pushAppleServiceAuth = notifyClientFactory.getAuthorization(gluu_access_key, gluu_secret_access_key);\n print \"Super-Gluu. Initialize Gluu notification services. Created iOS notification service\"\n\n enabled = self.pushAndroidService != None or self.pushAppleService != None\n\n return enabled\n\n def loadPushNotificationCreds(self, configurationAttributes):\n print \"Super-Gluu. Initialize notification services\"\n if not configurationAttributes.containsKey(\"credentials_file\"):\n return None\n\n super_gluu_creds_file = configurationAttributes.get(\"credentials_file\").getValue2()\n\n # Load credentials from file\n f = open(super_gluu_creds_file, 'r')\n try:\n creds = json.loads(f.read())\n except:\n print \"Super-Gluu. Initialize notification services. Failed to load credentials from file:\", super_gluu_creds_file\n return None\n finally:\n f.close()\n\n return creds\n\n def sendPushNotification(self, client_redirect_uri, user, super_gluu_request):\n try:\n self.sendPushNotificationImpl(client_redirect_uri, user, super_gluu_request)\n except:\n print \"Super-Gluu. Send push notification. Failed to send push notification: \", sys.exc_info()[1]\n\n def sendPushNotificationImpl(self, client_redirect_uri, user, super_gluu_request):\n if not self.enabledPushNotifications:\n return\n\n user_name = user.getUserId()\n print \"Super-Gluu. Send push notification. Loading user '%s' devices\" % user_name\n\n send_notification = False\n send_notification_result = True\n\n userService = CdiUtil.bean(UserService)\n deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)\n\n user_inum = userService.getUserInum(user_name)\n\n send_android = 0\n send_ios = 0\n u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, \"oxId\", \"oxDeviceData\", \"oxDeviceNotificationConf\")\n if u2f_devices_list.size() > 0:\n for u2f_device in u2f_devices_list:\n device_data = u2f_device.getDeviceData()\n\n # Device data which Super-Gluu gets during enrollment\n if device_data == None:\n continue\n\n platform = device_data.getPlatform()\n push_token = device_data.getPushToken()\n debug = False\n\n if StringHelper.equalsIgnoreCase(platform, \"ios\") and StringHelper.isNotEmpty(push_token):\n # Sending notification to iOS user's device\n if self.pushAppleService == None:\n print \"Super-Gluu. Send push notification. Apple native push notification service is not enabled\"\n else:\n send_notification = True\n \n title = \"Super-Gluu\"\n message = \"Super-Gluu login request to: %s\" % client_redirect_uri\n\n if self.pushSnsMode or self.pushGluuMode:\n pushSnsService = CdiUtil.bean(PushSnsService)\n targetEndpointArn = self.getTargetEndpointArn(deviceRegistrationService, pushSnsService, PushPlatform.APNS, user, u2f_device)\n if targetEndpointArn == None:\n \treturn\n\n send_notification = True\n \n sns_push_request_dictionary = { \"aps\": \n { \"badge\": 0,\n \"alert\" : {\"body\": message, \"title\" : title},\n \"category\": \"ACTIONABLE\",\n \"content-available\": \"1\",\n \"sound\": 'default'\n },\n \"request\" : super_gluu_request\n }\n push_message = json.dumps(sns_push_request_dictionary, separators=(',',':'))\n \n if self.pushSnsMode:\n apple_push_platform = PushPlatform.APNS\n if not self.pushAppleServiceProduction:\n apple_push_platform = PushPlatform.APNS_SANDBOX\n \n send_notification_result = pushSnsService.sendPushMessage(self.pushAppleService, apple_push_platform, targetEndpointArn, push_message, None)\n if debug:\n print \"Super-Gluu. Send iOS SNS push notification. token: '%s', message: '%s', send_notification_result: '%s', apple_push_platform: '%s'\" % (push_token, push_message, send_notification_result, apple_push_platform)\n elif self.pushGluuMode:\n send_notification_result = self.pushAppleService.sendNotification(self.pushAppleServiceAuth, targetEndpointArn, push_message)\n if debug:\n print \"Super-Gluu. Send iOS Gluu push notification. token: '%s', message: '%s', send_notification_result: '%s'\" % (push_token, push_message, send_notification_result)\n else:\n additional_fields = { \"request\" : super_gluu_request }\n \n msgBuilder = APNS.newPayload().alertBody(message).alertTitle(title).sound(\"default\")\n msgBuilder.category('ACTIONABLE').badge(0)\n msgBuilder.forNewsstand()\n msgBuilder.customFields(additional_fields)\n push_message = msgBuilder.build()\n \n send_notification_result = self.pushAppleService.push(push_token, push_message)\n if debug:\n print \"Super-Gluu. Send iOS Native push notification. token: '%s', message: '%s', send_notification_result: '%s'\" % (push_token, push_message, send_notification_result)\n send_ios = send_ios + 1\n\n if StringHelper.equalsIgnoreCase(platform, \"android\") and StringHelper.isNotEmpty(push_token):\n # Sending notification to Android user's device\n if self.pushAndroidService == None:\n print \"Super-Gluu. Send native push notification. Android native push notification service is not enabled\"\n else:\n send_notification = True\n\n title = \"Super-Gluu\"\n if self.pushSnsMode or self.pushGluuMode:\n pushSnsService = CdiUtil.bean(PushSnsService)\n targetEndpointArn = self.getTargetEndpointArn(deviceRegistrationService, pushSnsService, PushPlatform.GCM, user, u2f_device)\n if targetEndpointArn == None:\n \treturn\n\n send_notification = True\n \n sns_push_request_dictionary = { \"collapse_key\": \"single\",\n \"content_available\": True,\n \"time_to_live\": 60,\n \"data\": \n { \"message\" : super_gluu_request,\n \"title\" : title }\n }\n push_message = json.dumps(sns_push_request_dictionary, separators=(',',':'))\n \n if self.pushSnsMode:\n send_notification_result = pushSnsService.sendPushMessage(self.pushAndroidService, PushPlatform.GCM, targetEndpointArn, push_message, None)\n if debug:\n print \"Super-Gluu. Send Android SNS push notification. token: '%s', message: '%s', send_notification_result: '%s'\" % (push_token, push_message, send_notification_result)\n elif self.pushGluuMode:\n send_notification_result = self.pushAndroidService.sendNotification(self.pushAndroidServiceAuth, targetEndpointArn, push_message)\n if debug:\n print \"Super-Gluu. Send Android Gluu push notification. token: '%s', message: '%s', send_notification_result: '%s'\" % (push_token, push_message, send_notification_result)\n else:\n msgBuilder = Message.Builder().addData(\"message\", super_gluu_request).addData(\"title\", title).collapseKey(\"single\").contentAvailable(True)\n push_message = msgBuilder.build()\n \n send_notification_result = self.pushAndroidService.send(push_message, push_token, 3)\n if debug:\n print \"Super-Gluu. Send Android Native push notification. token: '%s', message: '%s', send_notification_result: '%s'\" % (push_token, push_message, send_notification_result)\n send_android = send_android + 1\n\n print \"Super-Gluu. Send push notification. send_android: '%s', send_ios: '%s'\" % (send_android, send_ios)\n\n def getTargetEndpointArn(self, deviceRegistrationService, pushSnsService, platform, user, u2fDevice):\n targetEndpointArn = None\n \n # Return endpoint ARN if it created already\n notificationConf = u2fDevice.getDeviceNotificationConf()\n if StringHelper.isNotEmpty(notificationConf):\n notificationConfJson = json.loads(notificationConf)\n targetEndpointArn = notificationConfJson['sns_endpoint_arn']\n if StringHelper.isNotEmpty(targetEndpointArn):\n print \"Super-Gluu. Get target endpoint ARN. There is already created target endpoint ARN\"\n return targetEndpointArn\n\n # Create endpoint ARN \n pushClient = None\n pushClientAuth = None\n platformApplicationArn = None\n if platform == PushPlatform.GCM:\n pushClient = self.pushAndroidService\n if self.pushSnsMode:\n platformApplicationArn = self.pushAndroidPlatformArn\n if self.pushGluuMode:\n pushClientAuth = self.pushAndroidServiceAuth\n elif platform == PushPlatform.APNS:\n pushClient = self.pushAppleService\n if self.pushSnsMode:\n platformApplicationArn = self.pushApplePlatformArn\n if self.pushGluuMode:\n pushClientAuth = self.pushAppleServiceAuth\n else:\n return None\n\n deviceData = u2fDevice.getDeviceData()\n pushToken = deviceData.getPushToken()\n \n print \"Super-Gluu. Get target endpoint ARN. Attempting to create target endpoint ARN for user: '%s'\" % user.getUserId()\n if self.pushSnsMode:\n targetEndpointArn = pushSnsService.createPlatformArn(pushClient, platformApplicationArn, pushToken, user)\n else:\n customUserData = pushSnsService.getCustomUserData(user)\n registerDeviceResponse = pushClient.registerDevice(pushClientAuth, pushToken, customUserData);\n if registerDeviceResponse != None and registerDeviceResponse.getStatusCode() == 200:\n targetEndpointArn = registerDeviceResponse.getEndpointArn()\n \n if StringHelper.isEmpty(targetEndpointArn):\n\t print \"Super-Gluu. Failed to get endpoint ARN for user: '%s'\" % user.getUserId()\n \treturn None\n\n print \"Super-Gluu. Get target endpoint ARN. Create target endpoint ARN '%s' for user: '%s'\" % (targetEndpointArn, user.getUserId())\n \n # Store created endpoint ARN in device entry\n userInum = user.getAttribute(\"inum\")\n u2fDeviceUpdate = deviceRegistrationService.findUserDeviceRegistration(userInum, u2fDevice.getId())\n u2fDeviceUpdate.setDeviceNotificationConf('{\"sns_endpoint_arn\" : \"%s\"}' % targetEndpointArn)\n deviceRegistrationService.updateDeviceRegistration(userInum, u2fDeviceUpdate)\n\n return targetEndpointArn\n\n def getClientRedirecUri(self, session_attributes):\n if not session_attributes.containsKey(\"redirect_uri\"):\n return None\n\n return session_attributes.get(\"redirect_uri\")\n\n def setRequestScopedParameters(self, identity, step):\n downloadMap = HashMap()\n if self.registrationUri != None:\n identity.setWorkingParameter(\"external_registration_uri\", self.registrationUri)\n\n if self.androidUrl!= None and step == 1:\n downloadMap.put(\"android\", self.androidUrl)\n\n if self.IOSUrl != None and step == 1:\n downloadMap.put(\"ios\", self.IOSUrl)\n \n if self.customLabel != None:\n identity.setWorkingParameter(\"super_gluu_label\", self.customLabel)\n \n identity.setWorkingParameter(\"download_url\",downloadMap)\n identity.setWorkingParameter(\"super_gluu_qr_options\", self.customQrOptions)\n\n def addGeolocationData(self, session_attributes, super_gluu_request_dictionary):\n if session_attributes.containsKey(\"remote_ip\"):\n remote_ip = session_attributes.get(\"remote_ip\")\n if StringHelper.isNotEmpty(remote_ip):\n print \"Super-Gluu. Prepare for step 2. Adding req_ip and req_loc to super_gluu_request\"\n super_gluu_request_dictionary['req_ip'] = remote_ip\n\n remote_loc_dic = self.determineGeolocationData(remote_ip)\n if remote_loc_dic == None:\n print \"Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '%s'\" % remote_ip\n return\n\n remote_loc = \"%s, %s, %s\" % ( remote_loc_dic['country'], remote_loc_dic['regionName'], remote_loc_dic['city'] )\n remote_loc_encoded = urllib.quote(remote_loc)\n super_gluu_request_dictionary['req_loc'] = remote_loc_encoded\n\n def determineGeolocationData(self, remote_ip):\n print \"Super-Gluu. Determine remote location. remote_ip: '%s'\" % remote_ip\n httpService = CdiUtil.bean(HttpService)\n\n http_client = httpService.getHttpsClient()\n http_client_params = http_client.getParams()\n http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)\n \n geolocation_service_url = \"http://ip-api.com/json/%s?fields=49177\" % remote_ip\n geolocation_service_headers = { \"Accept\" : \"application/json\" }\n\n try:\n http_service_response = httpService.executeGet(http_client, geolocation_service_url, geolocation_service_headers)\n http_response = http_service_response.getHttpResponse()\n except:\n print \"Super-Gluu. Determine remote location. Exception: \", sys.exc_info()[1]\n return None\n\n try:\n if not httpService.isResponseStastusCodeOk(http_response):\n print \"Super-Gluu. Determine remote location. Get invalid response from validation server: \", str(http_response.getStatusLine().getStatusCode())\n httpService.consume(http_response)\n return None\n \n response_bytes = httpService.getResponseContent(http_response)\n response_string = httpService.convertEntityToString(response_bytes)\n httpService.consume(http_response)\n finally:\n http_service_response.closeConnection()\n\n if response_string == None:\n print \"Super-Gluu. Determine remote location. Get empty response from location server\"\n return None\n \n response = json.loads(response_string)\n \n if not StringHelper.equalsIgnoreCase(response['status'], \"success\"):\n print \"Super-Gluu. Determine remote location. Get response with status: '%s'\" % response['status']\n return None\n\n return response\n\n def isUserMemberOfGroup(self, user, attribute, group):\n is_member = False\n member_of_list = user.getAttributeValues(attribute)\n if (member_of_list != None):\n for member_of in member_of_list:\n if StringHelper.equalsIgnoreCase(group, member_of) or member_of.endswith(group):\n is_member = True\n break\n\n return is_member\n\n def processAuditGroup(self, user, attribute, group):\n is_member = self.isUserMemberOfGroup(user, attribute, group)\n if (is_member):\n print \"Super-Gluu. Authenticate for processAuditGroup. User '%s' member of audit group\" % user.getUserId()\n print \"Super-Gluu. Authenticate for processAuditGroup. Sending e-mail about user '%s' login to %s\" % (user.getUserId(), self.audit_email)\n \n # Send e-mail to administrator\n user_id = user.getUserId()\n mailService = CdiUtil.bean(MailService)\n subject = \"User log in: %s\" % user_id\n body = \"User log in: %s\" % user_id\n mailService.sendMail(self.audit_email, subject, body)\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}", "{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!92F0.BF9E", "oxConfigurationProperty": ["{\"value1\":\"qr_options\",\"value2\":\"{ size: 500, mSize: 0.05 }\",\"description\":\"\"}", "{\"value1\":\"label\",\"value2\":\"Super Gluu\",\"description\":\"\"}", "{\"value1\":\"registration_uri\",\"value2\":\"https://u144.gluu.info/identity/register\",\"description\":\"\"}", "{\"value1\":\"authentication_mode\",\"value2\":\"two_step\",\"description\":\"\"}", "{\"value1\":\"notification_service_mode\",\"value2\":\"gluu\",\"description\":\"\"}", "{\"value1\":\"credentials_file\",\"value2\":\"/etc/certs/super_gluu_creds.json\",\"description\":\"\"}", "{\"value1\":\"supergluu_android_download_url\",\"value2\":\"https://play.google.com/store/apps/details?id=gluu.super.gluu\",\"description\":\"\"}", "{\"value1\":\"supergluu_ios_download_url\",\"value2\":\"https://itunes.apple.com/us/app/super-gluu/id1093479646\",\"description\":\"\"}"]});
252[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
253
254
255
256UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!A51E.76DA", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!A51E.76DA,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "basic", "description": "Sample authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import AuthenticationService\nfrom org.xdi.util import StringHelper\n\nimport java\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Basic. Initialization\"\n print \"Basic. Initialized successfully\"\n return True \n\n def destroy(self, configurationAttributes):\n print \"Basic. Destroy\"\n print \"Basic. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n if (step == 1):\n print \"Basic. Authenticate for step 1\"\n\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if (not logged_in):\n return False\n\n return True\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n if (step == 1):\n print \"Basic. Prepare for Step 1\"\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 1\n\n def getPageForStep(self, configurationAttributes, step):\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!A51E.76DA"});
257[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
258
259
260
261UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!A910.56AB", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!A910.56AB,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "scim_event_handler", "description": "Sample script for SCIM events", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "scim", "oxScript": "# oxTrust is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2014, Gluu\n#\n# Author: Jose Gonzalez\n#\nfrom org.xdi.model.custom.script.type.scim import ScimType\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList\nfrom org.gluu.oxtrust.ldap.service import PersonService\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.gluu.oxtrust.model import GluuCustomPerson\n\nimport java\n\nclass ScimEventHandler(ScimType):\n\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"ScimEventHandler (init): Initialized successfully\"\n return True \n\n def destroy(self, configurationAttributes):\n print \"ScimEventHandler (destroy): Destroyed successfully\"\n return True \n\n def getApiVersion(self):\n #return 2 if you want the post* scripts being executed\n return 1\n\n def createUser(self, user, configurationAttributes):\n\n print \"ScimEventHandler (createUser): Current id = \" + user.getUid()\n\n testProp1 = configurationAttributes.get(\"testProp1\").getValue2()\n testProp2 = configurationAttributes.get(\"testProp2\").getValue2()\n\n print \"ScimEventHandler (createUser): testProp1 = \" + testProp1\n print \"ScimEventHandler (createUser): testProp2 = \" + testProp2\n\n return True\n\n def updateUser(self, user, configurationAttributes):\n personService = CdiUtil.bean(PersonService)\n oldUser = personService.getPersonByUid(user.getUid())\n print \"ScimEventHandler (updateUser): Old displayName %s\" % oldUser.getDisplayName()\n print \"ScimEventHandler (updateUser): New displayName \" + user.getDisplayName()\n return True\n\n def deleteUser(self, user, configurationAttributes):\n print \"ScimEventHandler (deleteUser): Current id = \" + user.getUid()\n return True\n\n def createGroup(self, group, configurationAttributes):\n print \"ScimEventHandler (createGroup): Current displayName = \" + group.getDisplayName()\n return True\n\n def updateGroup(self, group, configurationAttributes):\n print \"ScimEventHandler (updateGroup): Current displayName = \" + group.getDisplayName()\n return True\n\n def deleteGroup(self, group, configurationAttributes):\n print \"ScimEventHandler (deleteGroup): Current displayName = \" + group.getDisplayName()\n return True\n \n def postCreateUser(self, user, configurationAttributes):\n return True\n\n def postUpdateUser(self, user, configurationAttributes):\n return True\n\n def postDeleteUser(self, user, configurationAttributes):\n return True\n\n def postUpdateGroup(self, group, configurationAttributes):\n return True\n\n def postCreateGroup(self, group, configurationAttributes):\n return True\n\n def postDeleteGroup(self, group, configurationAttributes):\n return True", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!A910.56AB", "oxConfigurationProperty": ["{\"value1\":\"testProp1\",\"value2\":\"Test value 1\",\"description\":\"\"}", "{\"value1\":\"testProp2\",\"value2\":\"Test value 2\",\"description\":\"\"}"]});
262[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
263
264
265
266UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!D40C.1CA3", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!D40C.1CA3,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "50", "displayName": "saml", "description": "Inbound SAML via Asimba authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nimport java\nimport json\nfrom java.lang import StringBuilder\nfrom javax.faces.context import FacesContext\nfrom java.util import Arrays, ArrayList, HashMap, IdentityHashMap\nfrom javax.faces.application import FacesMessage\nfrom org.gluu.jsf2.message import FacesMessages\nfrom org.gluu.saml import SamlConfiguration, AuthRequest, Response\nfrom org.xdi.ldap.model import CustomAttribute\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.model.common import User\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.oxauth.service import UserService, ClientService, AuthenticationService, AttributeService\nfrom org.xdi.oxauth.service.net import HttpService\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.util import StringHelper, ArrayHelper, Util\nfrom org.gluu.jsf2.service import FacesService\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Asimba. Initialization\"\n\n asimba_saml_certificate_file = configurationAttributes.get(\"asimba_saml_certificate_file\").getValue2()\n saml_idp_sso_target_url = configurationAttributes.get(\"saml_idp_sso_target_url\").getValue2()\n asimba_entity_id = configurationAttributes.get(\"asimba_entity_id\").getValue2()\n saml_use_authn_context = StringHelper.toBoolean(configurationAttributes.get(\"saml_use_authn_context\").getValue2(), True)\n if saml_use_authn_context:\n saml_name_identifier_format = configurationAttributes.get(\"saml_name_identifier_format\").getValue2()\n else:\n saml_name_identifier_format = None\n\n asimba_saml_certificate = self.loadCeritificate(asimba_saml_certificate_file)\n if StringHelper.isEmpty(asimba_saml_certificate):\n print \"Asimba. Initialization. File with x509 certificate should be not empty\"\n return False\n\n samlConfiguration = SamlConfiguration()\n\n # Set the issuer of the authentication request. This would usually be the URL of the issuing web application\n samlConfiguration.setIssuer(asimba_entity_id)\n\n # Tells the IdP to return a persistent identifier for the user\n samlConfiguration.setNameIdentifierFormat(saml_name_identifier_format)\n \n # The URL at the Identity Provider where to the authentication request should be sent\n samlConfiguration.setIdpSsoTargetUrl(saml_idp_sso_target_url)\n\n # Enablediable RequestedAuthnContext\n samlConfiguration.setUseRequestedAuthnContext(saml_use_authn_context)\n \n # Load x509 certificate\n samlConfiguration.loadCertificateFromString(asimba_saml_certificate)\n \n self.samlConfiguration = samlConfiguration\n\n self.generateNameId = False\n if configurationAttributes.containsKey(\"saml_generate_name_id\"):\n self.generateNameId = StringHelper.toBoolean(configurationAttributes.get(\"saml_generate_name_id\").getValue2(), False)\n print \"Asimba. Initialization. The property saml_generate_name_id is %s\" % self.generateNameId\n\n self.updateUser = False\n if configurationAttributes.containsKey(\"saml_update_user\"):\n self.updateUser = StringHelper.toBoolean(configurationAttributes.get(\"saml_update_user\").getValue2(), False)\n\n print \"Asimba. Initialization. The property saml_update_user is %s\" % self.updateUser\n\n self.userObjectClasses = None\n if configurationAttributes.containsKey(\"user_object_classes\"):\n self.userObjectClasses = self.prepareUserObjectClasses(configurationAttributes)\n\n self.userEnforceAttributesUniqueness = None\n if configurationAttributes.containsKey(\"enforce_uniqueness_attr_list\"):\n self.userEnforceAttributesUniqueness = self.prepareUserEnforceUniquenessAttributes(configurationAttributes)\n\n self.attributesMapping = None\n if configurationAttributes.containsKey(\"saml_idp_attributes_mapping\"):\n saml_idp_attributes_mapping = configurationAttributes.get(\"saml_idp_attributes_mapping\").getValue2()\n if StringHelper.isEmpty(saml_idp_attributes_mapping):\n print \"Asimba. Initialization. The property saml_idp_attributes_mapping is empty\"\n return False\n\n self.attributesMapping = self.prepareAttributesMapping(saml_idp_attributes_mapping)\n if self.attributesMapping == None:\n print \"Asimba. Initialization. The attributes mapping isn't valid\"\n return False\n\n self.samlExtensionModule = None\n if configurationAttributes.containsKey(\"saml_extension_module\"):\n saml_extension_module_name = configurationAttributes.get(\"saml_extension_module\").getValue2()\n try:\n self.samlExtensionModule = __import__(saml_extension_module_name)\n saml_extension_module_init_result = self.samlExtensionModule.init(configurationAttributes)\n if not saml_extension_module_init_result:\n return False\n except ImportError, ex:\n print \"Asimba. Initialization. Failed to load saml_extension_module: '%s'\" % saml_extension_module_name\n print \"Asimba. Initialization. Unexpected error:\", ex\n return False\n \n self.debugEnrollment = False\n\n print \"Asimba. Initialized successfully\"\n return True \n\n def destroy(self, configurationAttributes):\n print \"Asimba. Destroy\"\n print \"Asimba. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n saml_map_user = False\n saml_enroll_user = False\n saml_enroll_all_user_attr = False\n # Use saml_deployment_type only if there is no attributes mapping\n if configurationAttributes.containsKey(\"saml_deployment_type\"):\n saml_deployment_type = StringHelper.toLowerCase(configurationAttributes.get(\"saml_deployment_type\").getValue2())\n \n if StringHelper.equalsIgnoreCase(saml_deployment_type, \"map\"):\n saml_map_user = True\n\n if StringHelper.equalsIgnoreCase(saml_deployment_type, \"enroll\"):\n saml_enroll_user = True\n\n if StringHelper.equalsIgnoreCase(saml_deployment_type, \"enroll_all_attr\"):\n saml_enroll_all_user_attr = True\n\n saml_allow_basic_login = False\n if configurationAttributes.containsKey(\"saml_allow_basic_login\"):\n saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get(\"saml_allow_basic_login\").getValue2(), False)\n\n use_basic_auth = False\n if saml_allow_basic_login:\n # Detect if user used basic authnetication method\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n if StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password):\n use_basic_auth = True\n\n if (step == 1) and saml_allow_basic_login and use_basic_auth:\n print \"Asimba. Authenticate for step 1. Basic authentication\"\n\n identity.setWorkingParameter(\"saml_count_login_steps\", 1)\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if (not logged_in):\n return False\n\n return True\n\n if (step == 1):\n print \"Asimba. Authenticate for step 1\"\n\n currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters)\n if (currentSamlConfiguration == None):\n print \"Asimba. Prepare for step 1. Client saml configuration is invalid\"\n return False\n\n saml_response_array = requestParameters.get(\"SAMLResponse\")\n if ArrayHelper.isEmpty(saml_response_array):\n print \"Asimba. Authenticate for step 1. saml_response is empty\"\n return False\n\n saml_response = saml_response_array[0]\n\n print \"Asimba. Authenticate for step 1. saml_response: '%s'\" % saml_response\n\n samlResponse = Response(currentSamlConfiguration)\n samlResponse.loadXmlFromBase64(saml_response)\n \n saml_validate_response = True\n if configurationAttributes.containsKey(\"saml_validate_response\"):\n saml_validate_response = StringHelper.toBoolean(configurationAttributes.get(\"saml_validate_response\").getValue2(), False)\n\n if saml_validate_response:\n if not samlResponse.isValid():\n print \"Asimba. Authenticate for step 1. saml_response isn't valid\"\n return False\n \n if samlResponse.isAuthnFailed():\n print \"Asimba. Authenticate for step 1. saml_response AuthnFailed\"\n return False\n\n saml_response_attributes = samlResponse.getAttributes()\n print \"Asimba. Authenticate for step 1. attributes: '%s'\" % saml_response_attributes\n \n if saml_map_user:\n saml_user_uid = self.getSamlNameId(samlResponse)\n if saml_user_uid == None:\n return False\n\n # Use mapping to local IDP user\n print \"Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'\" % saml_user_uid\n\n # Check if the is user with specified saml_user_uid\n find_user_by_uid = userService.getUserByAttribute(\"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n\n if find_user_by_uid == None:\n print \"Asimba. Authenticate for step 1. Failed to find user\"\n print \"Asimba. Authenticate for step 1. Setting count steps to 2\"\n identity.setWorkingParameter(\"saml_count_login_steps\", 2)\n identity.setWorkingParameter(\"saml_user_uid\", saml_user_uid)\n return True\n\n found_user_name = find_user_by_uid.getUserId()\n print \"Asimba. Authenticate for step 1. found_user_name: '%s'\" % found_user_name\n \n user_authenticated = authenticationService.authenticate(found_user_name)\n if user_authenticated == False:\n print \"Asimba. Authenticate for step 1. Failed to authenticate user\"\n return False\n \n print \"Asimba. Authenticate for step 1. Setting count steps to 1\"\n identity.setWorkingParameter(\"saml_count_login_steps\", 1)\n\n post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)\n print \"Asimba. Authenticate for step 1. post_login_result: '%s'\" % post_login_result\n\n return post_login_result\n elif saml_enroll_user:\n # Convert SAML response to user entry\n newUser = self.getMappedUser(configurationAttributes, requestParameters, saml_response_attributes)\n\n saml_user_uid = self.getNameId(samlResponse, newUser)\n if saml_user_uid == None:\n return False\n\n self.setDefaultUid(newUser, saml_user_uid)\n newUser.setAttribute(\"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n\n # Use auto enrollment to local IDP\n print \"Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'\" % saml_user_uid\n\n # Check if there is user with specified saml_user_uid\n find_user_by_uid = userService.getUserByAttribute(\"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n if find_user_by_uid == None:\n # Auto user enrollment\n print \"Asimba. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP\"\n\n print \"Asimba. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'\" % (saml_user_uid, newUser.getCustomAttributes())\n user_unique = self.checkUserUniqueness(newUser)\n if not user_unique:\n print \"Asimba. Authenticate for step 1. Failed to add user: '%s'. User not unique\" % newUser.getUserId()\n facesMessages = CdiUtil.bean(FacesMessages)\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"Failed to enroll. User with same key attributes exist already\")\n facesMessages.setKeepMessages()\n return False\n\n find_user_by_uid = userService.addUser(newUser, True)\n print \"Asimba. Authenticate for step 1. Added new user with UID: '%s'\" % find_user_by_uid.getUserId()\n else:\n if self.updateUser:\n print \"Asimba. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'\" % (saml_user_uid, newUser.getCustomAttributes())\n find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes())\n userService.updateUser(find_user_by_uid)\n print \"Asimba. Authenticate for step 1. Updated user with UID: '%s'\" % saml_user_uid\n\n found_user_name = find_user_by_uid.getUserId()\n print \"Asimba. Authenticate for step 1. found_user_name: '%s'\" % found_user_name\n\n user_authenticated = authenticationService.authenticate(found_user_name)\n if user_authenticated == False:\n print \"Asimba. Authenticate for step 1. Failed to authenticate user: '%s'\" % found_user_name\n return False\n\n print \"Asimba. Authenticate for step 1. Setting count steps to 1\"\n identity.setWorkingParameter(\"saml_count_login_steps\", 1)\n\n post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)\n print \"Asimba. Authenticate for step 1. post_login_result: '%s'\" % post_login_result\n\n return post_login_result\n elif saml_enroll_all_user_attr:\n # Convert SAML response to user entry\n newUser = self.getMappedAllAttributesUser(saml_response_attributes)\n\n saml_user_uid = self.getNameId(samlResponse, newUser)\n if saml_user_uid == None:\n return False\n\n self.setDefaultUid(newUser, saml_user_uid)\n newUser.setAttribute(\"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n\n print \"Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:%s\" % saml_user_uid\n\n # Check if there is user with specified saml_user_uid\n find_user_by_uid = userService.getUserByAttribute(\"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n if find_user_by_uid == None:\n # Auto user enrollment\n print \"Asimba. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP\"\n\n print \"Asimba. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'\" % (saml_user_uid, newUser.getCustomAttributes())\n user_unique = self.checkUserUniqueness(newUser)\n if not user_unique:\n print \"Asimba. Authenticate for step 1. Failed to add user: '%s'. User not unique\" % newUser.getUserId()\n facesMessages = CdiUtil.bean(FacesMessages)\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"Failed to enroll. User with same key attributes exist already\")\n facesMessages.setKeepMessages()\n return False\n\n find_user_by_uid = userService.addUser(newUser, True)\n print \"Asimba. Authenticate for step 1. Added new user with UID: '%s'\" % find_user_by_uid.getUserId()\n else:\n if self.updateUser:\n print \"Asimba. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'\" % (saml_user_uid, newUser.getCustomAttributes())\n find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes())\n userService.updateUser(find_user_by_uid)\n print \"Asimba. Authenticate for step 1. Updated user with UID: '%s'\" % saml_user_uid\n\n found_user_name = find_user_by_uid.getUserId()\n print \"Asimba. Authenticate for step 1. found_user_name: '%s'\" % found_user_name\n\n user_authenticated = authenticationService.authenticate(found_user_name)\n if user_authenticated == False:\n print \"Asimba. Authenticate for step 1. Failed to authenticate user\"\n return False\n\n print \"Asimba. Authenticate for step 1. Setting count steps to 1\"\n identity.setWorkingParameter(\"saml_count_login_steps\", 1)\n\n post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)\n print \"Asimba. Authenticate for step 1. post_login_result: '%s'\" % post_login_result\n\n return post_login_result\n else:\n if saml_user_uid == None:\n return False\n\n # Check if the is user with specified saml_user_uid\n print \"Asimba. Authenticate for step 1. Attempting to find user by uid: '%s'\" % saml_user_uid\n\n find_user_by_uid = userService.getUser(saml_user_uid)\n if find_user_by_uid == None:\n print \"Asimba. Authenticate for step 1. Failed to find user\"\n return False\n\n found_user_name = find_user_by_uid.getUserId()\n print \"Asimba. Authenticate for step 1. found_user_name: '%s'\" % found_user_name\n\n user_authenticated = authenticationService.authenticate(found_user_name)\n if user_authenticated == False:\n print \"Asimba. Authenticate for step 1. Failed to authenticate user\"\n return False\n\n print \"Asimba. Authenticate for step 1. Setting count steps to 1\"\n identity.setWorkingParameter(\"saml_count_login_steps\", 1)\n\n post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)\n print \"Asimba. Authenticate for step 1. post_login_result: '%s'\" % post_login_result\n\n return post_login_result\n elif (step == 2):\n print \"Asimba. Authenticate for step 2\"\n\n sessionAttributes = identity.getSessionId().getSessionAttributes()\n if (sessionAttributes == None) or not sessionAttributes.containsKey(\"saml_user_uid\"):\n print \"Asimba. Authenticate for step 2. saml_user_uid is empty\"\n return False\n\n saml_user_uid = sessionAttributes.get(\"saml_user_uid\")\n passed_step1 = StringHelper.isNotEmptyString(saml_user_uid)\n if not passed_step1:\n return False\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if not logged_in:\n return False\n\n # Check if there is user which has saml_user_uid\n # Avoid mapping Saml account to more than one IDP account\n find_user_by_uid = userService.getUserByAttribute(\"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n\n if find_user_by_uid == None:\n # Add saml_user_uid to user one id UIDs\n find_user_by_uid = userService.addUserAttribute(user_name, \"oxExternalUid\", \"saml:%s\" % saml_user_uid)\n if find_user_by_uid == None:\n print \"Asimba. Authenticate for step 2. Failed to update current user\"\n return False\n\n post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)\n print \"Asimba. Authenticate for step 2. post_login_result: '%s'\" % post_login_result\n\n return post_login_result\n else:\n found_user_name = find_user_by_uid.getUserId()\n print \"Asimba. Authenticate for step 2. found_user_name: '%s'\" % found_user_name\n \n if StringHelper.equals(user_name, found_user_name):\n post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)\n print \"Asimba. Authenticate for step 2. post_login_result: '%s'\" % post_login_result\n \n return post_login_result\n \n return False\n else:\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n if (step == 1):\n print \"Asimba. Prepare for step 1\"\n \n httpService = CdiUtil.bean(HttpService)\n facesContext = CdiUtil.bean(FacesContext)\n request = facesContext.getExternalContext().getRequest()\n assertionConsumerServiceUrl = httpService.constructServerUrl(request) + \"/postlogin\"\n print \"Asimba. Prepare for step 1. Prepared assertionConsumerServiceUrl: '%s'\" % assertionConsumerServiceUrl\n \n currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters)\n if currentSamlConfiguration == None:\n print \"Asimba. Prepare for step 1. Client saml configuration is invalid\"\n return False\n\n # Generate an AuthRequest and send it to the identity provider\n samlAuthRequest = AuthRequest(currentSamlConfiguration)\n external_auth_request_uri = currentSamlConfiguration.getIdpSsoTargetUrl() + \"?SAMLRequest=\" + samlAuthRequest.getRequest(True, assertionConsumerServiceUrl)\n\n print \"Asimba. Prepare for step 1. external_auth_request_uri: '%s'\" % external_auth_request_uri\n facesService = CdiUtil.bean(FacesService)\n facesService.redirectToExternalURL(external_auth_request_uri)\n\n return True\n elif (step == 2):\n print \"Asimba. Prepare for step 2\"\n\n return True\n else:\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n if (step == 2):\n return Arrays.asList(\"saml_user_uid\")\n\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n identity = CdiUtil.bean(Identity)\n if identity.isSetWorkingParameter(\"saml_count_login_steps\"):\n return identity.getWorkingParameter(\"saml_count_login_steps\")\n \n return 2\n\n def getPageForStep(self, configurationAttributes, step):\n if (step == 1):\n saml_allow_basic_login = False\n if configurationAttributes.containsKey(\"saml_allow_basic_login\"):\n saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get(\"saml_allow_basic_login\").getValue2(), False)\n\n if saml_allow_basic_login:\n return \"/login.xhtml\"\n else:\n return \"/auth/saml/samllogin.xhtml\"\n\n return \"/auth/saml/samlpostlogin.xhtml\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def isPassedStep1():\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n user_name = credentials.getUsername()\n passed_step1 = StringHelper.isNotEmptyString(user_name)\n\n return passed_step1\n\n def loadCeritificate(self, asimba_saml_certificate_file):\n asimba_saml_certificate = None\n\n # Load certificate from file\n f = open(asimba_saml_certificate_file, 'r')\n try:\n asimba_saml_certificate = f.read()\n except:\n print \"Asimba. Failed to load certificate from file: '%s'\" % asimba_saml_certificate_file\n return None\n finally:\n f.close()\n \n return asimba_saml_certificate\n\n def getClientConfiguration(self, configurationAttributes, requestParameters):\n # Get client configuration\n if configurationAttributes.containsKey(\"saml_client_configuration_attribute\"):\n saml_client_configuration_attribute = configurationAttributes.get(\"saml_client_configuration_attribute\").getValue2()\n print \"Asimba. GetClientConfiguration. Using client attribute: '%s'\" % saml_client_configuration_attribute\n\n if requestParameters == None:\n return None\n\n client_id = None\n client_id_array = requestParameters.get(\"client_id\")\n if ArrayHelper.isNotEmpty(client_id_array) and StringHelper.isNotEmptyString(client_id_array[0]):\n client_id = client_id_array[0]\n\n if client_id == None:\n identity = CdiUtil.bean(Identity)\n if identity.getSessionId() != None:\n client_id = identity.getSessionId().getSessionAttributes().get(\"client_id\")\n\n if client_id == None:\n print \"Asimba. GetClientConfiguration. client_id is empty\"\n return None\n\n clientService = CdiUtil.bean(ClientService)\n client = clientService.getClient(client_id)\n if client == None:\n print \"Asimba. GetClientConfiguration. Failed to find client '%s' in local LDAP\" % client_id\n return None\n\n saml_client_configuration = clientService.getCustomAttribute(client, saml_client_configuration_attribute)\n if (saml_client_configuration == None) or StringHelper.isEmpty(saml_client_configuration.getValue()):\n print \"Asimba. GetClientConfiguration. Client '%s' attribute '%s' is empty\" % ( client_id, saml_client_configuration_attribute )\n else:\n print \"Asimba. GetClientConfiguration. Client '%s' attribute '%s' is '%s'\" % ( client_id, saml_client_configuration_attribute, saml_client_configuration )\n return saml_client_configuration\n\n return None\n\n def getCurrentSamlConfiguration(self, currentSamlConfiguration, configurationAttributes, requestParameters):\n saml_client_configuration = self.getClientConfiguration(configurationAttributes, requestParameters)\n if saml_client_configuration == None:\n return currentSamlConfiguration\n \n saml_client_configuration_value = json.loads(saml_client_configuration.getValue())\n\n client_asimba_saml_certificate = None \n client_asimba_saml_certificate_file = saml_client_configuration_value[\"asimba_saml_certificate_file\"]\n if StringHelper.isNotEmpty(client_asimba_saml_certificate_file):\n client_asimba_saml_certificate = self.loadCeritificate(client_asimba_saml_certificate_file)\n if StringHelper.isEmpty(client_asimba_saml_certificate):\n print \"Asimba. BuildClientSamlConfiguration. File with x509 certificate should be not empty. Using default configuration\"\n return currentSamlConfiguration\n\n clientSamlConfiguration = currentSamlConfiguration.clone()\n \n if client_asimba_saml_certificate != None:\n clientSamlConfiguration.loadCertificateFromString(client_asimba_saml_certificate)\n\n client_asimba_entity_id = saml_client_configuration_value[\"asimba_entity_id\"]\n clientSamlConfiguration.setIssuer(client_asimba_entity_id)\n \n saml_use_authn_context = saml_client_configuration_value[\"saml_use_authn_context\"]\n client_use_saml_use_authn_context = StringHelper.toBoolean(saml_use_authn_context, True)\n clientSamlConfiguration.setUseRequestedAuthnContext(client_use_saml_use_authn_context)\n\n return clientSamlConfiguration\n\n def prepareAttributesMapping(self, saml_idp_attributes_mapping):\n saml_idp_attributes_mapping_json = json.loads(saml_idp_attributes_mapping)\n \n if len(saml_idp_attributes_mapping_json) == 0:\n print \"Asimba. PrepareAttributesMapping. There is no attributes mapping specified in saml_idp_attributes_mapping property\"\n return None\n\n attributeMapping = IdentityHashMap()\n for local_attribute_name in saml_idp_attributes_mapping_json:\n localAttribute = StringHelper.toLowerCase(local_attribute_name)\n for idp_attribute_name in saml_idp_attributes_mapping_json[local_attribute_name]:\n idpAttribute = StringHelper.toLowerCase(idp_attribute_name)\n attributeMapping.put(idpAttribute, localAttribute)\n \n return attributeMapping\n\n def prepareUserObjectClasses(self, configurationAttributes):\n user_object_classes = configurationAttributes.get(\"user_object_classes\").getValue2()\n\n user_object_classes_list_array = StringHelper.split(user_object_classes, \",\")\n if ArrayHelper.isEmpty(user_object_classes_list_array):\n return None\n \n return user_object_classes_list_array\n\n def prepareUserEnforceUniquenessAttributes(self, configurationAttributes):\n enforce_uniqueness_attr_list = configurationAttributes.get(\"enforce_uniqueness_attr_list\").getValue2()\n\n enforce_uniqueness_attr_list_array = StringHelper.split(enforce_uniqueness_attr_list, \",\")\n if ArrayHelper.isEmpty(enforce_uniqueness_attr_list_array):\n return None\n \n return enforce_uniqueness_attr_list_array\n\n def prepareCurrentAttributesMapping(self, currentAttributesMapping, configurationAttributes, requestParameters):\n saml_client_configuration = self.getClientConfiguration(configurationAttributes, requestParameters)\n if saml_client_configuration == None:\n return currentAttributesMapping\n\n saml_client_configuration_value = json.loads(saml_client_configuration.getValue())\n\n clientAttributesMapping = self.prepareAttributesMapping(saml_client_configuration_value[\"saml_idp_attributes_mapping\"])\n if clientAttributesMapping == None:\n print \"Asimba. PrepareCurrentAttributesMapping. Client attributes mapping is invalid. Using default one\"\n return currentAttributesMapping\n\n return clientAttributesMapping\n\n def samlExtensionPostLogin(self, configurationAttributes, user):\n if self.samlExtensionModule == None:\n return True\n try:\n post_login_result = self.samlExtensionModule.postLogin(configurationAttributes, user)\n print \"Asimba. ExtensionPostlogin result: '%s'\" % post_login_result\n\n return post_login_result\n except Exception, ex:\n print \"Asimba. ExtensionPostlogin. Failed to execute postLogin method\"\n print \"Asimba. ExtensionPostlogin. Unexpected error:\", ex\n return False\n except java.lang.Throwable, ex:\n print \"Asimba. ExtensionPostlogin. Failed to execute postLogin method\"\n ex.printStackTrace() \n return False\n\n def checkUserUniqueness(self, user):\n if self.userEnforceAttributesUniqueness == None:\n return True\n\n userService = CdiUtil.bean(UserService)\n\n # Prepare user object to search by pattern\n userBaseDn = userService.getDnForUser(None) \n\n userToSearch = User()\n userToSearch.setDn(userBaseDn)\n\n for userAttributeName in self.userEnforceAttributesUniqueness:\n attribute_values_list = user.getAttributeValues(userAttributeName)\n if (attribute_values_list != None) and (attribute_values_list.size() > 0):\n userToSearch.setAttribute(userAttributeName, attribute_values_list)\n\n users = userService.getUsersBySample(userToSearch, 1)\n if users.size() > 0:\n return False\n\n return True\n\n def getMappedUser(self, configurationAttributes, requestParameters, saml_response_attributes):\n # Convert Saml result attributes keys to lover case\n saml_response_normalized_attributes = HashMap()\n for saml_response_attribute_entry in saml_response_attributes.entrySet():\n saml_response_normalized_attributes.put(StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue())\n\n currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)\n print \"Asimba. Get mapped user. Using next attributes mapping '%s'\" % currentAttributesMapping\n\n newUser = User()\n\n # Set custom object classes\n if self.userObjectClasses != None:\n print \"Asimba. Get mapped user. User custom objectClasses to add persons: '%s'\" % Util.array2ArrayList(self.userObjectClasses)\n newUser.setCustomObjectClasses(self.userObjectClasses)\n\n for attributesMappingEntry in currentAttributesMapping.entrySet():\n idpAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n\n if self.debugEnrollment:\n print \"Asimba. Get mapped user. Trying to map '%s' into '%s'\" % (idpAttribute, localAttribute)\n\n localAttributeValue = saml_response_normalized_attributes.get(idpAttribute)\n if localAttributeValue != None:\n if self.debugEnrollment:\n print \"Asimba. Get mapped user. Setting attribute '%s' value '%s'\" % (localAttribute, localAttributeValue)\n newUser.setAttribute(localAttribute, localAttributeValue)\n else:\n if newUser.getAttribute(localAttribute) == None:\n newUser.setAttribute(localAttribute, ArrayList())\n\n return newUser\n\n def getMappedAllAttributesUser(self, saml_response_attributes):\n user = User()\n\n # Set custom object classes\n if self.userObjectClasses != None:\n print \"Asimba. Get mapped all attributes user. User custom objectClasses to add persons: '%s'\" % Util.array2ArrayList(self.userObjectClasses)\n user.setCustomObjectClasses(self.userObjectClasses)\n\n # Prepare map to do quick mapping \n attributeService = CdiUtil.bean(AttributeService)\n ldapAttributes = attributeService.getAllAttributes()\n samlUriToAttributesMap = HashMap()\n for ldapAttribute in ldapAttributes:\n saml2Uri = ldapAttribute.getSaml2Uri()\n if saml2Uri == None:\n saml2Uri = attributeService.getDefaultSaml2Uri(ldapAttribute.getName())\n samlUriToAttributesMap.put(saml2Uri, ldapAttribute.getName())\n\n customAttributes = ArrayList()\n for key in saml_response_attributes.keySet():\n ldapAttributeName = samlUriToAttributesMap.get(key)\n if ldapAttributeName == None:\n print \"Asimba. Get mapped all attributes user. Skipping saml attribute: '%s'\" % key\n continue\n\n if StringHelper.equalsIgnoreCase(ldapAttributeName, \"uid\"):\n continue\n\n attribute = CustomAttribute(ldapAttributeName)\n attribute.setValues(saml_response_attributes.get(key))\n customAttributes.add(attribute)\n \n user.setCustomAttributes(customAttributes)\n\n return user\n\n def getNameId(self, samlResponse, newUser):\n if self.generateNameId:\n saml_user_uid = self.generateNameUid(newUser)\n else:\n saml_user_uid = self.getSamlNameId(samlResponse)\n\n return saml_user_uid\n\n def getSamlNameId(self, samlResponse):\n saml_response_name_id = samlResponse.getNameId()\n if StringHelper.isEmpty(saml_response_name_id):\n print \"Asimba. Get Saml response. saml_response_name_id is invalid\"\n return None\n\n print \"Asimba. Get Saml response. saml_response_name_id: '%s'\" % saml_response_name_id\n\n # Use persistent Id as saml_user_uid\n return saml_response_name_id\n\n def generateNameUid(self, user):\n if self.userEnforceAttributesUniqueness == None:\n print \"Asimba. Build local external uid. User enforce attributes uniqueness not specified\"\n return None\n \n sb = StringBuilder()\n first = True\n for userAttributeName in self.userEnforceAttributesUniqueness:\n if not first:\n sb.append(\"!\")\n first = False\n attribute_values_list = user.getAttributeValues(userAttributeName)\n if (attribute_values_list != None) and (attribute_values_list.size() > 0):\n first_attribute_value = attribute_values_list.get(0)\n sb.append(first_attribute_value)\n\n return sb.toString()\n\n def setDefaultUid(self, user, saml_user_uid):\n if StringHelper.isEmpty(user.getUserId()):\n user.setUserId(saml_user_uid)\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!D40C.1CA3", "oxConfigurationProperty": ["{\"value1\":\"asimba_entity_id\",\"value2\":\"https://u144.gluu.info/saml\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"asimba_saml_certificate_file\",\"value2\":\"/etc/certs/saml.pem\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_deployment_type\",\"value2\":\"enroll\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_idp_sso_target_url\",\"value2\":\"https://u144.gluu.info/asimba/profiles/saml2/sso/web\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"enforce_uniqueness_attr_list\",\"value2\":\"edupersonprincipalname, issuerIDP\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_generate_name_id\",\"value2\":\"true\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_idp_attributes_mapping\",\"value2\":\"{\\\"uid\\\": [\\\"uid\\\", \\\"urn:oid:0.9.2342.19200300.100.1.1\\\"], \\\"mail\\\": [\\\"mail\\\", \\\"urn:oid:0.9.2342.19200300.100.1.3\\\"],\\\"givenName\\\": [\\\"givenName\\\", \\\"urn:oid:2.5.4.42\\\"], \\\"sn\\\": [\\\"sn\\\", \\\"urn:oid:2.5.4.4\\\"], \\\"eduPersonPrincipalName\\\": [\\\"eduPersonPrincipalName\\\", \\\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\\\"], \\\"issuerIDP\\\": [\\\"issuerIDP\\\" ], \\\"employeeNumber\\\": [\\\"employeeNumber\\\", \\\"urn:oid:2.16.840.1.113730.3.1.3\\\"] }\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_update_user\",\"value2\":\"true\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_validate_response\",\"value2\":\"false\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"user_object_classes\",\"value2\":\"gluuCustomPerson, eduPerson\",\"hide\":false,\"description\":\"\"}", "{\"value1\":\"saml_use_authn_context\",\"value2\":\"false\",\"hide\":false,\"description\":\"\"}"]});
267[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
268
269
270
271UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!D40C.1CA4", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!D40C.1CA4,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "50", "displayName": "passport_saml", "description": "Passport SAML authentication module", "gluuStatus": "false", "objectClass": ["oxCustomScript", "top"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Arvind Tomar\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom javax.faces.context import FacesContext\nfrom javax.faces.application import FacesMessage\nfrom org.gluu.jsf2.message import FacesMessages\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList, HashMap, IdentityHashMap\nfrom org.xdi.oxauth.client import TokenClient, TokenRequest, UserInfoClient\nfrom org.xdi.oxauth.model.common import GrantType, AuthenticationMethod\nfrom org.xdi.oxauth.model.jwt import Jwt, JwtClaimName\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import UserService, ClientService, AuthenticationService\nfrom org.xdi.oxauth.model.common import User\nfrom org.xdi.util import StringHelper\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.gluu.jsf2.service import FacesService\nfrom org.xdi.oxauth.model.util import Base64Util\nfrom org.python.core.util import StringUtil\nfrom org.xdi.oxauth.service.net import HttpService\n\nimport json\nimport java\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n print \"Passport-saml: Initialized successfully\"\n\n def init(self, configurationAttributes):\n print \"Passport-saml: Initialization init method call\"\n self.extensionModule = None\n self.attributesMapping = None\n if (configurationAttributes.containsKey(\"generic_remote_attributes_list\") and\n configurationAttributes.containsKey(\"generic_local_attributes_list\")):\n\n remoteAttributesList = configurationAttributes.get(\"generic_remote_attributes_list\").getValue2()\n if (StringHelper.isEmpty(remoteAttributesList)):\n print \"Passport-saml: Initialization. The property generic_remote_attributes_list is empty\"\n return False\n\n localAttributesList = configurationAttributes.get(\"generic_local_attributes_list\").getValue2()\n if (StringHelper.isEmpty(localAttributesList)):\n print \"Passport-saml: Initialization. The property generic_local_attributes_list is empty\"\n return False\n\n self.attributesMapping = self.prepareAttributesMapping(remoteAttributesList, localAttributesList)\n if (self.attributesMapping == None):\n print \"Passport-saml: Initialization. The attributes mapping isn't valid\"\n return False\n\n if (configurationAttributes.containsKey(\"extension_module\")):\n extensionModuleName = configurationAttributes.get(\"extension_module\").getValue2()\n try:\n self.extensionModule = __import__(extensionModuleName)\n extensionModuleInitResult = self.extensionModule.init(configurationAttributes)\n if (not extensionModuleInitResult):\n return False\n except ImportError, ex:\n print \"Passport-saml: Initialization. Failed to load generic_extension_module:\", extensionModuleName\n print \"Passport-saml: Initialization. Unexpected error:\", ex\n return False\n else:\n print(\"Passport-saml: Extension module key not found\")\n return True\n\n def destroy(self, configurationAttributes):\n print \"Passport-saml: Destroy. Destroy method call\"\n print \"Passport-saml: Destroy. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def getUserValueFromAuth(self, remote_attr, requestParameters):\n try:\n toBeFeatched = \"loginForm:\" + remote_attr\n return ServerUtil.getFirstValue(requestParameters, toBeFeatched)\n except Exception, err:\n print(\"Passport-saml: Exception inside getUserValueFromAuth \" + str(err))\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n extensionResult = self.extensionAuthenticate(configurationAttributes, requestParameters, step)\n if extensionResult != None:\n return extensionResult\n\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n try:\n UserId = self.getUserValueFromAuth(\"userid\", requestParameters)\n except Exception, err:\n print \"Passport-saml: Error: \" + str(err)\n\n useBasicAuth = StringHelper.isEmptyString(UserId)\n\n # Use basic method to log in\n if useBasicAuth:\n print \"Passport-saml: Basic Authentication\"\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):\n userService = CdiUtil.bean(UserService)\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n print \"Passport-saml: Basic Authentication returning %s\" % logged_in\n return logged_in\n else:\n facesContext = CdiUtil.bean(FacesContext)\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n uidRemoteAttr = self.getUidRemoteAttr()\n if uidRemoteAttr == None:\n print \"Cannot retrieve uid remote attribute\"\n return False\n else:\n uidRemoteAttrValue = self.getUserValueFromAuth(uidRemoteAttr, requestParameters)\n externalUid = \"passport-saml:%s\" % uidRemoteAttrValue\n\n email = self.getUserValueFromAuth(\"email\", requestParameters)\n if StringHelper.isEmptyString(email):\n facesMessages = CdiUtil.bean(FacesMessages)\n facesMessages.setKeepMessages()\n self.clearFacesMessages(facesContext)\n facesMessages.add(FacesMessage.SEVERITY_ERROR, \"Please provide your email.\")\n\n print \"Passport-saml: Email was not received\"\n return False\n\n userByMail = userService.getUserByAttribute(\"mail\", email)\n userByUid = userService.getUserByAttribute(\"oxExternalUid\", externalUid)\n\n doUpdate = False\n doAdd = False\n if userByUid!=None:\n print \"User with externalUid '%s' already exists\" % externalUid\n if userByMail!=None:\n if userByMail.getUserId()==userByUid.getUserId():\n doUpdate = True\n else:\n doUpdate = True\n else:\n if userByMail==None:\n doAdd = True\n\n if doUpdate:\n foundUser = userByUid\n #update user with remote attributes coming\n for attributesMappingEntry in self.attributesMapping.entrySet():\n remoteAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n localAttributeValue = self.getUserValueFromAuth(remoteAttribute, requestParameters)\n\n if (localAttribute != None) and (localAttribute != \"provider\") and (localAttributeValue != \"undefined\"):\n try:\n value = foundUser.getAttributeValues(str(localAttribute))[0]\n if value != localAttributeValue:\n foundUser.setAttribute(localAttribute, localAttributeValue)\n except Exception, err:\n print(\"Error in update Attribute \" + str(err))\n\n try:\n foundUserName = foundUser.getUserId()\n print \"Passport-saml: Updating user %s\" % foundUserName\n\n userService.updateUser(foundUser)\n userAuthenticated = authenticationService.authenticate(foundUserName)\n print \"Passport-saml: Is user authenticated = \" + str(userAuthenticated)\n\n return userAuthenticated\n except Exception, err:\n return False\n\n if doAdd:\n newUser = User()\n #Fill user attrs\n newUser.setAttribute(\"oxExternalUid\", externalUid)\n\n for attributesMappingEntry in self.attributesMapping.entrySet():\n remoteAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n localAttributeValue = self.getUserValueFromAuth(remoteAttribute, requestParameters)\n\n if (localAttribute != None) and (localAttribute != \"provider\") and (localAttributeValue != \"undefined\"):\n newUser.setAttribute(localAttribute, localAttributeValue)\n\n try:\n print \"Passport-saml: Adding user %s\" % externalUid\n foundUser = userService.addUser(newUser, True)\n foundUserName = foundUser.getUserId()\n\n userAuthenticated = authenticationService.authenticate(foundUserName)\n print \"Passport-saml: User added successfully and isUserAuthenticated = \" + str(userAuthenticated)\n\n return userAuthenticated\n except Exception, err:\n print \"Passport-saml: Error in adding user:\" + str(err)\n return False\n\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n extensionResult = self.extensionPrepareForStep(configurationAttributes, requestParameters, step)\n if extensionResult != None:\n return extensionResult\n\n if (step == 1):\n print \"Passport-saml: Prepare for Step 1 method call\"\n identity = CdiUtil.bean(Identity)\n sessionId = identity.getSessionId()\n sessionAttribute = sessionId.getSessionAttributes()\n print \"Passport-saml: session %s\" % sessionAttribute\n oldState = sessionAttribute.get(\"state\")\n if(oldState == None):\n print \"Passport-saml: old state is none\"\n return True\n else:\n print \"Passport-saml: state is obtained\"\n try:\n stateBytes = Base64Util.base64urldecode(oldState)\n state = StringUtil.fromBytes(stateBytes)\n stateObj = json.loads(state)\n print stateObj[\"provider\"]\n for y in stateObj:\n print (y,':',stateObj[y])\n httpService = CdiUtil.bean(HttpService)\n facesService = CdiUtil.bean(FacesService)\n facesContext = CdiUtil.bean(FacesContext)\n httpclient = httpService.getHttpsClient()\n headersMap = HashMap()\n headersMap.put(\"Accept\", \"text/json\")\n host = facesContext.getExternalContext().getRequest().getServerName()\n url = \"https://\"+host+\"/passport/token\"\n print \"Passport-saml: url %s\" %url\n resultResponse = httpService.executeGet(httpclient, url , headersMap)\n http_response = resultResponse.getHttpResponse()\n response_bytes = httpService.getResponseContent(http_response)\n szResponse = httpService.convertEntityToString(response_bytes)\n print \"Passport-saml: szResponse %s\" % szResponse\n tokenObj = json.loads(szResponse)\n print \"Passport-saml: /passport/auth/saml/\"+stateObj[\"provider\"]+\"/\"+tokenObj[\"token_\"]\n facesService.redirectToExternalURL(\"/passport/auth/saml/\"+stateObj[\"provider\"]+\"/\"+tokenObj[\"token_\"])\n\n except Exception, err:\n print str(err)\n return True\n return True\n else:\n return True\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 1\n\n def getPageForStep(self, configurationAttributes, step):\n extensionResult = self.extensionGetPageForStep(configurationAttributes, step)\n if extensionResult != None:\n return extensionResult\n\n if (step == 1):\n return \"/auth/passport/passportlogin.xhtml\"\n return \"/auth/passport/passportpostlogin.xhtml\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n\n def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):\n try:\n remoteAttributesListArray = StringHelper.split(remoteAttributesList, \",\")\n if (ArrayHelper.isEmpty(remoteAttributesListArray)):\n print(\"Passport-saml: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property\")\n return None\n\n localAttributesListArray = StringHelper.split(localAttributesList, \",\")\n if (ArrayHelper.isEmpty(localAttributesListArray)):\n print(\"Passport-saml: PrepareAttributesMapping. There is no attributes specified in localAttributesList property\")\n return None\n\n if (len(remoteAttributesListArray) != len(localAttributesListArray)):\n print(\"Passport-saml: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal\")\n return None\n\n attributeMapping = IdentityHashMap()\n containsUid = False\n i = 0\n count = len(remoteAttributesListArray)\n while (i < count):\n remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])\n localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])\n attributeMapping.put(remoteAttribute, localAttribute)\n if (StringHelper.equalsIgnoreCase(localAttribute, \"uid\")):\n containsUid = True\n\n i = i + 1\n\n if (not containsUid):\n print \"Passport-saml: PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute\"\n return None\n\n return attributeMapping\n except Exception, err:\n print(\"Passport-saml: Exception inside prepareAttributesMapping \" + str(err))\n\n def getUidRemoteAttr(self):\n try:\n for attributesMappingEntry in self.attributesMapping.entrySet():\n remoteAttribute = attributesMappingEntry.getKey()\n localAttribute = attributesMappingEntry.getValue()\n if localAttribute == \"uid\":\n return remoteAttribute\n except Exception, err:\n print(\"Passport-saml: Exception inside getUidRemoteAttr \" + str(err))\n\n return None\n\n def extensionAuthenticate(self, configurationAttributes, requestParameters, step):\n if (self.extensionModule == None):\n return None\n\n try:\n result = self.extensionModule.authenticate(configurationAttributes, requestParameters, step)\n print \"Passport-saml: Extension. Authenticate: '%s'\" % result\n\n return result\n except Exception, ex:\n print \"Passport-saml: Extension. Authenticate. Failed to execute postLogin method\"\n print \"Passport-saml: Extension. Authenticate. Unexpected error:\", ex\n except java.lang.Throwable, ex:\n print \"Passport-saml: Extension. Authenticate. Failed to execute postLogin method\"\n ex.printStackTrace()\n\n return True\n\n def extensionGetPageForStep(self, configurationAttributes, step):\n if (self.extensionModule == None):\n return None\n\n try:\n result = self.extensionModule.getPageForStep(configurationAttributes, step)\n print \"Passport-saml: Extension. Get page for Step: '%s'\" % result\n\n return result\n except Exception, ex:\n print \"Passport-saml: Extension. Get page for Step. Failed to execute postLogin method\"\n print \"Passport-saml: Extension. Get page for Step. Unexpected error:\", ex\n except java.lang.Throwable, ex:\n print \"Passport-saml: Extension. Get page for Step. Failed to execute postLogin method\"\n ex.printStackTrace()\n\n return None\n\n def extensionPrepareForStep(self, configurationAttributes, requestParameters, step):\n if (self.extensionModule == None):\n return None\n\n try:\n result = self.extensionModule.prepareForStep(configurationAttributes, requestParameters, step)\n print \"Passport-saml: Extension. Prepare for Step: '%s'\" % result\n\n return result\n except Exception, ex:\n print \"Passport-saml: Extension. Prepare for Step. Failed to execute postLogin method\"\n print \"Passport-saml: Extension. Prepare for Step. Unexpected error:\", ex\n except java.lang.Throwable, ex:\n print \"Passport-saml: Extension. Prepare for Step. Failed to execute postLogin method\"\n ex.printStackTrace() \n\n return None\n\n def clearFacesMessages(self, context):\n\n if context!=None:\n try:\n iterator = context.getMessages()\n while iterator.hasNext():\n iterator.next()\n iterator.remove()\n except:\n print \"Error clearing faces messages\"\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!D40C.1CA4", "oxConfigurationProperty": ["{\"value1\":\"generic_remote_attributes_list\",\"value2\":\"username, email, name, name, givenName, familyName, provider\",\"description\":\"\"}", "{\"value1\":\"generic_local_attributes_list\",\"value2\":\"uid, mail, cn, displayName, givenName, sn, provider\",\"description\":\"\"}"]});
272[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
273
274
275
276UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.B788", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.B788,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "client_registration", "description": "Sample Client Registration script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "client_registration", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.model.custom.script.type.client import ClientRegistrationType\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.service import ScopeService\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList, HashSet\n\nimport java\n\nclass ClientRegistration(ClientRegistrationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Client registration. Initialization\"\n \n self.clientRedirectUrisSet = self.prepareClientRedirectUris(configurationAttributes)\n\n print \"Client registration. Initialized successfully\"\n return True \n\n def destroy(self, configurationAttributes):\n print \"Client registration. Destroy\"\n print \"Client registration. Destroyed successfully\"\n return True \n\n # Update client entry before persistent it\n # registerRequest is org.xdi.oxauth.client.RegisterRequest\n # client is org.xdi.oxauth.model.registration.Client\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\n def updateClient(self, registerRequest, client, configurationAttributes):\n print \"Client registration. UpdateClient method\"\n\n redirectUris = client.getRedirectUris()\n print \"Client registration. Redirect Uris: %s\" % redirectUris\n\n addAddressScope = False\n for redirectUri in redirectUris:\n if (self.clientRedirectUrisSet.contains(redirectUri)):\n addAddressScope = True\n break\n \n print \"Client registration. Is add address scope: %s\" % addAddressScope\n\n if addAddressScope:\n currentScopes = client.getScopes()\n print \"Client registration. Current scopes: %s\" % currentScopes\n \n scopeService = CdiUtil.bean(ScopeService)\n addressScope = scopeService.getScopeByDisplayName(\"address\")\n newScopes = ArrayHelper.addItemToStringArray(currentScopes, addressScope.getDn())\n \n print \"Client registration. Result scopes: %s\" % newScopes\n client.setScopes(newScopes)\n\n return True\n\n def getApiVersion(self):\n return 1\n\n def prepareClientRedirectUris(self, configurationAttributes):\n clientRedirectUrisSet = HashSet()\n if not configurationAttributes.containsKey(\"client_redirect_uris\"):\n return clientRedirectUrisSet\n\n clientRedirectUrisList = configurationAttributes.get(\"client_redirect_uris\").getValue2()\n if StringHelper.isEmpty(clientRedirectUrisList):\n print \"Client registration. The property client_redirect_uris is empty\"\n return clientRedirectUrisSet \n\n clientRedirectUrisArray = StringHelper.split(clientRedirectUrisList, \",\")\n if ArrayHelper.isEmpty(clientRedirectUrisArray):\n print \"Client registration. No clients specified in client_redirect_uris property\"\n return clientRedirectUrisSet\n \n # Convert to HashSet to quick search\n i = 0\n count = len(clientRedirectUrisArray)\n while i < count:\n uris = clientRedirectUrisArray[i]\n clientRedirectUrisSet.add(uris)\n i = i + 1\n\n return clientRedirectUrisSet\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.B788", "oxConfigurationProperty": ["{\"value1\":\"client_redirect_uris\",\"value2\":\"https://client.example.com/example1, https://client.example.com/example2\",\"description\":\"\"}"]});
277[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
278
279
280
281UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!09A0.93D6", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!09A0.93D6,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "60", "displayName": "twilio_sms", "description": "Twilio SMS authentication module", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "person_authentication", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2018, Gluu\n#\n# Author: Jose Gonzalez\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.auth import PersonAuthenticationType\nfrom org.xdi.oxauth.service import UserService, AuthenticationService\nfrom org.xdi.oxauth.util import ServerUtil\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays\n\nimport com.twilio.Twilio as Twilio\nimport com.twilio.rest.api.v2010.account.Message as Message\nimport com.twilio.type.PhoneNumber as PhoneNumber\nimport org.codehaus.jettison.json.JSONArray as JSONArray\n\nimport java\nimport random\nimport jarray\n\nclass PersonAuthentication(PersonAuthenticationType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Twilio SMS. Initialization\"\n\n self.ACCOUNT_SID = None\n self.AUTH_TOKEN = None\n self.FROM_NUMBER = None\n\n # Get Custom Properties\n try:\n self.ACCOUNT_SID = configurationAttributes.get(\"twilio_sid\").getValue2()\n except:\n print 'TwilioSMS, Missing required configuration attribute \"twilio_sid\"'\n\n try:\n self.AUTH_TOKEN = configurationAttributes.get(\"twilio_token\").getValue2()\n except:\n print'TwilioSMS, Missing required configuration attribute \"twilio_token\"'\n try:\n self.FROM_NUMBER = configurationAttributes.get(\"from_number\").getValue2()\n except:\n print'TwilioSMS, Missing required configuration attribute \"from_number\"'\n\n if None in (self.ACCOUNT_SID, self.AUTH_TOKEN, self.FROM_NUMBER):\n print \"twilio_sid, twilio_token, from_number is empty ... returning False\"\n return False\n\n print \"Twilio SMS. Initialized successfully\"\n\n return True\n\n def destroy(self, configurationAttributes):\n print \"Twilio SMS. Destroy\"\n print \"Twilio SMS. Destroyed successfully\"\n return True\n\n def getApiVersion(self):\n return 1\n\n def isValidAuthenticationMethod(self, usageType, configurationAttributes):\n return True\n\n def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):\n return None\n\n def authenticate(self, configurationAttributes, requestParameters, step):\n userService = CdiUtil.bean(UserService)\n authenticationService = CdiUtil.bean(AuthenticationService)\n\n identity = CdiUtil.bean(Identity)\n session_attributes = identity.getSessionId().getSessionAttributes()\n\n form_passcode = ServerUtil.getFirstValue(requestParameters, \"passcode\")\n form_name = ServerUtil.getFirstValue(requestParameters, \"TwilioSmsloginForm\")\n\n print \"TwilioSMS. form_response_passcode: %s\" % str(form_passcode)\n\n if step == 1:\n print \"TwilioSMS. Step 1 Password Authentication\"\n identity = CdiUtil.bean(Identity)\n credentials = identity.getCredentials()\n\n user_name = credentials.getUsername()\n user_password = credentials.getPassword()\n\n logged_in = False\n if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):\n logged_in = authenticationService.authenticate(user_name, user_password)\n\n if not logged_in:\n return False\n\n # Get the Person's number and generate a code\n foundUser = None\n try:\n foundUser = authenticationService.getAuthenticatedUser()\n except:\n print 'TwilioSMS, Error retrieving user %s from LDAP' % (user_name)\n return False\n\n try:\n isVerified = foundUser.getAttribute(\"phoneNumberVerified\")\n if isVerified:\n mobile_number = foundUser.getAttribute(\"employeeNumber\")\n if mobile_number == None:\n mobile_number = foundUser.getAttribute(\"mobile\")\n if mobile_number == None:\n mobile_number = foundUser.getAttribute(\"telephoneNumber\")\n if mobile_number == None:\n print \"TwilioSMS, Error finding mobile number for user '%'\" % user_name\n \n except:\n print 'TwilioSMS, Error finding mobile number for' % (user_name)\n return False\n\n # Generate Random six digit code and store it in array\n code = random.randint(100000, 999999)\n\n # Get code and save it in LDAP temporarily with special session entry\n identity.setWorkingParameter(\"code\", code)\n\n try:\n Twilio.init(self.ACCOUNT_SID, self.AUTH_TOKEN);\n message = Message.creator(PhoneNumber(mobile_number), PhoneNumber(self.FROM_NUMBER), str(code)).create();\n\n print 'TwilioSMs, Message Sid: %s' % (message.getSid())\n return True\n except Exception, ex:\n print \"TwilioSMS. Error sending message to Twilio\"\n print \"TwilioSMS. Unexpected error:\", ex\n\n return False\n elif step == 2:\n # Retrieve the session attribute\n print \"TwilioSMS. Step 2 SMS/OTP Authentication\"\n code = session_attributes.get(\"code\")\n print \"TwilioSMS. Code: %s\" % str(code)\n\n if code is None:\n print \"TwilioSMS. Failed to find previously sent code\"\n return False\n\n if form_passcode is None:\n print \"TwilioSMS. Passcode is empty\"\n return False\n\n if len(form_passcode) != 6:\n print \"TwilioSMS. Passcode from response is not 6 digits: %s\" % form_passcode\n return False\n\n if form_passcode == code:\n print \"TiwlioSMS, SUCCESS! User entered the same code!\"\n return True\n\n print \"TwilioSMS. FAIL! User entered the wrong code! %s != %s\" % (form_passcode, code)\n\n return False\n\n print \"TwilioSMS. ERROR: step param not found or != (1|2)\"\n\n return False\n\n def prepareForStep(self, configurationAttributes, requestParameters, step):\n if step == 1:\n print \"TwilioSMS. Prepare for Step 1\"\n return True\n elif step == 2:\n print \"TwilioSMS. Prepare for Step 2\"\n return True\n\n return False\n\n def getExtraParametersForStep(self, configurationAttributes, step):\n if step == 2:\n return Arrays.asList(\"code\")\n\n return None\n\n def getCountAuthenticationSteps(self, configurationAttributes):\n return 2\n\n def getPageForStep(self, configurationAttributes, step):\n if step == 2:\n return \"/auth/twiliosms/twiliosms.xhtml\"\n\n return \"\"\n\n def logout(self, configurationAttributes, requestParameters):\n return True\n", "oxModuleProperty": ["{\"value1\":\"usage_type\",\"value2\":\"interactive\",\"description\":\"\"}", "{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!09A0.93D6", "oxConfigurationProperty": ["{\"value1\":\"twilio_sid\",\"value2\":\"Twilio account SID\",\"description\":\"\"}", "{\"value1\":\"twilio_token\",\"value2\":\"Twilio API token\",\"description\":\"\"}", "{\"value1\":\"from_number\",\"value2\":\"Twilio phone number with SMS capabilities\",\"description\":\"\"}"]});
282[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
283
284
285
286UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.B789", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.B789,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "100", "displayName": "application_session", "description": "Sample Application Session script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "application_session", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2016, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.model.custom.script.type.session import ApplicationSessionType\nfrom org.xdi.util import StringHelper, ArrayHelper\nfrom java.util import Arrays, ArrayList\n\nimport java\n\nclass ApplicationSession(ApplicationSessionType):\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Application session. Initialization\"\n print \"Application session. Initialized successfully\"\n\n return True \n\n def destroy(self, configurationAttributes):\n print \"Application session. Destroy\"\n print \"Application session. Destroyed successfully\"\n return True \n\n def getApiVersion(self):\n return 1\n\n # Application calls it at end session request to allow notify 3rd part systems\n # httpRequest is javax.servlet.http.HttpServletRequest\n # authorizationGrant is org.xdi.oxauth.model.common.AuthorizationGrant\n # configurationAttributes is java.util.Map<String, SimpleCustomProperty>\n def endSession(self, httpRequest, authorizationGrant, configurationAttributes):\n print \"Application session. Starting external session end\"\n\n print \"Application session. External session ended successfully\"\n return True\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.B789"});
287[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
288
289
290
291UPSERT INTO `gluu` (KEY, VALUE) VALUES ("scripts_@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.BA60", {"oxRevision": "1", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.BA60,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxLevel": "10", "displayName": "consent_gathering", "description": "Consent Gathering script", "gluuStatus": "false", "objectClass": ["top", "oxCustomScript"], "programmingLanguage": "python", "oxScriptType": "consent_gathering", "oxScript": "# oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.\n# Copyright (c) 2017, Gluu\n#\n# Author: Yuriy Movchan\n#\n\nfrom org.xdi.service.cdi.util import CdiUtil\nfrom org.xdi.oxauth.security import Identity\nfrom org.xdi.model.custom.script.type.authz import ConsentGatheringType\nfrom org.xdi.util import StringHelper\n\nimport java\nimport random\n\nclass ConsentGathering(ConsentGatheringType):\n\n def __init__(self, currentTimeMillis):\n self.currentTimeMillis = currentTimeMillis\n\n def init(self, configurationAttributes):\n print \"Consent-Gathering. Initializing ...\"\n print \"Consent-Gathering. Initialized successfully\"\n\n return True\n\n def destroy(self, configurationAttributes):\n print \"Consent-Gathering. Destroying ...\"\n print \"Consent-Gathering. Destroyed successfully\"\n\n return True\n\n def getApiVersion(self):\n return 1\n\n # Main consent-gather method. Must return True (if gathering performed successfully) or False (if fail).\n # All user entered values can be access via Map<String, String> context.getPageAttributes()\n def authorize(self, step, context): # context is reference of org.xdi.oxauth.service.external.context.ConsentGatheringContext\n print \"Consent-Gathering. Authorizing...\"\n\n if step == 1:\n allowButton = context.getRequestParameters().get(\"authorizeForm:allowButton\")\n if (allowButton != None) and (len(allowButton) > 0):\n print \"Consent-Gathering. Authorization success for step 1\"\n return True\n\n print \"Consent-Gathering. Authorization declined for step 1\"\n elif step == 2:\n allowButton = context.getRequestParameters().get(\"authorizeForm:allowButton\")\n if (allowButton != None) and (len(allowButton) > 0):\n print \"Consent-Gathering. Authorization success for step 2\"\n return True\n\n print \"Consent-Gathering. Authorization declined for step 2\"\n\n return False\n\n def getNextStep(self, step, context):\n return -1\n\n def prepareForStep(self, step, context):\n if not context.isAuthenticated():\n print \"User is not authenticated. Aborting authorization flow ...\"\n return False\n\n if step == 2:\n pageAttributes = context.getPageAttributes()\n \n # Generate random consent gathering request\n consentRequest = \"Requested transaction #%s approval for the amount of sum $ %s.00\" % ( random.randint(100000, 1000000), random.randint(1, 100) )\n pageAttributes.put(\"consent_request\", consentRequest)\n return True\n\n return True\n\n def getStepsCount(self, context):\n return 2\n\n def getPageForStep(self, step, context):\n if step == 1:\n return \"/authz/authorize.xhtml\"\n elif step == 2:\n return \"/authz/transaction.xhtml\"\n\n return \"\"\n", "oxModuleProperty": ["{\"value1\":\"location_type\",\"value2\":\"ldap\",\"description\":\"\"}"], "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!DAA9.BA60"});
292[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
293
294
295
296
29718:41:57 06/29/18 Importing ldif file ./output/configuration.ldif to Couchebase
29818:41:57 06/29/18 Running Couchbase query from file /tmp/n1ql/configuration.n1ql
29918:41:57 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/configuration.n1ql
30018:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
301 [0m
302
303
304 Path to history file for the shell : /root/.cbq_history
305UPSERT INTO `gluu` (KEY, VALUE) VALUES ("appliances_@!7194.95E2.1D42.FF59!0002!E0DF.3C2F_configuration_oxauth", {"oxAuthConfWebKeys": "{\"keys\": [\n {\n \"kid\": \"b6a845b9-dc90-451d-bed0-156c957a9448\",\n \"kty\": \"RSA\",\n \"use\": \"sig\",\n \"alg\": \"RS256\",\n \"exp\": 1561833451130,\n \"n\": \"jcUn2POShRRce7ykimbJy9gA-avFGoEXSCnJskt8NMWqMrLwxdmBCZRdRgKselGHcrOP56RuD6srw2JKuq53MzPWPrRtiSW690fE6ASJDmIVE2pTqPXpQrWcG2soME3vRqnJ3o0zh0Ox31rIsUbiJNB8YE9H-iv8bv6saO_dWI78WqE2t_ccCxBBh9DwaH13QE2Hm8DFEq92urSOKIP-tf4RPdLX7LYzdlU8yDMGbZYx2Tsoui7KhZ7y1aI7xzISY9M10s2rv7zxfJw-x_huWRm9RoCybhDTCH2fKb_glnnSrVTljEHYow_jLnDXr2ruvHuntuhklNiwlHxx2vwWHQ\",\n \"e\": \"AQAB\",\n \"x5c\": [\"MIIDBDCCAeygAwIBAgIhALwsM2PoGlYIOwUvvcNgA5P1M1HhapXTwc5/sIq7DLMaMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzIyWhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcUn2POShRRce7ykimbJy9gA+avFGoEXSCnJskt8NMWqMrLwxdmBCZRdRgKselGHcrOP56RuD6srw2JKuq53MzPWPrRtiSW690fE6ASJDmIVE2pTqPXpQrWcG2soME3vRqnJ3o0zh0Ox31rIsUbiJNB8YE9H+iv8bv6saO/dWI78WqE2t/ccCxBBh9DwaH13QE2Hm8DFEq92urSOKIP+tf4RPdLX7LYzdlU8yDMGbZYx2Tsoui7KhZ7y1aI7xzISY9M10s2rv7zxfJw+x/huWRm9RoCybhDTCH2fKb/glnnSrVTljEHYow/jLnDXr2ruvHuntuhklNiwlHxx2vwWHQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBACVM/xyghuWbUN52htwbkNunJrK7g2xaySboOvIygsJkVxrAemoHgsdTa7VhimroNDzMiqAthM4cS910+6obOe6lIMx+Br8MXHpccf9+iM5MRvjtQ2Y6bdcqJTsJp/lCmOkBfWCrLG09EfAOxK1lHPPX3QzN2XsJlw4n+xrHvpO43mntlPGGcT3Z5qy/VsiPNYycajKisBnqUZW0KbJo6PnTMdVT9+vhRotBKKzDEWawrGJJ9IQ7+7BlXRoFi+nUArT/XNgA+IX5FRhaOLrHSbHVL/uUDXdZ848HbUjJ6yHOxrPz81p8RnBdky2YdmCKlCnOeZHGLRf1deTeOB+IWJ0=\"]\n },\n {\n \"kid\": \"9193d22a-cf3c-4b06-adcd-d9ac172571c9\",\n \"kty\": \"RSA\",\n \"use\": \"sig\",\n \"alg\": \"RS384\",\n \"exp\": 1561833451130,\n \"n\": \"swmjfYfopoWYNX6TGp7abk5_jy0LcHewj6m-g1GBx2b3BACLiLJjJ8lk5LdJtv9fjb62SVuY0Q_PEZfrv4YGfxYIIcFm6F7mTQL9bBp9l-UHYw3t3yp4MBns2R_W2Agj94rpJkmkiHJZ2av4l7Etr8f3yvtq0HhEdj4S-EU-knjgRJaIUaqZAtMw_GGAkxS4-s-Wz1Vb7N_2G7m1FLg8CPYWCqQn7_mX0b-FXl8f0-wlLAxPV9y42iZmVjzGqfeuGJGDeLRix1swUgOS9T3ermVafaEP9LQ5wLIcbH_BEJesW5fi7edw4fpar2rKcdKmO7fvxqveh777I5gOoZzJmw\",\n \"e\": \"AQAB\",\n \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAPQIRGAqR/MXGY8ohYIRxtuWaUlZIdAQwe3kEkoNWnw6MA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzIyWhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswmjfYfopoWYNX6TGp7abk5/jy0LcHewj6m+g1GBx2b3BACLiLJjJ8lk5LdJtv9fjb62SVuY0Q/PEZfrv4YGfxYIIcFm6F7mTQL9bBp9l+UHYw3t3yp4MBns2R/W2Agj94rpJkmkiHJZ2av4l7Etr8f3yvtq0HhEdj4S+EU+knjgRJaIUaqZAtMw/GGAkxS4+s+Wz1Vb7N/2G7m1FLg8CPYWCqQn7/mX0b+FXl8f0+wlLAxPV9y42iZmVjzGqfeuGJGDeLRix1swUgOS9T3ermVafaEP9LQ5wLIcbH/BEJesW5fi7edw4fpar2rKcdKmO7fvxqveh777I5gOoZzJmwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAJCizBeR/LwCNcESZ0GhdCOy48ZEuIcaN6vxjvWF+kaJfywjtw5DV+SZp2Q62KTvEsRt6S61JmepmYcXPeqe9FrdU9+N23VDttfN8r2nEkIKLnt3CL9WjC3gWV8wAQMf5167YEfcig8adT4VJHDEMS2CEVHPw1Q5IFNDNFmbgBfrUA6VicXA//2NEuPIdVKiw2ct20Ls4zpbMZt2lYgklJW5mmSyUUw4gilYXnInqIpdl9aNwVIcibVwLCVRFs87r4zWHYV8iOMPUMGjBaE4OgO9UzF4XfuQ+ZczbtMl2HnLhRDlKaaz6ot3ZLURgdzHr6SgvWqi4zGBMDNNHwVT+As=\"]\n },\n {\n \"kid\": \"36abc80a-baf0-4852-9741-ce53f49a4273\",\n \"kty\": \"RSA\",\n \"use\": \"sig\",\n \"alg\": \"RS512\",\n \"exp\": 1561833451130,\n \"n\": \"3Qavv8vSL4IaFqPOrrBgQL9oSf101HtaUcxo542-DdIwLqyZek8bbmWRbF9p5M-vH2L1uLFwu8VLcXDIDbt8nM98wOSLsYVDv92SJ12gNL3W7F7LNHNoVv92Qx6eqfMDHf7yzaiUSUQ1OxWlr7a_61oG1WU1NzE3JWsmLYLmsjDS4Y7-8ypqfnu0-fXjf-y98LuGfQL50XZ4VcWIJ8vj3gcXIIVIyc5ogzsUaTxjkXlkzW3pw_Omhp_2BrsMDOtV_NUX_XNvcXyQVq4piDQsqZxVMz4zZiVuWE0BhqjzDNigNFk6Q67ZXSEWddBacP4QFF9zUNcTgB2AWT9V5BOatw\",\n \"e\": \"AQAB\",\n \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAIc5kdg2SmcqopYNM7RfyxqYE229AufzlUKDUQHcBxMIMA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzIzWhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qavv8vSL4IaFqPOrrBgQL9oSf101HtaUcxo542+DdIwLqyZek8bbmWRbF9p5M+vH2L1uLFwu8VLcXDIDbt8nM98wOSLsYVDv92SJ12gNL3W7F7LNHNoVv92Qx6eqfMDHf7yzaiUSUQ1OxWlr7a/61oG1WU1NzE3JWsmLYLmsjDS4Y7+8ypqfnu0+fXjf+y98LuGfQL50XZ4VcWIJ8vj3gcXIIVIyc5ogzsUaTxjkXlkzW3pw/Omhp/2BrsMDOtV/NUX/XNvcXyQVq4piDQsqZxVMz4zZiVuWE0BhqjzDNigNFk6Q67ZXSEWddBacP4QFF9zUNcTgB2AWT9V5BOatwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAG6gZWwfinxLu6PxbmSmmzLFTL64AAY7uCshz+kdbMK6iLwf8tuKr61qZ9J8pRLgGMcfA6BhJTk584niuPkJyVF39uOhIN++uT6gdrHf3BxudhMTs9z5jtuai4gn9DtwVbHo3Cd1aW0sj1YZQAyg/bTBxiA6nGX/KfHKevpGP8O+zMHyt62UVEcrW8eifmUSYnksJQKamS0Izm+mHCHyxq+4F+LI6BSePMvEuJhriUR1EfI90cr1HS9qA49AEF+wIrPyYylt10GT1nkl3r+kijNDLKyMCbVusYAN1t8JfteIJB4xr6NkN3vfIxS1TjF6ukp5gxGGr/CXsBzDHUVbVL4=\"]\n },\n {\n \"kid\": \"e684e4a5-a296-439b-9e42-a771167cad85\",\n \"kty\": \"EC\",\n \"use\": \"sig\",\n \"alg\": \"ES256\",\n \"exp\": 1561833451130,\n \"crv\": \"P-256\",\n \"x\": \"UnVjKanUKxFOIup8zKJIzck409ryx4sJ9nYaa1EFHME\",\n \"y\": \"S-MXlSaKGNsEa9yHuozi-ppQcFnO-cRk6IE9iyGCgQA\",\n \"x5c\": [\"MIIBeDCCAR6gAwIBAgIhAMWb7Go3KILNRDNbUusRvQM/m1hltQVdmyNHtaukfJIvMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzIzWhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUnVjKanUKxFOIup8zKJIzck409ryx4sJ9nYaa1EFHMFL4xeVJooY2wRr3Ie6jOL6mlBwWc75xGTogT2LIYKBAKMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0gAMEUCIQCiG2g9YQ35Fx8XATjXA2L7eS+VKOh12frrVC8dNLPc4QIgIuf3KFUlpSoF63xlsRa27DdWBOewIDRr3rgz10OwKaU=\"]\n },\n {\n \"kid\": \"e04e0fd6-dc33-4327-9da1-d705a949e829\",\n \"kty\": \"EC\",\n \"use\": \"sig\",\n \"alg\": \"ES384\",\n \"exp\": 1561833451130,\n \"crv\": \"P-384\",\n \"x\": \"A9wUOBmbsQ1KvcdmSxKVACo6yfGu8_ZeWDM_mRoEByDU1s6H-YXbbA0cdIhNM1Bm\",\n \"y\": \"ppwIi-cdCclHkGXOE94__HOd8qoxUSlEqudjpDGbA40rDVQwLpz3EHzgDxTqRPuE\",\n \"x5c\": [\"MIIBtDCCATqgAwIBAgIgAjT+6uV7wqE9RcCPEGp71yfSf9d2+62ZVq6eJJseFq0wCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MjNaFw0xOTA2MjkxODM3MzFaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQD3BQ4GZuxDUq9x2ZLEpUAKjrJ8a7z9l5YMz+ZGgQHINTWzof5hdtsDRx0iE0zUGamnAiL5x0JyUeQZc4T3j/8c53yqjFRKUSq52OkMZsDjSsNVDAunPcQfOAPFOpE+4SjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjBF4Ma9b5w67rfwzdsi+OqH1f+9ywBUiTgXwL0zYOKd7/9kDMrt8epZ0R4+2EE0rSMCMQCr2bhFStvXyLbADX+XnSy8ZWxvTQ6QQ7HuqjRhgwyXmhekbZ4oDK2octgWTYTnp1k=\"]\n },\n {\n \"kid\": \"c622c513-8571-4377-b878-7686603f8196\",\n \"kty\": \"EC\",\n \"use\": \"sig\",\n \"alg\": \"ES512\",\n \"exp\": 1561833451130,\n \"crv\": \"P-521\",\n \"x\": \"IXiEswNrDx2mIEERJzQRDJDnPn-0EOrIkXTlHrtiTLykPgpnQWPZaqleJJlnMpht8oRp3t4DbSzNEZO0zRfi4OY\",\n \"y\": \"AdclbUF1jUEMi6vs6D3R9RM9OZxDNAhJ4ZfHi-Kc-3H3T9y0vPKnhfsySNdNhDWhgZyBt2an95TNDk5voQxUtJla\",\n \"x5c\": [\"MIIB/jCCAWCgAwIBAgIgBO/Qqafvq2phYDfYy2RN3h9/5z4G5MWlJJbIxjn3uy0wCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MjNaFw0xOTA2MjkxODM3MzFaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAAheISzA2sPHaYgQREnNBEMkOc+f7QQ6siRdOUeu2JMvKQ+CmdBY9lqqV4kmWcymG3yhGne3gNtLM0Rk7TNF+Lg5gHXJW1BdY1BDIur7Og90fUTPTmcQzQISeGXx4vinPtx90/ctLzyp4X7MkjXTYQ1oYGcgbdmp/eUzQ5Ob6EMVLSZWqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJBC1NutFNNDCOrI0bhe9PuYfQZ3sjNE2FzjkGPCXp+/izwssXtwM1jttglOLyDq9Ku0VJ7IMcARhI3F+K33sTR4z8CQgH5p45qSre+Tro6qP7ejVpYUXQTAEhJvoaTwHfLRzpfTojVauhmxfj5Z1qucS2g8d8+07FLhqpAuBiHzXZjXtDKew==\"]\n },\n {\n \"kid\": \"929ea4c1-15d4-41fb-8e00-c0d212503dae\",\n \"kty\": \"RSA\",\n \"use\": \"enc\",\n \"alg\": \"RS256\",\n \"exp\": 1561833451130,\n \"n\": \"y05G4LRemiXAIbHE-ikek9UqnvkX6ERFQE2SXrarojMuKsHbPrugZK5n20N0KRPrhdfaCmNus9HhvGvmUmqYtm8mih2OqI1VHuVp_R8gMkzBbyU6-DrApmKcvDfntugDFAnTH44rxtCT937geFh5P8qeB7WzxIGeFgPsA6cOdP64rr5U4IDL8GqKbfkzNa6V8zGzwiHTnoDPZzNRmGpJ1q_aKZ6HHMoyRUHRhJLPd237wKoAcdhIvXok9vcderLr5uXyJ4xbhH_cWZXmrvDkBYrQCGlqQS7mJp4JNG1J0nfT2YJw5XFiQHcQI7IxPBMdIVnoCLNLA49nJkAmRgz31Q\",\n \"e\": \"AQAB\",\n \"x5c\": [\"MIIDAzCCAeugAwIBAgIgFFCJdEfA3ZJnPJl5pgv5aU4EKwmEkFopbJUB1x2svw0wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MjNaFw0xOTA2MjkxODM3MzFaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLTkbgtF6aJcAhscT6KR6T1Sqe+RfoREVATZJetquiMy4qwds+u6BkrmfbQ3QpE+uF19oKY26z0eG8a+ZSapi2byaKHY6ojVUe5Wn9HyAyTMFvJTr4OsCmYpy8N+e26AMUCdMfjivG0JP3fuB4WHk/yp4HtbPEgZ4WA+wDpw50/riuvlTggMvwaopt+TM1rpXzMbPCIdOegM9nM1GYaknWr9opnoccyjJFQdGEks93bfvAqgBx2Ei9eiT29x16suvm5fInjFuEf9xZleau8OQFitAIaWpBLuYmngk0bUnSd9PZgnDlcWJAdxAjsjE8Ex0hWegIs0sDj2cmQCZGDPfVAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAjZOZ7/gCYPIBBmWJSv4zN3OH+oA+yWaTg4juMy6RV/lugDEElFS75mTTYLhgygxyANhnTgNvurNhZ8e4gk+qfWGxIfQvszWJGZraYgKsKiEenBkcLtGA2FFiZjtd7VuVewERe/+qSxIxz8QfD0R9zAscWKAJpAt3SmJnb/wTeod2ZTiXyJRlGf7p6RlmbPlAXFq7qub2yHax5kc5yyBudIlNURCkvpf4E1WnY9cvd5+Dc0kj/fpzJOXrIq/F5GSfXAxIe+9FvXZ6r77UAdFlPrkwBhb/uv3lMbBh7CleSWxY4SV7YSYS8+h0KOIp3vNB8IdXRJsT80yTqjHFI4nlXQ==\"]\n },\n {\n \"kid\": \"ed023672-6a9e-46d3-a951-e4defd252653\",\n \"kty\": \"RSA\",\n \"use\": \"enc\",\n \"alg\": \"RS384\",\n \"exp\": 1561833451130,\n \"n\": \"xu8f2XFsZqpf6mGyFxJAtAQ-ewAYiUhCMnfH5irYgP4Q-c5OeV4dJaoLJxGWDGYevFEyJ7F2iX_WMcIRN1or0oipj6fECt-knsUNBgTx5JbX37bueMp6LC01V_HKvYtx-74gufQZMSAPCkLU1DPmhLClmqB-EniFUR9nzCTtTyMbEI5P0xUsFkT4X7KPsRKgi0GSQ8uN6HvoxBZYuWGm8g3qrdaErMVDX5hWX6U4738Jtehbr_WSJ65lPr7b9pDCF5apBALF26qXq2imRTS7kiAqw_Yua3BXZPl_-jvUXecnrWDxi1veIAuzLvUjUItRVv9SwLIBP2p6suyY0jB7hQ\",\n \"e\": \"AQAB\",\n \"x5c\": [\"MIIDAzCCAeugAwIBAgIgURBHejzZWS9J6o4VyxMg9VdLbII+TEEVaufBtijyFrswDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MjRaFw0xOTA2MjkxODM3MzFaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG7x/ZcWxmql/qYbIXEkC0BD57ABiJSEIyd8fmKtiA/hD5zk55Xh0lqgsnEZYMZh68UTInsXaJf9YxwhE3WivSiKmPp8QK36SexQ0GBPHkltfftu54ynosLTVX8cq9i3H7viC59BkxIA8KQtTUM+aEsKWaoH4SeIVRH2fMJO1PIxsQjk/TFSwWRPhfso+xEqCLQZJDy43oe+jEFli5YabyDeqt1oSsxUNfmFZfpTjvfwm16Fuv9ZInrmU+vtv2kMIXlqkEAsXbqperaKZFNLuSICrD9i5rcFdk+X/6O9Rd5yetYPGLW94gC7Mu9SNQi1FW/1LAsgE/anqy7JjSMHuFAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAKKjsWMgYkIZmoz4PKz35yo4kSVueiBWQwhjGbTKusam6arXarr27AmaDwBsTf0ggg78Ont5VR9+b3CPzYo/Q8TAoPoOJGoVowv7sW10/fPuPkjfx60KKRA2x9seFVmnb/GM2bFQ7kEXZJBTmKHXwlaA4VyZBGEObzqphigpfiHT1W5foWopS/E8eyY7WfSO068qhq1AN0X7DqkEttzueUknfCNWB3scM3C27IM7f1t5j26jLyxY09i5O8NdnCr5P+q82UtkijErvV4QCLno9TBaogc4J8URuXaK4ci7r/XAareT5y3eJMiQY7DKKR9dFTiX1MP2by0nlah3nzy8e1A==\"]\n },\n {\n \"kid\": \"e448e434-56ec-44e4-8dfa-b882f8089b36\",\n \"kty\": \"RSA\",\n \"use\": \"enc\",\n \"alg\": \"RS512\",\n \"exp\": 1561833451130,\n \"n\": \"4F3Q0nV25uE2Q2DylxiC5uUY6QcseqJIqI18pDL_9LxZzmpbZxm3SSOUcEdx0h57pLiHRuSa6Rap0JkCylM_uNfWvdiMqKg1y6YLIPlFfDGBgmcwjEPdjpH508JmWrl0ofLvspchHsZ1T9HKNcCsrjAwVb0qiJQtKz_x5mRHtnuAV3BngpGecCjVbxScStQEsXmtLMlw8FHOQljArnK_Dl-XN599pbhm_a5u6W08h0dWRJ2dpWRCOzEF6BVnmydVcQc5FCgjN9l4WH8Uwx-4wlUBz2ijRUvCzeX2SBYMf6UeKvErzIlAhzDAarlPRmjrBxKaHkiTEEuq4JdA_Wn2ew\",\n \"e\": \"AQAB\",\n \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAIv/ZJyQG47gfPXsu1M6i39q8qqZhkVi/JdY0NNK6GWlMA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzI0WhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4F3Q0nV25uE2Q2DylxiC5uUY6QcseqJIqI18pDL/9LxZzmpbZxm3SSOUcEdx0h57pLiHRuSa6Rap0JkCylM/uNfWvdiMqKg1y6YLIPlFfDGBgmcwjEPdjpH508JmWrl0ofLvspchHsZ1T9HKNcCsrjAwVb0qiJQtKz/x5mRHtnuAV3BngpGecCjVbxScStQEsXmtLMlw8FHOQljArnK/Dl+XN599pbhm/a5u6W08h0dWRJ2dpWRCOzEF6BVnmydVcQc5FCgjN9l4WH8Uwx+4wlUBz2ijRUvCzeX2SBYMf6UeKvErzIlAhzDAarlPRmjrBxKaHkiTEEuq4JdA/Wn2ewIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBANON9BrBjo3n4/n6ZZ9pr/oNfZHPDS/b3jOucdrdcZJqJEQzUq0xwgSDTLM3a5RNdh1S5pUmtZYktngI9bCpJOWDcr556VHgHbxHc3f/9w8XOcUV7JOJrL0mHV2JzGDcc2sLXSlKACYTOeft21ZyEqhj5BnuktyjmjNrHSluyrczGel7utIaUJlTo0+bPhWy6QOdnrqpsYJ/sB2oLoEFICidOs48aXaDnOYdNtZIRm5nu1k2SmPIYD/XiUmPR4M2r2TpP7WMNGQE0p36zayCK8GgZSoqY4byKjZOKfHo+ZXVMCDfWT3ameyifTNsFj1h8570FjTsojVL/7qfQCmke2I=\"]\n },\n {\n \"kid\": \"65ebf64d-15b4-4c0c-8532-1e88f47887a8\",\n \"kty\": \"EC\",\n \"use\": \"enc\",\n \"alg\": \"ES256\",\n \"exp\": 1561833451130,\n \"crv\": \"P-256\",\n \"x\": \"8MrtyUEIlKkK3tmXc1ZSZ8hTsP92P3nz3lWnJmx8bQ8\",\n \"y\": \"QCKYSXQzPkZgbqSilXxzzFC44-640kthBGU5ITL5sVA\",\n \"x5c\": [\"MIIBeDCCAR6gAwIBAgIhALzH9gFCPDga8z5qNKXPhdFc80e9UzpOjSRVtTMQl8/sMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzI0WhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8MrtyUEIlKkK3tmXc1ZSZ8hTsP92P3nz3lWnJmx8bQ9AIphJdDM+RmBupKKVfHPMULjj7rjSS2EEZTkhMvmxUKMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0gAMEUCIQC2TqWKcIeI6BWhEonZX7cX9fNT4Mfdi1PD11QKgdv2SAIgWZUyxRyUWg2oamK2eSn77Yht1WgNuZ4TPTDtNUyn0gk=\"]\n },\n {\n \"kid\": \"cbae57b8-1a79-4ad1-bff3-30b38210eeac\",\n \"kty\": \"EC\",\n \"use\": \"enc\",\n \"alg\": \"ES384\",\n \"exp\": 1561833451130,\n \"crv\": \"P-384\",\n \"x\": \"ivWP4DU9vzEqTjciHugVslYwmGu9E3kafe_tNUWugP5wLrIPiOFbBPF3esDzcw9M\",\n \"y\": \"KPsBlREp7tutC1dv9nbmR7RfWiGdHSfQMCqKqv0pWXsxzPijzM7J1izwB6ddr-X9\",\n \"x5c\": [\"MIIBtjCCATugAwIBAgIhAI4r7SmnZ2kKRmN/tu3ymutAn5w7qbc78kPm639glvkWMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzI0WhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEivWP4DU9vzEqTjciHugVslYwmGu9E3kafe/tNUWugP5wLrIPiOFbBPF3esDzcw9MKPsBlREp7tutC1dv9nbmR7RfWiGdHSfQMCqKqv0pWXsxzPijzM7J1izwB6ddr+X9oycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDaQAwZgIxAIQ8Mql86v02JkJpVml9dLqcu4UXn4OsqqoR0Q23qXJXQem4b4frn0+d+ZOgiJ/06wIxAN6EMEqIun//jpJrSblud65ElkxEwbryFTgomR+iTzQpF30E01mshbFFbdbZG04wjw==\"]\n },\n {\n \"kid\": \"5b88ca7c-c8a7-4032-b46a-34e1b9d94cad\",\n \"kty\": \"EC\",\n \"use\": \"enc\",\n \"alg\": \"ES512\",\n \"exp\": 1561833451130,\n \"crv\": \"P-521\",\n \"x\": \"aQ7tzoEiuewgzwpiHQ8Wk6_tQD_mwygl9lJ17ETMBFTyrM43YKTh2mOhJ6tVEAzc2xbs9TM1-admiHt_g0JdGAE\",\n \"y\": \"AVw5-yiaYP9LI452FFDmBLBJk7ZNX-oQcL_EILdZqNDDNxmpx2xyDVmRp7gUop-o850ngQKfW0p1nfKn3GRgNGWo\",\n \"x5c\": [\"MIIB/zCCAWGgAwIBAgIhALx1S486Ex4H4jI1aEeT+gaGRscQCLfSMtioIoF95rAYMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzI0WhcNMTkwNjI5MTgzNzMxWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaQ7tzoEiuewgzwpiHQ8Wk6/tQD/mwygl9lJ17ETMBFTyrM43YKTh2mOhJ6tVEAzc2xbs9TM1+admiHt/g0JdGAEBXDn7KJpg/0sjjnYUUOYEsEmTtk1f6hBwv8Qgt1mo0MM3GanHbHINWZGnuBSin6jznSeBAp9bSnWd8qfcZGA0ZaijJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBiwAwgYcCQSbxvREi0T/80JjOb78L75pU6jCB8IgTdlE3Agz1T386RSzcz5GopIpbLyuHhpjtfaxvFZMXZ84CtMU8mmaaw8ZsAkIAnmH7AdICA/sCI6R50X0ziujCZrpUoV3PtDY1FbxFR642C9+iVmXgHHx6sHUXwtxn7bKrlTgQenuC4h947S3Mj4I=\"]\n }\n]}\n", "oxRevision": "1", "objectClass": ["oxAuthConfiguration", "top"], "oxAuthConfDynamic": "{\n \"issuer\":\"https://u144.gluu.info\",\n \"loginPage\":\"https://u144.gluu.info/oxauth/login\",\n \"authorizationPage\":\"https://u144.gluu.info/oxauth/authorize\",\n \"baseEndpoint\":\"https://u144.gluu.info/oxauth/restv1\",\n \"authorizationEndpoint\":\"https://u144.gluu.info/oxauth/restv1/authorize\",\n \"tokenEndpoint\":\"https://u144.gluu.info/oxauth/restv1/token\",\n \"userInfoEndpoint\":\"https://u144.gluu.info/oxauth/restv1/userinfo\",\n \"clientInfoEndpoint\":\"https://u144.gluu.info/oxauth/restv1/clientinfo\",\n \"checkSessionIFrame\":\"https://u144.gluu.info/oxauth/opiframe\",\n \"endSessionEndpoint\":\"https://u144.gluu.info/oxauth/restv1/end_session\",\n \"jwksUri\":\"https://u144.gluu.info/oxauth/restv1/jwks\",\n \"registrationEndpoint\":\"https://u144.gluu.info/oxauth/restv1/register\",\n \"openIdDiscoveryEndpoint\":\"https://u144.gluu.info/.well-known/webfinger\",\n \"openIdConfigurationEndpoint\":\"https://u144.gluu.info/.well-known/openid-configuration\",\n \"idGenerationEndpoint\":\"https://u144.gluu.info/oxauth/restv1/id\",\n \"introspectionEndpoint\":\"https://u144.gluu.info/oxauth/restv1/introspection\",\n \"umaConfigurationEndpoint\":\"https://u144.gluu.info/oxauth/restv1/uma2-configuration\",\n \"sectorIdentifierEndpoint\":\"https://u144.gluu.info/oxauth/sectoridentifier\",\n \"oxElevenGenerateKeyEndpoint\":\"https://u144.gluu.info/oxeleven/rest/oxeleven/generateKey\",\n \"oxElevenSignEndpoint\":\"https://u144.gluu.info/oxeleven/rest/oxeleven/sign\",\n \"oxElevenVerifySignatureEndpoint\":\"https://u144.gluu.info/oxeleven/rest/oxeleven/verifySignature\",\n \"oxElevenDeleteKeyEndpoint\":\"https://u144.gluu.info/oxeleven/rest/oxeleven/deleteKey\",\n \"oxElevenJwksEndpoint\":\"https://u144.gluu.info/oxeleven/rest/oxeleven/jwks\",\n \"openidSubAttribute\":\"inum\",\n \"responseTypesSupported\":[\n [\"code\"],\n [\"code\", \"id_token\"],\n [\"token\"],\n [\"token\", \"id_token\"],\n [\"code\", \"token\"],\n [\"code\", \"token\", \"id_token\"],\n [\"id_token\"]\n ],\n \"grantTypesSupported\":[\n \"authorization_code\",\n \"implicit\",\n \"password\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\"\n ],\n \"subjectTypesSupported\":[\n \"public\",\n \"pairwise\"\n ],\n \"defaultSubjectType\": \"pairwise\",\n \"userInfoSigningAlgValuesSupported\":[\n \"HS256\",\n \"HS384\",\n \"HS512\",\n \"RS256\",\n \"RS384\",\n \"RS512\",\n \"ES256\",\n \"ES384\",\n \"ES512\"\n ],\n \"userInfoEncryptionAlgValuesSupported\":[\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"A128KW\",\n \"A256KW\"\n ],\n \"userInfoEncryptionEncValuesSupported\":[\n \"A128CBC+HS256\",\n \"A256CBC+HS512\",\n \"A128GCM\",\n \"A256GCM\"\n ],\n \"idTokenSigningAlgValuesSupported\":[\n \"none\",\n \"HS256\",\n \"HS384\",\n \"HS512\",\n \"RS256\",\n \"RS384\",\n \"RS512\",\n \"ES256\",\n \"ES384\",\n \"ES512\"\n ],\n \"idTokenEncryptionAlgValuesSupported\":[\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"A128KW\",\n \"A256KW\"\n ],\n \"idTokenEncryptionEncValuesSupported\":[\n \"A128CBC+HS256\",\n \"A256CBC+HS512\",\n \"A128GCM\",\n \"A256GCM\"\n ],\n \"requestObjectSigningAlgValuesSupported\":[\n \"none\",\n \"HS256\",\n \"HS384\",\n \"HS512\",\n \"RS256\",\n \"RS384\",\n \"RS512\",\n \"ES256\",\n \"ES384\",\n \"ES512\"\n ],\n \"requestObjectEncryptionAlgValuesSupported\":[\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"A128KW\",\n \"A256KW\"\n ],\n \"requestObjectEncryptionEncValuesSupported\":[\n \"A128CBC+HS256\",\n \"A256CBC+HS512\",\n \"A128GCM\",\n \"A256GCM\"\n ],\n \"tokenEndpointAuthMethodsSupported\":[\n \"client_secret_basic\",\n \"client_secret_post\",\n \"client_secret_jwt\",\n \"private_key_jwt\"\n ],\n \"tokenEndpointAuthSigningAlgValuesSupported\":[\n \"HS256\",\n \"HS384\",\n \"HS512\",\n \"RS256\",\n \"RS384\",\n \"RS512\",\n \"ES256\",\n \"ES384\",\n \"ES512\"\n ],\n \"dynamicRegistrationCustomAttributes\":[\n \"oxAuthTrustedClient\"\n ],\n \"displayValuesSupported\":[\n \"page\",\n \"popup\"\n ],\n \"claimTypesSupported\":[\n \"normal\"\n ],\n \"serviceDocumentation\":\"http://gluu.org/docs\",\n \"claimsLocalesSupported\":[\n \"en\"\n ],\n \"uiLocalesSupported\":[\n \"en\",\n \"es\"\n ],\n \"dynamicGrantTypeDefault\":[\n \"authorization_code\",\n \"implicit\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\"\n ],\n \"claimsParameterSupported\":true,\n \"requestParameterSupported\":true,\n \"requestUriParameterSupported\":true,\n \"requireRequestUriRegistration\":false,\n \"opPolicyUri\":\"http://ox.gluu.org/doku.php?id=oxauth:policy\",\n \"opTosUri\":\"http://ox.gluu.org/doku.php?id=oxauth:tos\",\n \"authorizationCodeLifetime\":60,\n \"refreshTokenLifetime\":14400,\n \"idTokenLifetime\":3600,\n \"accessTokenLifetime\":300,\n \"umaResourceLifetime\":2592000,\n \"sessionAsJwt\":false,\n \"umaRptLifetime\": 3600,\n \"umaPctLifetime\": 2592000,\n \"umaAddScopesAutomatically\":true,\n \"umaValidateClaimToken\":false,\n \"umaGrantAccessIfNoPolicies\":false,\n \"umaKeepClientDuringResourceSetRegistration\":true,\n \"umaRptAsJwt\":false,\n \"cleanServiceInterval\":600,\n \"keyRegenerationEnabled\":false,\n \"keyRegenerationInterval\":48,\n \"defaultSignatureAlgorithm\":\"RS256\",\n \"oxOpenIdConnectVersion\":\"openidconnect-1.0\",\n \"organizationInum\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50\",\n \"oxId\":\"https://u144.gluu.info/oxid/service/gluu/inum\",\n \"dynamicRegistrationEnabled\":true,\n \"dynamicRegistrationExpirationTime\":86400,\n \"dynamicRegistrationPersistClientAuthorizations\":true,\n \"trustedClientEnabled\":true,\n \"skipAuthorizationForOpenIdScopeAndPairwiseId\": false,\n \"dynamicRegistrationScopesParamEnabled\":true,\n \"dynamicRegistrationCustomObjectClass\":\"\",\n \"personCustomObjectClassList\":[\n \"gluuCustomPerson\",\n \"gluuPerson\"\n ],\n \"persistIdTokenInLdap\":false,\n \"persistRefreshTokenInLdap\":true,\n \"authenticationFiltersEnabled\":false,\n \"clientAuthenticationFiltersEnabled\":false,\n \"authenticationFilters\":[\n {\n \"filter\":\"(&(mail=*{0}*)(inum={1}))\",\n \"bind\":false,\n \"bindPasswordAttribute\":\"\",\n \"baseDn\":\"o=gluu\"\n },\n {\n \"filter\":\"uid={0}\",\n \"bind\":true,\n \"bindPasswordAttribute\":\"pwd\",\n \"baseDn\":\"o=gluu\"\n }\n ],\n \"clientAuthenticationFilters\":[\n {\n \"filter\":\"myCustomAttr1={0}\",\n \"bind\":\"\",\n \"bindPasswordAttribute\":\"\",\n \"baseDn\":\"ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\"\n }\n ],\n \"applianceInum\":\"@!7194.95E2.1D42.FF59!0002!E0DF.3C2F\",\n \"sessionIdUnusedLifetime\":86400,\n \"sessionIdUnauthenticatedUnusedLifetime\":120,\n \"sessionIdEnabled\":true,\n \"sessionIdPersistOnPromptNone\":true,\n \"sessionIdLifetime\": 86400,\n \"configurationUpdateInterval\":3600,\n \"cssLocation\":\"\",\n \"jsLocation\":\"\",\n \"imgLocation\":\"\",\n \"metricReporterInterval\":300,\n \"metricReporterKeepDataDays\":15,\n \"pairwiseIdType\":\"algorithmic\",\n \"pairwiseCalculationKey\":\"ut1Wgayzana9ry7Rovn17uaYyGPa6o\",\n \"pairwiseCalculationSalt\": \"IUtcF1LsN1QnF3z5vLDfDEw3KCB\",\n \"webKeysStorage\": \"keystore\",\n \"dnName\": \"CN=oxAuth CA Certificates\",\n \"keyStoreFile\": \"/etc/certs/oxauth-keys.jks\",\n \"keyStoreSecret\": \"RX0XR3DWeFJE\",\n \"endSessionWithAccessToken\":false,\n \"clientWhiteList\": [\"*\"],\n \"clientBlackList\": [\"*.attacker.com/*\"],\n \"legacyIdTokenClaims\": false,\n \"customHeadersWithAuthorizationResponse\": true,\n \"frontChannelLogoutSessionSupported\":true,\n \"updateUserLastLogonTime\": true,\n \"updateClientAccessTime\":true,\n \"enableClientGrantTypeUpdate\": true,\n \"corsConfigurationFilters\": [\n {\n \"filterName\": \"CorsFilter\",\n \"corsAllowedOrigins\": \"*\",\n \"corsAllowedMethods\": \"GET,POST,HEAD,OPTIONS\",\n \"corsAllowedHeaders\": \"Origin,Authorization,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers\",\n \"corsExposedHeaders\": \"\",\n \"corsSupportCredentials\": true,\n \"corsLoggingEnabled\": false,\n \"corsPreflightMaxAge\": 1800,\n \"corsRequestDecorate\": true\n }\n ],\n \"logClientIdOnClientAuthentication\": true,\n \"logClientNameOnClientAuthentication\": false,\n \"httpLoggingEnabled\": false,\n \"httpLoggingExludePaths\": [],\n \"externalLoggerConfiguration\": \"\",\n \"authorizationRequestCustomAllowedParameters\" : [\n \"customParam1\",\n \"customParam2\",\n \"customParam3\"\n ],\n \"legacyDynamicRegistrationScopeParam\": false,\n \"useCacheForAllImplicitFlowObjects\":false\n}\n", "dn": "ou=oxauth,ou=configuration,inum=@!7194.95E2.1D42.FF59!0002!E0DF.3C2F,ou=appliances,o=gluu", "oxAuthConfStatic": "{\n \"baseDn\":{\n \"appliance\":\"ou=appliances,o=gluu\",\n \"people\":\"ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"groups\":\"ou=groups,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"clients\":\"ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"scopes\":\"ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"attributes\":\"ou=attributes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"sessionId\":\"ou=session,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"scripts\": \"ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"umaBase\":\"ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"umaPolicy\":\"ou=policies,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"u2fBase\":\"ou=u2f,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"metric\":\"ou=metric,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"sectorIdentifiers\": \"ou=sector_identifiers,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\"\n }\n}\n", "oxAuthConfErrors": "{\n \"authorize\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\": \"disabled_client\",\n \"description\": \"The client is disabled and can't request an access token using this method.\",\n \"uri\": null\n },\n {\n \"id\":\"unauthorized_client\",\n \"description\":\"The client is not authorized to request an access token using this method.\",\n \"uri\":null\n },\n {\n \"id\":\"access_denied\",\n \"description\":\"The resource owner or authorization server denied the request.\",\n \"uri\":null\n },\n {\n \"id\":\"unsupported_response_type\",\n \"description\":\"The authorization server does not support obtaining an access token using this method.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_scope\",\n \"description\":\"The requested scope is invalid, unknown, or malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"server_error\",\n \"description\":\"The authorization server encountered an unexpected condition which prevented it from fulfilling the request.\",\n \"uri\":null\n },\n {\n \"id\":\"temporarily_unavailable\",\n \"description\":\"The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_request_redirect_uri\",\n \"description\":\"The redirect_uri in the Authorization Request does not match any of the Client's pre-registered redirect_uris.\",\n \"uri\":null\n },\n {\n \"id\":\"login_required\",\n \"description\":\"The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server should not display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for user authentication.\",\n \"uri\":null\n },\n {\n \"id\":\"session_selection_required\",\n \"description\":\"The End-User is required to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server should not display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface to prompt for a session to use.\",\n \"uri\":null\n },\n {\n \"id\":\"consent_required\",\n \"description\":\"The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server should not display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for End-User consent.\",\n \"uri\":null\n },\n {\n \"id\":\"user_mismatched\",\n \"description\":\"The current logged in End-User at the Authorization Server does not match the requested user. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server should not display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface to prompt for the correct End-User authentication.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_request_uri\",\n \"description\":\"The request_uri in the Authorization Request returns an error or invalid data.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_openid_request_object\",\n \"description\":\"The request parameter contains an invalid OpenID Request Object.\",\n \"uri\":null\n }\n ],\n \"clientInfo\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_token\",\n \"description\":\"The access token provided is expired, revoked, malformed, or invalid for other reasons. Try to request a new access token and retry the protected resource.\",\n \"uri\":null\n }\n ],\n \"endSession\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\": \"invalid_grant_and_session\",\n \"description\": \"The provided access token and session state are invalid or were issued to another client.\",\n \"uri\": null\n },\n {\n \"id\": \"session_not_passed\",\n \"description\": \"The provided session state is empty.\",\n \"uri\": null\n },\n {\n \"id\": \"post_logout_uri_not_passed\",\n \"description\": \"The provided post logout uri is empty.\",\n \"uri\": null\n },\n {\n \"id\": \"post_logout_uri_not_associated_with_client\",\n \"description\": \"The provided post logout uri is not associated with client.\",\n \"uri\": null\n },\n {\n \"id\":\"invalid_grant\",\n \"description\":\"The provided access token is invalid, or was issued to another client.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_logout_uri\",\n \"description\":\"The provided logout_uri is invalid.\",\n \"uri\":null\n }\n ],\n \"register\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_redirect_uri\",\n \"description\":\"Value of one or more redirect_uris is invalid.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_claims_redirect_uri\",\n \"description\":\"Value of one or more claims_redirect_uris is invalid.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_client_metadata\",\n \"description\":\"The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_token\",\n \"description\":\"The access token provided is expired, revoked, malformed, or invalid for other reasons.\",\n \"uri\":null\n },\n {\n \"id\":\"access_denied\",\n \"description\":\"The authorization server denied the request.\",\n \"uri\":null\n }\n ],\n \"token\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\": \"disabled_client\",\n \"description\": \"The client is disabled and can't request an access token using this method.\",\n \"uri\": null\n },\n {\n \"id\":\"invalid_client\",\n \"description\":\"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_grant\",\n \"description\":\"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.\",\n \"uri\":null\n },\n {\n \"id\":\"unauthorized_client\",\n \"description\":\"The authenticated client is not authorized to use this authorization grant type.\",\n \"uri\":null\n },\n {\n \"id\":\"unsupported_grant_type\",\n \"description\":\"The authorization grant type is not supported by the authorization server.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_scope\",\n \"description\":\"The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.\",\n \"uri\":null\n }\n ],\n \"uma\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.\",\n \"uri\": null\n },\n {\n \"id\": \"disabled_client\",\n \"description\": \"The client is disabled and can't request an access token using this method.\",\n \"uri\":null\n },\n {\n \"id\":\"client_not_in_trust_relationship\",\n \"description\":\"The client is not in any trust relationship however federation is enabled for server.\",\n \"uri\":null\n },\n {\n \"id\":\"unauthorized_client\",\n \"description\":\"The client is not authorized to request an access token using this method.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_session\",\n \"description\":\"The provided session is invalid.\",\n \"uri\":null\n },\n {\n \"id\":\"access_denied\",\n \"description\":\"The resource owner or AM server denied the request.\",\n \"uri\":null\n },\n {\n \"id\":\"unsupported_response_type\",\n \"description\":\"The AM server does not support an access using this method.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_client_scope\",\n \"description\":\"The requested scope is invalid, unknown, or malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"server_error\",\n \"description\":\"The AM server encountered an unexpected condition which prevented it from fulfilling the request.\",\n \"uri\":null\n },\n {\n \"id\":\"temporarily_unavailable\",\n \"description\":\"The AM server is currently unable to handle the request due to a temporary overloading or maintenance of the server.\",\n \"uri\":null\n },\n {\n \"id\":\"precondition_failed\",\n \"description\":\"The resource set that was requested to be deleted or updated at the AM did not match the If-Match value present in the request.\",\n \"uri\":null\n },\n {\n \"id\":\"not_found\",\n \"description\":\"The resource set requested from the AM cannot be found.\",\n \"uri\":null\n },\n {\n \"id\":\"unsupported_method_type\",\n \"description\":\"The host request used an unsupported HTTP method.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_token\",\n \"description\":\"The access token expired.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_resource_id\",\n \"description\":\"The provided resource id was not found at the AS.\",\n \"uri\":null\n },\n {\n \"id\":\"forbidden_by_policy\",\n \"description\":\"Forbidden by policy (policy returned false).\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_permission_request\",\n \"description\":\"The provided permission request is not valid.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_claims_gathering_script_name\",\n \"description\":\"The claims-gathering script name is not provided or otherwise failed to load script with this name(s).\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_ticket\",\n \"description\":\"The provided ticket was not found at the AS.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_client_id\",\n \"description\":\"The provided client_id is not valid.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_claims_redirect_uri\",\n \"description\":\"The provided claims_redirect_uri is not valid.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_claim_token_format\",\n \"description\":\"The claim token format is blank or otherwise not supported (supported format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken).\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_claim_token\",\n \"description\":\"The claim token is not valid or unsupported. (If format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken then claim token has to be ID Token).\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_pct\",\n \"description\":\"PCT is invalid (revoked, expired or does not exist anymore on AS)\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_rpt\",\n \"description\":\"RPT is invalid (revoked, expired or does not exist anymore on AS)\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_grant_type\",\n \"description\":\"The provided grant_type valid does not equal to urn:ietf:params:oauth:grant-type:uma-ticket value which is required by UMA 2.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_scope\",\n \"description\":\"The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_requester_ticket\",\n \"description\":\"The provided ticket was not found at the AM.\",\n \"uri\":null\n },\n {\n \"id\":\"expired_requester_ticket\",\n \"description\":\"The provided ticket has expired.\",\n \"uri\":null\n },\n {\n \"id\":\"not_authorized_permission\",\n \"description\":\"The requester is definitively not authorized for this permission according to user policy.\",\n \"uri\":null\n },\n {\n \"id\":\"need_claims\",\n \"description\":\"The AM is unable to determine whether the requester is authorized for this permission without gathering claims from the requesting party.\",\n \"uri\":null\n }\n ],\n \"userInfo\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_token\",\n \"description\":\"The access token provided is expired, revoked, malformed, or invalid for other reasons. Try to request a new access token and retry the protected resource.\",\n \"uri\":null\n },\n {\n \"id\":\"insufficient_scope\",\n \"description\":\"The request requires higher privileges than provided by the access token.\",\n \"uri\":null\n }\n ],\n \"validateToken\":[\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_grant\",\n \"description\":\"The provided access token is invalid, or was issued to another client.\",\n \"uri\":null\n }\n ],\n \"fido\":[\n {\n \"id\":\"server_error\",\n \"description\":\"The authorization server encountered an unexpected condition which prevented it from fulfilling the request.\",\n \"uri\":null\n },\n {\n \"id\":\"invalid_request\",\n \"description\":\"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, has invalid signature, or is otherwise malformed.\",\n \"uri\":null\n },\n {\n \"id\":\"no_eligable_devices\",\n \"description\":\"There are no devices registered.\",\n \"uri\":null\n },\n {\n \"id\":\"device_compromised\",\n \"description\":\"All devices were compromised.\",\n \"uri\":null\n },\n {\n \"id\":\"session_expired\",\n \"description\":\"The authentication or registration session was expired.\",\n \"uri\":null\n },\n {\n \"id\":\"registration_not_allowed\",\n \"description\":\"The user has registered device already.\",\n \"uri\":null\n }\n ]\n}\n", "ou": "oxauth"});
306[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
307
308
309
310UPSERT INTO `gluu` (KEY, VALUE) VALUES ("appliances_@!7194.95E2.1D42.FF59!0002!E0DF.3C2F_configuration_oxtrust", {"oxRevision": "1", "dn": "ou=oxtrust,ou=configuration,inum=@!7194.95E2.1D42.FF59!0002!E0DF.3C2F,ou=appliances,o=gluu", "objectClass": ["top", "oxTrustConfiguration"], "oxTrustConfCacheRefresh": "{\n \"sourceConfigs\":[\n ],\n \"inumConfig\":{\n \"configId\":\"local_inum\",\n \"bindDN\":\"cn=directory manager\",\n \"bindPassword\":\"X5UvQyfWQIM=\",\n \"servers\":[\n \"localhost:1636\"\n ],\n \"maxConnections\":10,\n \"useSSL\":true,\n \"baseDNs\":[\n \"o=site\"\n ],\n \"primaryKey\":null,\n \"localPrimaryKey\":null,\n \"useAnonymousBind\":false,\n \"enabled\":true,\n \"version\":0\n },\n \"targetConfig\":{\n },\n \"ldapSearchSizeLimit\":1000,\n \"keyAttributes\":[\n ],\n \"keyObjectClasses\":[\n ],\n \"sourceAttributes\":[\n ],\n \"customLdapFilter\":null,\n \"updateMethod\":\"copy\",\n \"keepExternalPerson\":true,\n \"useSearchLimit\":false,\n \"attributeMapping\":[\n ],\n \"snapshotFolder\":\"/var/ox/identity/cr-snapshots\",\n \"snapshotMaxCount\":10\n}\n", "oxTrustConfImportPerson": "{\n\t\"mappings\": [{\n\t\t\"ldapName\": \"uid\",\n\t\t\"displayName\": \"Username\",\n\t\t\"dataType\": \"string\",\n\t\t\"required\": true\n\t}, {\n\t\t\"ldapName\": \"givenName\",\n\t\t\"displayName\": \"First Name\",\n\t\t\"dataType\": \"string\",\n\t\t\"required\": true\n\t}, {\n\t\t\"ldapName\": \"sn\",\n\t\t\"displayName\": \"Last Name\",\n\t\t\"dataType\": \"string\",\n\t\t\"required\": true\n\t}, {\n\t\t\"ldapName\": \"mail\",\n\t\t\"displayName\": \"Email\",\n\t\t\"dataType\": \"string\",\n\t\t\"required\": true\n\t}, {\n\t\t\"ldapName\": \"userPassword\",\n\t\t\"displayName\": \"Password\",\n\t\t\"dataType\": \"string\",\n\t\t\"required\": false\n\t}, {\n\t\t\"ldapName\": \"gluuStatus\",\n\t\t\"displayName\": \"User Status\",\n\t\t\"dataType\": \"string\",\n\t\t\"required\": false\n\t}]\n}", "oxTrustConfApplication": "{\n \"orgInum\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50\",\n \"orgIname\":\"\",\n \"orgSupportEmail\":\"TT@gluu.org\",\n\n \"applianceInum\":\"@!7194.95E2.1D42.FF59!0002!E0DF.3C2F\",\n\n \"baseDN\":\"o=gluu\",\n\n \"baseEndpoint\":\"https://u144.gluu.info/identity/restv1\",\n\n \"idpUrl\":\"https://u144.gluu.info\",\n \"applianceUrl\":\"https://u144.gluu.info\",\n\n \"keystorePath\":\"/etc/certs/shibIDP.jks\",\n \"keystorePassword\":\"fRt5zEpYVJo5\",\n\n \"personObjectClassTypes\":[\n \"gluuCustomPerson\",\n \"gluuPerson\",\n \"eduPerson\"\n ],\n \"personObjectClassDisplayNames\":[\n \"gluuCustomPerson\",\n \"gluuPerson\",\n \"eduPerson\"\n ],\n\n \"svnConfigurationStoreRoot\":\"unused\",\n \"svnConfigurationStorePassword\":\"unused\",\n \"persistSVN\":false,\n\n \"allowPersonModification\":true,\n \"updateApplianceStatus\":true,\n\n \"clientAssociationAttribute\":\"inum\",\n\n \"personCustomObjectClass\":\"gluuCustomPerson\",\n\n \"contactObjectClassTypes\":[\n\n ],\n \"contactObjectClassDisplayNames\":[\n\n ],\n\n \"photoRepositoryRootDir\":\"/var/ox/photos\",\n \"photoRepositoryThumbWidth\":300,\n \"photoRepositoryThumbHeight\":300,\n \"photoRepositoryCountLeveles\":3,\n \"photoRepositoryCountFoldersPerLevel\":20,\n\n \"shibboleth3FederationRootDir\":\"/opt/shibboleth-federation\",\n\n \"velocityLog\":\"/opt/gluu/jetty/identity/logs/velocity.log\",\n\n \"spMetadataPath\":\"\",\n\n \"logoLocation\":\"/var/ox/photos\",\n\n \"gluuSpAttributes\":[\n\n ],\n\n \"configGeneration\":false,\n \"ignoreValidation\":false,\n\n \"idpSecurityCert\":\"/etc/certs/shibIDP.crt\",\n \"idpSecurityKey\":\"/etc/certs/shibIDP.key\",\n \"idpSecurityKeyPassword\":\"wNcTYvBYSnWVNo0eVQ54ng==\",\n \"gluuSpCert\":\"/etc/certs/shibIDP.crt\",\n\n \"idpBindDn\":\"cn=Directory Manager\",\n \"idpBindPassword\":\"X5UvQyfWQIM=\",\n \"idpLdapProtocol\":\"ldaps\",\n \"idpLdapServer\":\"localhost:1636\",\n \"idpUserFields\":\"\",\n\n \"ldifStore\":\"/var/ox/identity/removed\",\n\n \"caCertsLocation\":\"/usr/java/latest/jre/lib/security/cacerts\",\n \"caCertsPassphrase\":\"\",\n\n \"certDir\":\"/etc/certs/\",\n \"tempCertDir\":\"/etc/certs/temp\",\n\n \"clusteredInums\":[\n\n ],\n\n \"servicesRestartTrigger\":\"/opt/gluu/essential_files/trigger_restart_of_services_delete_me_to_do_so\",\n\n \"oxAuthIssuer\":\"https://u144.gluu.info\",\n \"oxAuthSectorIdentifierUrl\":\"https://u144.gluu.info/oxauth/sectoridentifier\",\n\n \"oxAuthClientId\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!E548.9BCA\",\n \"oxAuthClientPassword\":\"i8Lfnm256Rp0i1FRCvasLg==\",\n \"oxAuthClientScope\":\"openid+profile+email+user_name\",\n\n \"loginRedirectUrl\":\"https://u144.gluu.info/identity/authentication/getauthcode\",\n \"logoutRedirectUrl\":\"https://u144.gluu.info/identity/authentication/finishlogout\",\n\n \"umaIssuer\":\"https://u144.gluu.info\",\n\n \"scimUmaClientId\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!0438.06D9\",\n \"scimUmaClientKeyId\":\"\",\n \"scimUmaResourceId\":\"0f13ae5a-135e-4b01-a290-7bbe62e7d40f\",\n \"scimUmaScope\":\"https://u144.gluu.info/oxauth/restv1/uma/scopes/scim_access\",\n \"scimUmaClientKeyStoreFile\":\"/etc/certs/scim-rs.jks\",\n \"scimUmaClientKeyStorePassword\":\"0AobVr9T+9zpcVkBJ5r22Q==\",\n\n \"passportUmaClientId\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!CE00.DD41\",\n \"passportUmaClientKeyId\":\"\",\n \"passportUmaResourceId\":\"0f963ecc-93f0-49c1-beae-ad2006abbb99\",\n \"passportUmaScope\":\"https://u144.gluu.info/oxauth/restv1/uma/scopes/passport_access\",\n \"passportUmaClientKeyStoreFile\":\"/etc/certs/passport-rs.jks\",\n \"passportUmaClientKeyStorePassword\":\"H1Ic/eLIQGQkihRxPgbf8Q==\",\n\n \"cssLocation\":\"\",\n \"jsLocation\":\"\",\n\n \"rptConnectionPoolUseConnectionPooling\":true,\n \"rptConnectionPoolMaxTotal\":200,\n \"rptConnectionPoolDefaultMaxPerRoute\":20,\n \"rptConnectionPoolValidateAfterInactivity\":10,\n \"rptConnectionPoolCustomKeepAliveTimeout\":5,\n\n \"shibbolethVersion\":\"v3\",\n \"shibboleth3IdpRootDir\":\"/opt/shibboleth-idp\",\n \"shibboleth3SpConfDir\":\"/opt/shibboleth-idp/sp\",\n \"organizationName\":\"TT\",\n \"idp3SigningCert\":\"/etc/certs/idp-signing.crt\",\n \"idp3EncryptionCert\":\"/etc/certs/idp-encryption.crt\",\n\n \"clientWhiteList\": [\"*\"],\n \"clientBlackList\": [\"*.attacker.com/*\"],\n\n \"scimTestMode\":false,\n \"ScimProperties\": {\n \"maxCount\": 1000\n }\n}\n", "ou": "oxtrust"});
311[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
312
313
314
315UPSERT INTO `gluu` (KEY, VALUE) VALUES ("appliances_@!7194.95E2.1D42.FF59!0002!E0DF.3C2F_configuration_oxidp", {"objectClass": ["top", "oxApplicationConfiguration"], "oxRevision": "1", "ou": "oxidp", "dn": "ou=oxidp,ou=configuration,inum=@!7194.95E2.1D42.FF59!0002!E0DF.3C2F,ou=appliances,o=gluu", "oxConfApplication": "{\r\n \"applicationName\":\"Saml\",\r\n\r\n \"openIdProviderUrl\":\"https://u144.gluu.info/.well-known/openid-configuration\",\r\n \"openIdClientId\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!E548.9BCA\",\r\n \"openIdClientPassword\":\"i8Lfnm256Rp0i1FRCvasLg==\",\r\n \"openIdScopes\":[\r\n \"openid\",\r\n \"email\",\r\n \"user_name\"\r\n ],\r\n \"openIdRedirectUrl\": \"https://u144.gluu.info/idp/auth-code.jsp\",\r\n \"openIdPostLogoutRedirectUri\": \"https://u144.gluu.info/identity/authentication/finishlogout\"\r\n}\r\n"});
316[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
317
318
319
320UPSERT INTO `gluu` (KEY, VALUE) VALUES ("appliances_@!7194.95E2.1D42.FF59!0002!E0DF.3C2F_configuration_oxasimba", {"objectClass": ["top", "oxAsimbaConfiguration"], "oxRevision": "1", "ou": "oxasimba", "dn": "ou=oxasimba,ou=configuration,inum=@!7194.95E2.1D42.FF59!0002!E0DF.3C2F,ou=appliances,o=gluu", "oxConfApplication": "{\n \"orgInum\":\"@!7194.95E2.1D42.FF59!0001!6975.2B50\",\n \"oxasimba\":\"ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"idps\":\"ou=idps,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"selectors\":\"ou=selectors,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"requestors\":\"ou=requestors,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\",\n \"requestorpools\":\"ou=requestorpools,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu\"\n}\n"});
321[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
322
323
324
325
32618:41:57 06/29/18 Importing ldif file ./output/scim.ldif to Couchebase
32718:41:57 06/29/18 Running Couchbase query from file /tmp/n1ql/scim.n1ql
32818:41:57 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/scim.n1ql
32918:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
330 [0m
331
332
333 Path to history file for the shell : /root/.cbq_history
334UPSERT INTO `gluu` (KEY, VALUE) VALUES ("clients_@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!0438.06D9", {"oxAuthRequireAuthTime": "false", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!0438.06D9,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "SCIM Resource Server Client", "oxAuthScope": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!6D99,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "objectClass": ["oxAuthClient", "top"], "oxPersistClientAuthorizations": "false", "oxAuthJwks": "{\"keys\": [ { \"kid\": \"fbddd6d5-93b2-4ba0-bf94-c0868cb918c9\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS256\", \"exp\": 1561833425355, \"n\": \"wYdH11h-gyaFoYV0JNV8sokmppucjGUvVin9a_SjduW8gjw9_4VCFM6yToit6sas_tyKqvDoQrCll59jAxliQiq2DXULHHsUdlrN-3A7kTw2ON6yOmTt5inCBsDA7d_DP_ErysFwQMuF4pVaGJ5Mj44_arKg7Ab7X6kkAJa-R8umcMKb7w8WSTW3GeJA8QNfHBIwg1WyVnTGkYs6xdgIVULC2AXaFlskdwNpVqx5x9vpzzt4T6-v17oE8xD2pq7kpmiDlLfswVwV6SZqz2NKcTeMQordBAC3YwYQ_1fW4F9O2OGFDxTfIhCj3uIDW8BcjieWHu6POW0ep2zM3SWlkw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgH05jS10h9NIjtE7Rr8Gq5YNCkhZFy8bAayeizMDcM00wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTVaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBh0fXWH6DJoWhhXQk1XyyiSamm5yMZS9WKf1r9KN25byCPD3/hUIUzrJOiK3qxqz+3Iqq8OhCsKWXn2MDGWJCKrYNdQscexR2Ws37cDuRPDY43rI6ZO3mKcIGwMDt38M/8SvKwXBAy4XilVoYnkyPjj9qsqDsBvtfqSQAlr5Hy6ZwwpvvDxZJNbcZ4kDxA18cEjCDVbJWdMaRizrF2AhVQsLYBdoWWyR3A2lWrHnH2+nPO3hPr6/XugTzEPamruSmaIOUt+zBXBXpJmrPY0pxN4xCit0EALdjBhD/V9bgX07Y4YUPFN8iEKPe4gNbwFyOJ5Ye7o85bR6nbMzdJaWTAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEABKmXsVzRBD/ryC+s/KIRAf4LKkifo2jIHKCGYKoggF9FKXVSBBqUWspGcJiBm8aRAsNpUcFfwJBwr9gT25VbNn+M1rGpccIqJDxlGxRrOoEY15Z3iVUOhs6fd6vkHWsdbB7pZO/1Mbc21Vpuirt3OYu0PBWL361K0ImpDPSoyYfCstpe44zYg2/BctJmacc0kTejQHpIYnn5veYULzCGMA6nqsa28DRtMmI91r3wrRAIXEjv98Cz47nETukWX6QyE7RqJhyiKCDzI9qzb+RGr2wzRYCDLkagasVZ/OtS/8dvoPkBMNyVU4ni+/rgurxqaJyZLhPbC2F/WkSYs2bApg==\"] }, { \"kid\": \"d64924c6-3ff0-4553-97ac-1e83508e0541\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS384\", \"exp\": 1561833425355, \"n\": \"tbdFatAkIUM9nftUnRdCvEcX1k-rtKcK_oWgonbtS-3W6vpxa6d6eE27OkJSnGqrIKHUUjhNr2sa4NKi1JJtyE8u39K9HqGbvsRCvMiQLLr26B5IGcatZTqS7IFrO1KOOTDSxQMy0qV79LXmFVxse18JIMhStdiX8nyjuSfqhVxNxC-lS9UFNbgQ0biXkejoqEwIklkcqqW0G4xmNnD-rieZKJGtUk4aDCYxuL2HEhDkzfnkNT53mUQoWF4vOc2at65O2dZMwDVN5OQfTg8ugqX0xtao5xv53Mss8GFGhGUiW30hur3gGEY4XO-SENJU-iKI2mZ_A0Jie3_cYgtK4Q\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAIksltZjIi0xF95WE3AUnJV7T2F3IwSkLHzSyjstb5onMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNjU2WhcNMTkwNjI5MTgzNzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbdFatAkIUM9nftUnRdCvEcX1k+rtKcK/oWgonbtS+3W6vpxa6d6eE27OkJSnGqrIKHUUjhNr2sa4NKi1JJtyE8u39K9HqGbvsRCvMiQLLr26B5IGcatZTqS7IFrO1KOOTDSxQMy0qV79LXmFVxse18JIMhStdiX8nyjuSfqhVxNxC+lS9UFNbgQ0biXkejoqEwIklkcqqW0G4xmNnD+rieZKJGtUk4aDCYxuL2HEhDkzfnkNT53mUQoWF4vOc2at65O2dZMwDVN5OQfTg8ugqX0xtao5xv53Mss8GFGhGUiW30hur3gGEY4XO+SENJU+iKI2mZ/A0Jie3/cYgtK4QIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAKat9UokumCDayNZXmLcrXzdmd3bazUpDiQ7UKgAy/M8arYURYU/906sH+iku8CcR5PSs+A0NrpNLEGJCSskSFQl2JtuveAT41td75+WsV3okDixDx0ihamuGEyUXzZ3IIO3E8BGUvtUFTD77PQf9OmMd8Q0rxZ2Y9q4ofoBhdhNuvQCCyPKfkY2fN2CZKsD3oz/wdtpArMDPSc0xJKPLsJZf0n5elEVQdX0Ghm15UY/mi1e0GhZ/xksm9L2Tq0NJzQx20D5LhaijGsidTkys9zm+nPB10zDNYqre3lOjHGk7zfTYbjiB3hhQUP+49qXhB8Huoh6DYuS31uVXCd+lBc=\"] }, { \"kid\": \"3f67f77c-0348-4cdf-ae3c-64a21159cad5\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS512\", \"exp\": 1561833425355, \"n\": \"0qXCHPaG9vCkMLIxdwQ08VGmnX9sZPH5XDWrvS3a9XGbgmaLOyxLl8O4od2SCKqoqB1xRLlBIHAhCZiZYX9czwXqo3876BDHa8BCkEJNl78pbm_ugKsyEOm0SfY7BaImrIGqADUiHDBxgCAbWl5kUUZivfpvrCGYHStw9XKx7k-b9Tn_ewkqfM60WSBgKJkfwf1uVTKpxh4wnbS4xS0yQiZlE-RBAkTNIMjbYLFIA8M_kD1GzD6z9mRQ5kx3ZZtwzvdd7j07kDf5irF8d0Dtsf21PMq8x6Xqp33ECwZnBE4keliUqNOwyPo-BI7fxFLo04fPd8-gXFxokaSGpqlAlw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgVFBIZ7Hww9nXsKUmHqaL9B0Uj2/mJOAT4Lr23Le09EwwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTZaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSpcIc9ob28KQwsjF3BDTxUaadf2xk8flcNau9Ldr1cZuCZos7LEuXw7ih3ZIIqqioHXFEuUEgcCEJmJlhf1zPBeqjfzvoEMdrwEKQQk2Xvylub+6AqzIQ6bRJ9jsFoiasgaoANSIcMHGAIBtaXmRRRmK9+m+sIZgdK3D1crHuT5v1Of97CSp8zrRZIGAomR/B/W5VMqnGHjCdtLjFLTJCJmUT5EECRM0gyNtgsUgDwz+QPUbMPrP2ZFDmTHdlm3DO913uPTuQN/mKsXx3QO2x/bU8yrzHpeqnfcQLBmcETiR6WJSo07DI+j4Ejt/EUujTh893z6BcXGiRpIamqUCXAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAWt8hT10vIjVX5yhIUXtOm9MPrgDeaORz8iKEdlsrAIsN3GQEFQnskVUncHUqS/gtRNWiqRTE64sVMqFRIGhlk0S5lGcbxlIcM4msXoBaerFCjv/hjNlLzbiLFJ8DS5Iz6RWkKd5Nd34Gq6bvSrBjOI8ZfQGjARGT354qZ7kwE046KKX0irUnfCktg9SDRmxZAU44xP8z1GQRzf17SxwPkQeVhyxm/TYbIsKdzb9ObYhtOhOpJG8+Ymw8CN6aB3VbbVYzzaxnfg8fSumLjDaQRg6fuop8LGFsdaZLmDsOVDKydKrBRdPL/teXfr+ZRobt6T1TTXn5rSM9ZctqiesDAg==\"] }, { \"kid\": \"527cc071-18ee-4880-b5b4-cfa99c3045aa\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES256\", \"exp\": 1561833425355, \"crv\": \"P-256\", \"x\": \"9tQ-NPek4NgZeo3S8gDEMtWCQZjKcblaJUivz5x-Q2g\", \"y\": \"BBVZ7zg-hYR2s4Cjqo2YP0qLu5YRJ27Q4su95T_HN64\", \"x5c\": [\"MIIBdzCCAR2gAwIBAgIgAblk8jP+j7yN5L5RRot3PN7Rok073JL8ptT4ZhW0xnowCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTdaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT21D4096Tg2Bl6jdLyAMQy1YJBmMpxuVolSK/PnH5DaAQVWe84PoWEdrOAo6qNmD9Ki7uWESdu0OLLveU/xzeuoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSAAwRQIhAKRopHWjlum0CHDvKLY4ku/ytQrGvnVzFQWhhUyc3+1dAiBeNJg/Xoa2DkA4MS/9QtTXwp3dzEmecThbmzvpFOPvPA==\"] }, { \"kid\": \"f8a50503-f934-4d19-aff8-c944fbdc363e\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES384\", \"exp\": 1561833425355, \"crv\": \"P-384\", \"x\": \"LwucgmSczZodkEyalCEkaMDE31mWQuUzlrPHDOAD-pxW4FRhuH6qdVKvMp3WFweI\", \"y\": \"GixMPl0jWMQtNZ2MePUqEdyWvSVOAPIsNZvag3JrlAxdwGqJRPcRs7IVQSU39J6t\", \"x5c\": [\"MIIBtDCCATqgAwIBAgIgIMjzLitb57qbvSQtsgYbluvchr3vEGEmrHPnh0E7xv0wCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTdaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQvC5yCZJzNmh2QTJqUISRowMTfWZZC5TOWs8cM4AP6nFbgVGG4fqp1Uq8yndYXB4gaLEw+XSNYxC01nYx49SoR3Ja9JU4A8iw1m9qDcmuUDF3AaolE9xGzshVBJTf0nq2jJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjBJXCDFI5qAHZbnR4apB9yiCpn3U3qqDJTIL6dxjA2JE3F2YHIP32gXv0y8Kbh3Ud8CMQCg5l3PHe9Miso0aRa107tQ+8PWbw3QeZHACbj2hvS5+7ZqX4CnCCPDHpIzS1x9/uA=\"] }, { \"kid\": \"617a84bf-f917-47ff-9a0e-74a6bf9b8b84\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES512\", \"exp\": 1561833425355, \"crv\": \"P-521\", \"x\": \"ASHXY0kV6FVVMfUYu8GTqtSdHA6N9xYfih2h0BRRqq3ig5N6i5cQea2iQVP6X28zRt90aJj9fx90j-o5nmoy0YAX\", \"y\": \"AYGqOleRFBLbZ5JzcIwrpCjXY-JiTlgacF_xtqaAAt5oCo9iX_LrC_9N91BjVwr23bun2fO1KtU-JeWqwi1li0_d\", \"x5c\": [\"MIIB/zCCAWCgAwIBAgIgSPb9M7HaUQQpiUlxWm/Cmrn6NKdlHfLAH06VnyzSa2EwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTdaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAEh12NJFehVVTH1GLvBk6rUnRwOjfcWH4ododAUUaqt4oOTeouXEHmtokFT+l9vM0bfdGiY/X8fdI/qOZ5qMtGAFwGBqjpXkRQS22eSc3CMK6Qo12PiYk5YGnBf8bamgALeaAqPYl/y6wv/TfdQY1cK9t27p9nztSrVPiXlqsItZYtP3aMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GMADCBiAJCAP2Jn9RDWE4TH4bybpVSE+VLqiHZaN2harbDsXQeViYaac1H54lrFLfeSNlaqmadtiq5x2GOEw9seDTUDL3+6dxLAkIBscFE7wt1xhMTTVyPlZ4vPxGUdhy8Dz3i4Gfs0/eg51F9m59ndNX3T2N1iUaa8UuqZiKEIuP5Y7g2cHEQP6DYmNQ=\"] }, { \"kid\": \"39e28a6f-eb67-469f-bc98-aa980b675005\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS256\", \"exp\": 1561833425355, \"n\": \"1uWBCdEyeBsaY9tQx6mBiVVqknnfWBKySS9QA0Whl7tJq3PnTaFCEQV6tx5tJAZeBNE53c3W52Yrx95yLcmDiSgjzcdlr9WQF1pYUGDBfgFR0yzUmBGbDIabHyi0O1eh2J4jJWawc_eQWuVOKyPlnuPQvTLMzSAkVEXgD5KZTK1nhNHDKS-PNUe11XonpHUk00vLdLBd0QKocB9CqleNx8iZtLRVxT1i9vNwHadt_nBajP4bfe0xtepRVU109ZP4lLCgWjIlO3yvo0lmmU7-qfewM4RM3X8W8dKmf6wEHtjZuJ7gVPKOtRWr7mSQimTeTUB3YsNjeJnfe4JtZ9k-Fw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgYVuz3bMjoRLlX80n40mS82P4iS3mwiEopTO4ZJrlQ6gwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTdaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW5YEJ0TJ4Gxpj21DHqYGJVWqSed9YErJJL1ADRaGXu0mrc+dNoUIRBXq3Hm0kBl4E0TndzdbnZivH3nItyYOJKCPNx2Wv1ZAXWlhQYMF+AVHTLNSYEZsMhpsfKLQ7V6HYniMlZrBz95Ba5U4rI+We49C9MszNICRUReAPkplMrWeE0cMpL481R7XVeiekdSTTS8t0sF3RAqhwH0KqV43HyJm0tFXFPWL283Adp23+cFqM/ht97TG16lFVTXT1k/iUsKBaMiU7fK+jSWaZTv6p97AzhEzdfxbx0qZ/rAQe2Nm4nuBU8o61FavuZJCKZN5NQHdiw2N4md97gm1n2T4XAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAQhhkW0GKSY4iI/hw65IXMkUJQNIwSwxtIllvx7XuFwXdusD0m/jQiMhUgB1041bh6kgHhxedX+we5vdn3/QcvPqHEswRzp6cU4XZt8n9HB+Vjk5XPnU+7LPz5vq/aYTqo1N7PFKbiWvhhVCZc29xcgQzePxWiEdE7Dqz51vzn4NyLpXfpfOXm13CMrcTVa4Ne/HD5NKCe2KQ9B6vN9z9O2Mem/NmBZYOU5MWm+kYRjdrtVW9Ujw5EfIwNQaPBCYWDgQjqPBvlPuAyZcZoBwkYVS/j5FQwEp1naZDEo2mAnJQesLaB1idu73k0AASTNFmZUMQHMLUoUl4299BujeGkA==\"] }, { \"kid\": \"00c87805-6303-4ed5-990c-26314dd7eee3\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS384\", \"exp\": 1561833425355, \"n\": \"x1rgXjUkwSgQjxO5aQSUerYq7rnNBcLauWmnsGb9Eqa4tCxSg95qK7CtFx-AaiuGyI5wMoZpOA2RAGTSErksVHuweBc4Z1DsxUehiptUG86mCz8ZPkO7_nlhA2KnM5RtNcHc6r4aEXXHPmEHDnwchgrp4shFgBX20UP8SxSxys3Vh3Wg1Htx0cWYhRbEqqMKfFBp_YGCDhxLxQ8rSyjKUOG5B1MdgELL8WqdTNIZZAkaP9WLyApzIzrWr1TZOS6fPCEG9_ENMR6LLlgAocKxVxCCnovXMc5ZgEhxALwU9zZs4ROsV3U2x-59SSUjzxzvCzpo6giGPjBEzHet5LP-LQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgZWwj+maVS6LyJj9K2f39DrBK37Pj2bC+De3NOWj2gqYwDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NTdaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHWuBeNSTBKBCPE7lpBJR6tiruuc0Fwtq5aaewZv0Spri0LFKD3morsK0XH4BqK4bIjnAyhmk4DZEAZNISuSxUe7B4FzhnUOzFR6GKm1QbzqYLPxk+Q7v+eWEDYqczlG01wdzqvhoRdcc+YQcOfByGCuniyEWAFfbRQ/xLFLHKzdWHdaDUe3HRxZiFFsSqowp8UGn9gYIOHEvFDytLKMpQ4bkHUx2AQsvxap1M0hlkCRo/1YvICnMjOtavVNk5Lp88IQb38Q0xHosuWAChwrFXEIKei9cxzlmASHEAvBT3NmzhE6xXdTbH7n1JJSPPHO8LOmjqCIY+METMd63ks/4tAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAwYCShFsbhLJ9tfqocJH5Te5qt0Sf3qxSFIFcYdH/sZaa2KdxFISQ21rik4teXPVfp2plGpLeur6Az94S9Nj9cc2yb2aWEUYZmv5Yk7OscMG9wakV4K8kdyP4KZF7vU+jj4heGRFIXXCDVZ7//2EZMG/LwJOnOe5TKFOnL4pvDYgfyG75YNba/jw8NfUtNqsrZcMNYBxG0Vh4jzaGRIgMng3ZX7YjlkZDFgseJq7NBFXhG7D2Vse3cwz6Vgj18W5DtMYAoFJasm2ewASUBIdJPv1crug1OSHEg7mDSSyOeWWeqRsixxdplwVT7g64Ue7vwW7xhGEbxZ/B2rioU7r8yg==\"] }, { \"kid\": \"49b7c2d7-1137-494b-9702-01f80f70dc6f\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS512\", \"exp\": 1561833425355, \"n\": \"seVVHX0pmAQMzikpauAkk1pYE3WdPvrBti8AuwewbKDAcXS-QXX9mWVVUYDjpU1t-YNQzaFvGpO3YwFD3AzuH1YE4bharxHFvBdZxQph91Z1Mli4oP93VuR5e8e_fWmSyXg6QcM14NTWiCZnhSHWgIs2KvggVll6JCztRh4rSuAThzQ3mk5zLjQm73Iv9gXfbVH_Iya4JgkwRda9_ZUEkGff5cr3zXjfbJVKjcqkzKAtgx0d6LmiSCLnmVAW1Bp0JlcH1cUQIad2EX_kIYGV3oS23uuoG3S5puDqhTpUToe90i0HAU5HJV2PH7S3MaQ8WcIEWsaC_tZ5q0k5hgJaJw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhALnD3xnUQfknD189OMyS14nBnhy4AfxH3PLy99JJ1nFOMA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNjU4WhcNMTkwNjI5MTgzNzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseVVHX0pmAQMzikpauAkk1pYE3WdPvrBti8AuwewbKDAcXS+QXX9mWVVUYDjpU1t+YNQzaFvGpO3YwFD3AzuH1YE4bharxHFvBdZxQph91Z1Mli4oP93VuR5e8e/fWmSyXg6QcM14NTWiCZnhSHWgIs2KvggVll6JCztRh4rSuAThzQ3mk5zLjQm73Iv9gXfbVH/Iya4JgkwRda9/ZUEkGff5cr3zXjfbJVKjcqkzKAtgx0d6LmiSCLnmVAW1Bp0JlcH1cUQIad2EX/kIYGV3oS23uuoG3S5puDqhTpUToe90i0HAU5HJV2PH7S3MaQ8WcIEWsaC/tZ5q0k5hgJaJwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAEiTKEeYKKVcuz8p8PBVXZGh9I9I/jtKTNlaZaep9D/mpJwnnhTYpAvR+7YOMdKCPYzN/B7h5qIzLmS8dLvg+GJQKzF1WfRB5h/4VA+tao6sDxtA4nxrVhZsROgyWTCq7c3SP8BIyL9wwZ1YnfnuhGZ4t16odcLjIEezk76cN2mGPndUwJny5fjrSobmFeh5aR9Fb+rmAidrPKztbBx4xwCzY/4ffWnveqYJM/5V2nxTrncAZ+sBW3KOKSQO9hJEIFUR79JBIAOZhJv8F8iokOwrH0oKVZvc2bdkIhAUylu18Cepw2WCa22c9DCsvXKykSxEntnhNI7xuonl6oR1ysI=\"] }, { \"kid\": \"1062fda3-3ebc-4eb1-a781-858865bacfa6\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES256\", \"exp\": 1561833425355, \"crv\": \"P-256\", \"x\": \"lTjU4xdSiijbBTh9ibtJQwI8QAn72YEGhhxKWDpD9dw\", \"y\": \"joSiUtMuUea-A_Rt4ShefAfXRB9dv6Ax8xf8YrGJgTI\", \"x5c\": [\"MIIBeDCCAR2gAwIBAgIgMshvZ70/XEYbj9Uu5XwusBgAqY5ORh8+Dq7RVtDc688wCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NThaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVONTjF1KKKNsFOH2Ju0lDAjxACfvZgQaGHEpYOkP13I6EolLTLlHmvgP0beEoXnwH10QfXb+gMfMX/GKxiYEyoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSQAwRgIhAOmg/A6It85M2x145amwZBaZUfPOIdpIC6avM0+HpNmrAiEA8SDq505lbshd6wlOB6Tb+q6Fo4znIQt9zhBAwCdpRnU=\"] }, { \"kid\": \"012cd1ea-b6d8-4dcb-a197-0bbf781b27d9\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES384\", \"exp\": 1561833425355, \"crv\": \"P-384\", \"x\": \"WuSmP4f5mCQUgdl_97m66z6LrBNSt7CMIUtwXNOCuVxm_i46r1O3OkrkHSsKey-E\", \"y\": \"G34iOmzVVAY5QvklN5bWOhg06BvQHvkpD3HNQSPBooMX_hLckZMhmEMH_-c2HbtB\", \"x5c\": [\"MIIBtDCCATqgAwIBAgIgBr2M/h5FRAwsHmvueIRV0veEubPo4Fw/QgBMC0vXcqEwCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM2NThaFw0xOTA2MjkxODM3MDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARa5KY/h/mYJBSB2X/3ubrrPousE1K3sIwhS3Bc04K5XGb+LjqvU7c6SuQdKwp7L4QbfiI6bNVUBjlC+SU3ltY6GDToG9Ae+SkPcc1BI8Gigxf+EtyRkyGYQwf/5zYdu0GjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjEA2/jSARD9faF70EOYVzjePQiC1OEIKfOJFwAG2QZ8W0MERkNhmuALZicfCLvfc5gQAjAPfHlNgXXYzmtl1rtQB6qbk/wiKaHZfjCDG/9ENfMorRX8gtH7hNNBjE90Oh8khM0=\"] }, { \"kid\": \"41a56d48-6252-4d04-91b4-6eb469cc0d97\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES512\", \"exp\": 1561833425355, \"crv\": \"P-521\", \"x\": \"SD5nYc-JbZ3JDWKr3-xApFvBPrrzkgDueQkB0a7PYKce1EtMVWnM7dS7hg54ouziky9iglL-3hECu9afKbctS4k\", \"y\": \"0d95OMTnxT8_Wf5Mjdh7ZNU_T7zie7lr0uiTujBCU-hQRIHbbRaSkKamKyILGuNPtRM_UiTc3l3_e4i4jFbY7lQ\", \"x5c\": [\"MIIB/jCCAWGgAwIBAgIhAIuXWCW1FSFBt5E17nQCF8UE3MhhX77fH+2re5xV0wslMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNjU4WhcNMTkwNjI5MTgzNzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQASD5nYc+JbZ3JDWKr3+xApFvBPrrzkgDueQkB0a7PYKce1EtMVWnM7dS7hg54ouziky9iglL+3hECu9afKbctS4kA0d95OMTnxT8/Wf5Mjdh7ZNU/T7zie7lr0uiTujBCU+hQRIHbbRaSkKamKyILGuNPtRM/UiTc3l3/e4i4jFbY7lSjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBigAwgYYCQT4bMFb3yelmci92Oye4eMX2qQmLC28zk3xYPmpL9obkNDjqyMkyhMSQACePfbSMs+huRFy3pmsDXnPun52AVWhDAkFNTiqbKjjn2S0zdfErZmMIENJZDtTDYCuIaa2gprlJ5/UxPRNRMeQEk5YpLDc5VQamFHGjwOxaiupK3GSUfSHMoQ==\"] }]}", "oxAuthLogoutSessionRequired": "false", "oxAuthGrantType": "client_credentials", "oxAuthIdTokenSignedResponseAlg": "HS256", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!0438.06D9", "oxAuthAppType": "native", "oxAuthTokenEndpointAuthMethod": "private_key_jwt"});
335[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
336
337
338
339UPSERT INTO `gluu` (KEY, VALUE) VALUES ("clients_@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!BCB0.4376", {"oxAuthRequireAuthTime": "false", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!BCB0.4376,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "SCIM Requesting Party Client", "oxAuthScope": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!6D98,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "objectClass": ["oxAuthClient", "top"], "oxPersistClientAuthorizations": "false", "oxAuthJwks": "{\"keys\": [ { \"kid\": \"73988f7d-6dc5-4aa3-ba55-82faa40a9ca0\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS256\", \"exp\": 1561833430223, \"n\": \"yVa6cKWUBfvQGpt1bP-njpLwAce7kunMR4Sc1wbsHTFBI8n5mFguQyxlm7PEjSSLMjNojSaoA8EqTHlcbv6f9ErfDUzvvobirV1GvSxwgbhsbX9MuSAIV6CDNhRMgOv2jjwSn96yJ-qlPWKvRUYn_ZPueC-mtR6tyAkAFh2dCIIj1ZGWU0TvYo8YYA_zqVVRFhxImJ0WWUM_0GANvg-BHlDPIm82zm3qS-z7NnJ6HVJeQkXsHmcDcsCdhhp67yYPIlWzSn4h_RkahzRiYvCKqvBNNH8TkxnHFlrYgqvBDZGQGYzm6exMpalGpnvWxYMdseqbWtl4hZ2KPPEwMWrCsw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgUrjsxPlEdAe5yoF083sa83RdF85tOtnDw3IJ10AIeJIwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDFaFw0xOTA2MjkxODM3MTBaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJVrpwpZQF+9Aam3Vs/6eOkvABx7uS6cxHhJzXBuwdMUEjyfmYWC5DLGWbs8SNJIsyM2iNJqgDwSpMeVxu/p/0St8NTO++huKtXUa9LHCBuGxtf0y5IAhXoIM2FEyA6/aOPBKf3rIn6qU9Yq9FRif9k+54L6a1Hq3ICQAWHZ0IgiPVkZZTRO9ijxhgD/OpVVEWHEiYnRZZQz/QYA2+D4EeUM8ibzbObepL7Ps2cnodUl5CReweZwNywJ2GGnrvJg8iVbNKfiH9GRqHNGJi8Iqq8E00fxOTGccWWtiCq8ENkZAZjObp7EylqUame9bFgx2x6pta2XiFnYo88TAxasKzAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAJkBwCQX24w1h76HqkL4jOditdTQQK1zKb1kIa6JL4eBdpRnSlHjI/MwUtQQsocEAFcLiO+UhiUFR5COQ5xTScOmlfLleQ/36BVderrNqRo4dx3pqyYUAsPYXbHUbeStbuKXGRETfEOIC8Q5uDGPMRK4+I0cOtGE9nfI0Qmt/kNcrGn3WUmJLyC/gYFfRoPLSObjhm/gWDjSkxdw4nHkm7G9k/cTz7FaqzGYuz8PXhHOuLqNXXUF/KVRFiYLVrrGw8gfQpFkq/Tq9HZtqT+rCtj1fKBNIM3ermPVycqI5bMO2NALiw49BN9C18qZbtbNPqlwqlUo2XfoeaIH6rdASEg==\"] }, { \"kid\": \"b6221210-dc6f-41f7-857c-3aa71c2e873d\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS384\", \"exp\": 1561833430223, \"n\": \"tf6B0SBBjXvYy8nNXg4uDH9G_WaZITxfogZusWjxSyixbXl0HnL1w9QAE9W3e9NV9eWoSoSiFgHztDFXnLRPtkvAHMwQMkqimrk2EFrcEzLLQTxsnDdkmS05QUdzXPm9_RMEvrjvL57preb9REEst0vUck_tyid3APdFbM0V0dMNAotNd6_8G5Y5IsNG5abYxrFMLIOTTDnTy42wh8olJKV7gyOTapC3Y2oTKJuDwlMF7cxJARCdfx1_hOwIXNJs7DXGuUS1iHMgDLKTiYpqKMTB8Ub-MijUbo3Vp9kF1gVCSfVcDE90IJ91KOY4w_Q8V2VrkobeUTHdGoAohKTdhw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhANYnZnbmwDvswAGc0e4QbThYkATVTk6RRgYjdBeMOmkZMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzAxWhcNMTkwNjI5MTgzNzEwWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf6B0SBBjXvYy8nNXg4uDH9G/WaZITxfogZusWjxSyixbXl0HnL1w9QAE9W3e9NV9eWoSoSiFgHztDFXnLRPtkvAHMwQMkqimrk2EFrcEzLLQTxsnDdkmS05QUdzXPm9/RMEvrjvL57preb9REEst0vUck/tyid3APdFbM0V0dMNAotNd6/8G5Y5IsNG5abYxrFMLIOTTDnTy42wh8olJKV7gyOTapC3Y2oTKJuDwlMF7cxJARCdfx1/hOwIXNJs7DXGuUS1iHMgDLKTiYpqKMTB8Ub+MijUbo3Vp9kF1gVCSfVcDE90IJ91KOY4w/Q8V2VrkobeUTHdGoAohKTdhwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAAIa/PMPxVULb/ZOWDmvW6Nf7kWdStFp3VoFP6WFQheWxaHIXxXcbCU6/NzLaBFwCLgcDE8zew8/JT5Fkv1Lgy9uRt2R1y3HBc7dm2hleMKJ0bNMWGsaBMtzT2bvmIbocIYSFsnEklvsUkuUOFUmAItPV9rvAR/ib2TFlei7lP6oKl5D/0H3t9QsvqVl728BOVXjwPqwhlyqSpzoRhjxIyudIVaFLuQCf8TTMFRDJSKrRyx1EOXwGhNkC5QDJn/9boXzJqfvYnMQvJ7urMdV8GtRiRMe/RqV4b7RI2uKEe0oItYmcUJ0kV4MV0G4hoXjCspx+4eyg7ItqYZhXkjVERM=\"] }, { \"kid\": \"b93065fd-fee2-4903-b374-3849ce9ab03c\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS512\", \"exp\": 1561833430223, \"n\": \"tpe60nNty_P2NC3ZV9-LaDiddnwn3xrMs-hEiWEYUlrv9sSl319WrpOXL5vcoAtwW8fylAGe9g1e0wpx35KInAw5BO0IcSexPoXnIX2V0FojD6GwrRQfPGWwgk0o-Fq_Y3AzLD_C8-AEZzy3ofbICLKYzAcY-Y-jIZY7B3L_5US3NX-lVAfbv09OvG3eXIOIhbHNPjsNmKHDXZaY7YFgAz1uS7ulTB4rqKr9waPkWpuk-gR7ln71Bz8Sp1ZWFb7IlQl_Oz0VoBNpjcY3NvdTPLIHVAgxbYSBU7Ng2R5BJt8KVkdIZdS8EONOtOkpAG35wWN5egA6HNdQuKZHxZeJtQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgHAARWW3yFeXRCRWl4IZbK2ekih6I4jxbZ/fwsQNMrxkwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDFaFw0xOTA2MjkxODM3MTBaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2l7rSc23L8/Y0LdlX34toOJ12fCffGsyz6ESJYRhSWu/2xKXfX1auk5cvm9ygC3Bbx/KUAZ72DV7TCnHfkoicDDkE7QhxJ7E+hechfZXQWiMPobCtFB88ZbCCTSj4Wr9jcDMsP8Lz4ARnPLeh9sgIspjMBxj5j6MhljsHcv/lRLc1f6VUB9u/T068bd5cg4iFsc0+Ow2YocNdlpjtgWADPW5Lu6VMHiuoqv3Bo+Ram6T6BHuWfvUHPxKnVlYVvsiVCX87PRWgE2mNxjc291M8sgdUCDFthIFTs2DZHkEm3wpWR0hl1LwQ40606SkAbfnBY3l6ADoc11C4pkfFl4m1AgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAKtAldP6nQrvvDHfy+zqRfZUdAQxMpElgwMcjx5gYXMsoFdiae12wUjaBC7qqNcdYwTRLym6/jHAQGnA9ps7Gq8Pg+915APZLxzdS8tuflHTu9EsxtVqEJZrbNEw6ai2TuBOuvRCqbJPGS1ox4oO7cMai3t8ye5sqbCP2wSxpA9rY2pADoyjNAwNncKNz3fWkB3zkF/IGIbrnnYxEYCjaCVP3rMwv1oHAMe3egDZFHHSwy3bU7I55CWvXYZq9l4Ooodwv1Z6WP3RBsgtHuAKAj8R9g6Qu2A5+5sD0HmsaavhpqVNyhViWO0Xj0ly6fL4szDu1GqmoA4N3wBLnk/1cog==\"] }, { \"kid\": \"10326489-32e8-46c0-a4a8-11e610212cbb\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES256\", \"exp\": 1561833430223, \"crv\": \"P-256\", \"x\": \"2NlXgCWEG6zangxJuZ2_HaxKMOU0RYC1YvwGzW772tE\", \"y\": \"XorDnr0qk-o-THLjjBmvzjY4DAIQ08wpssH4f5SSzXc\", \"x5c\": [\"MIIBdjCCAR2gAwIBAgIgeaYaQme83PbzTAi4J79QN8xUUpJ4UiL9RwblsrvTZjwwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDJaFw0xOTA2MjkxODM3MTBaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY2VeAJYQbrNqeDEm5nb8drEow5TRFgLVi/AbNbvva0V6Kw569KpPqPkxy44wZr842OAwCENPMKbLB+H+Uks13oycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDRwAwRAIgTiXVKWkkdsCNew/kMopLBRhL3vtxbbzbxN3jf34FmxACICOT/Gi22hRErZxnIE4umy5jsYTzPEN5CJmUuqtHsvSH\"] }, { \"kid\": \"4976df50-089a-404c-9bc8-562c7f3ec50e\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES384\", \"exp\": 1561833430223, \"crv\": \"P-384\", \"x\": \"KyM05ZsOVguBKCliPGQJxNuqz6HTrhwpi3rnWDdLm0EhK3bKSlZ1FNLSaZXfCjPr\", \"y\": \"VrgeotVExDjv4E_DzDsrBiCv089fbzLhVLw1pzNPdCuIwCOGHqKtjE30vzLSl-1A\", \"x5c\": [\"MIIBtDCCATqgAwIBAgIgJUcsGBokJlOJc07Xej/0jhReiqrx2+ru0mbgNal0AYowCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDJaFw0xOTA2MjkxODM3MTBaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQrIzTlmw5WC4EoKWI8ZAnE26rPodOuHCmLeudYN0ubQSErdspKVnUU0tJpld8KM+tWuB6i1UTEOO/gT8PMOysGIK/Tz19vMuFUvDWnM090K4jAI4Yeoq2MTfS/MtKX7UCjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjAFIyOlWl8B0H+scsbZzW4GsDmhGwt6YFAwf/xR3wm8VljnJFaYqPTAX7xJHoZW0lMCMQCDaR3u76ladBefaXjhMzb3+2T2xzIei6iR0VSNHQk7hxPMiF8Vfn7dL3jv7seju+8=\"] }, { \"kid\": \"8a4ab1e5-eb42-45a4-9d86-bba06f9c626b\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES512\", \"exp\": 1561833430223, \"crv\": \"P-521\", \"x\": \"AYPVkRhQb5lglfH_o1UWbGoeubzqDyyC533ra6b9vHZVEdw63F4Lyy7-wXS2cpWjnlGxtE85C9zbd71cSTp_8OCm\", \"y\": \"Vf0w7HJLTL0Czo2iXAs0U7BgwHHikxptinqPpY40MgTpIqdB413-DdmvbW_FCJYxo-BZcs5pJ3i2kmS8PDBStdA\", \"x5c\": [\"MIICADCCAWGgAwIBAgIhAJvrwLTcRT0XvMFsC19JSTSVoXhrVXaOeXtxZ4e6ozsBMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzAyWhcNMTkwNjI5MTgzNzEwWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBg9WRGFBvmWCV8f+jVRZsah65vOoPLILnfetrpv28dlUR3DrcXgvLLv7BdLZylaOeUbG0TzkL3Nt3vVxJOn/w4KYAVf0w7HJLTL0Czo2iXAs0U7BgwHHikxptinqPpY40MgTpIqdB413+DdmvbW/FCJYxo+BZcs5pJ3i2kmS8PDBStdCjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBjAAwgYgCQgCF1ecccItMGrNT7jvi3ekOiAGA7H6eA1iAQQYoA35tsxXLZe+101C9pFfte6i3NgoljDoEOSPjN+zRkbtb84SZcwJCAc9NCMIeg55j2qU+w+zYWdexmmqkARMl+BTRG4unFvzC34qgk7slW6hXW6tmgGKz6UvFfwyhTqPQV2lgZqMqF4r0\"] }, { \"kid\": \"9874da26-f197-42c7-bcb3-65766c728fa2\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS256\", \"exp\": 1561833430223, \"n\": \"6KlQnK24GDFr-WI1CyyS_NRjYRUiVFEqxt6cen8CATnGEvovfnWxJZ-y0UesDC-dFKwVQ_Itw64KsxE1dEzxFhgu22WXfrnzeM0T-xKagtsSbzk94uT0oTpmIn70ijUzaidWR25d8WDA7LX_IJXFSvdvXBIqADbo6XgJYa8ntxMTkSYOc85kfWEYE7yCEDi3S7SGQzJyCq_Hnkokt7LUT7bh01nfby4BtVkNeogiipoIqpq5eOyYen1uiJiRUyMqhCWOvvKKZOzpy9Xn5nqssj_fukhLH73GfaL1yBQ65rp4HfZeyxWwMtPVEZz7c13e7XdTbmU9ZRKnkqAeHYDigQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgI5UwcceUNCHJjrHii8N2cHdkfUT6dUUdS8GMEwpjBecwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDNaFw0xOTA2MjkxODM3MTBaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoqVCcrbgYMWv5YjULLJL81GNhFSJUUSrG3px6fwIBOcYS+i9+dbEln7LRR6wML50UrBVD8i3DrgqzETV0TPEWGC7bZZd+ufN4zRP7EpqC2xJvOT3i5PShOmYifvSKNTNqJ1ZHbl3xYMDstf8glcVK929cEioANujpeAlhrye3ExORJg5zzmR9YRgTvIIQOLdLtIZDMnIKr8eeSiS3stRPtuHTWd9vLgG1WQ16iCKKmgiqmrl47Jh6fW6ImJFTIyqEJY6+8opk7OnL1efmeqyyP9+6SEsfvcZ9ovXIFDrmungd9l7LFbAy09URnPtzXd7td1NuZT1lEqeSoB4dgOKBAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAkDYzfLwOCTpYSWQFU3Eqbz6IvKa1p3OX3zWPkqwwzQGADR74rXnYtAMs25q1hyBs9813KkDa0pvBWXfMNkKt2trBuo1wztEOROYQ+qLs43huDQ14KD/mCK7v6GRY/L+eCydUUuChSl3Ah0DAucuLowbodmDS55rHZFFJCgMi+FmaUXv3YadgMGhdVLMjZX8ndpvl0Aar7B0pTxKaRq9IU488exeHmM35DDI9MGjHPnaPwQSeWHA684KhQCMATrn0Q4WlSbKyJStAIIb/3ECg46yculxh10i76Z4WC6e7Nqx9IR50ASf7/TQSmtCFVdwjRxcW9eKlKZYOCazD8fspHA==\"] }, { \"kid\": \"233e3074-fdd4-4031-ae8e-d249c143d79f\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS384\", \"exp\": 1561833430223, \"n\": \"nQBd0bUIJyiy5ccIql9Wg17wF9Rf_DdcoygOI9gfDP3CvK8jb-nWR1d9EeiBt_az1scyG3rmrhBIwXOU76jG5lS7Wp-93OGFoBheI7PAGTgypMxnwUjZtnKae9bGihDcG0fxvzQ3EZRSDXkiR2tBgC2Pbhu8W3aFIGEqxiOe3lEv4_ayDGBic_9p5Gnqw6xGnckm95DmAslsUo3WjFaeQQSMS95GIFstdZFgLmRE-Lse4U8Xu4-kn31G-rkK1u71ZQg_cqW7MbqL-yjOLV8br3rXbdDTvJCGZWsEqgcqMqp1lHWHXW06P_KETZmLSi7Oc57pMiYqFuaQUL1VJYsWvw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgCBMXIIPReE1U3rAeiELb4+zodOHJWufk+u9hAphvN+8wDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDNaFw0xOTA2MjkxODM3MTBaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdAF3RtQgnKLLlxwiqX1aDXvAX1F/8N1yjKA4j2B8M/cK8ryNv6dZHV30R6IG39rPWxzIbeuauEEjBc5TvqMbmVLtan73c4YWgGF4js8AZODKkzGfBSNm2cpp71saKENwbR/G/NDcRlFINeSJHa0GALY9uG7xbdoUgYSrGI57eUS/j9rIMYGJz/2nkaerDrEadySb3kOYCyWxSjdaMVp5BBIxL3kYgWy11kWAuZET4ux7hTxe7j6SffUb6uQrW7vVlCD9ypbsxuov7KM4tXxuvetdt0NO8kIZlawSqByoyqnWUdYddbTo/8oRNmYtKLs5znukyJioW5pBQvVUlixa/AgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAf+xMB/sf0OoMm6iAxkoBYm3P3/onUkFVc3JqnEvR2iADmo3PgbvBt8ZEMmph/l5pq8C3br1jaSSP1iNJH51VpJwa78FMAR7UCd3gpDoZ7myjjqXA4Ru6bWHg5svPVOP0BpG8cOsJDq1F0GW3jj4AsqN+/3IZSHRW8R3/z9vn4gEnIJVG1B++Q1KU9jGMUm+MDQxFiJ9q0B5zv773Mrg8Kql9rEQDy44BIyrXp3MlyOFZrReyH6roqyXwkGD09WSq5DQ9MCaR6lGtaIVRC7fEz0nj2FfiyV7kjeKSUVvEdM9R7AM8dyC2tC0LthyJHGGunL7c9Uvr+ouToYgHAzLRMQ==\"] }, { \"kid\": \"1ebe6862-cc47-4b97-b401-1d988c4a8ce3\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS512\", \"exp\": 1561833430223, \"n\": \"p7h5JQbUNBRzXBKb8wC6KbzAeyxSjt0r-GAAbKE69BZBtyLGpiTG27QVy8Roiz7t2ZYart8moyEYkNE_LX-SKkIU8GeNQf3jLdhr_M572cvkvqYPBynqOf2ijSGmsPQ7T8IYIfetv-RPxcAoIB1fDvbnXXnxBchdquKhOyTG6SR58EISHo8RfJOjKLa-1A8xfqW7GZwi3tfGwZnR1k67V6sgYcouvG_6WMoaB1hTepiGotMlxBSfGemlMNc8Ss4DfWvvxxs32Mzj1Rb-DQ3FXzK3WVxMSC72xMYlaXDwE8yGJGPbugV0sTkE0fKymcOoijxWySJEYOXgVoeD4g47jQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAMrG4LNUT20ibeui11Lub/Hl1nIcoYeKkCgxNAtYQYgeMA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzAzWhcNMTkwNjI5MTgzNzEwWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7h5JQbUNBRzXBKb8wC6KbzAeyxSjt0r+GAAbKE69BZBtyLGpiTG27QVy8Roiz7t2ZYart8moyEYkNE/LX+SKkIU8GeNQf3jLdhr/M572cvkvqYPBynqOf2ijSGmsPQ7T8IYIfetv+RPxcAoIB1fDvbnXXnxBchdquKhOyTG6SR58EISHo8RfJOjKLa+1A8xfqW7GZwi3tfGwZnR1k67V6sgYcouvG/6WMoaB1hTepiGotMlxBSfGemlMNc8Ss4DfWvvxxs32Mzj1Rb+DQ3FXzK3WVxMSC72xMYlaXDwE8yGJGPbugV0sTkE0fKymcOoijxWySJEYOXgVoeD4g47jQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAAB1u2P8KUVLPUI4Vcib3z5wiwbMvLNDC6gxqGGmJzWcsVFN/Ma6rFI/bNr7SrB4al2BXqfPiuqLlgorg7VGUAn6//24YnYDSFxklhEmffHdpmXOxJ3cJrZCILKLA/T1ibVq/1vZLseSYxdtAdgFYmpFvhtTrJ7pzcBoz3SyZ0SnnSavVlvMdNUNHT0m+aK7Je33kvkYpk3pydgu1nQ5VTfL3mllKD+pWNevORTYF+zDcXcUD2PlZlgMcdsd1mAr3W/d2hgr5WjGhAs21itgr4JZIyPfgu3aTIYgQlaAGmzeQ6Yasu2QDFdfm7BVlII7OqhCw5a47PmcvownhF91txo=\"] }, { \"kid\": \"0da49f45-c980-47a0-b30e-bbb1fe324b3b\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES256\", \"exp\": 1561833430223, \"crv\": \"P-256\", \"x\": \"XrhMOsDKL6CTylpjKyu92OelTNrlxvPcguyliMjiI10\", \"y\": \"7ODqbXnQdvECxlPip34epVI6txpRECHP_cQ1J8S5ffw\", \"x5c\": [\"MIIBeTCCAR6gAwIBAgIhAKi1pAZrvzK3EAOGQ4Hqmi1yHVgIphPE5ntqXWpJq0EmMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzAzWhcNMTkwNjI5MTgzNzEwWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXrhMOsDKL6CTylpjKyu92OelTNrlxvPcguyliMjiI13s4OptedB28QLGU+Knfh6lUjq3GlEQIc/9xDUnxLl9/KMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0kAMEYCIQCpPszPSLyUor6kfyMklng6t+iaFnoEyEieRBF0OgncTAIhAOMTj1inVo8QKd3DGPAm6cErmjBtg+KO+ITqIRdkMrMs\"] }, { \"kid\": \"fd65f5c4-848b-4715-93f3-1caa3a93aae8\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES384\", \"exp\": 1561833430223, \"crv\": \"P-384\", \"x\": \"8eteePH_24m3K0cPqMrJJF5AYZlWHm8M3ScyOOewzAcDILMtqmH97HAQAkqBs7v2\", \"y\": \"VtKgqjLtI1pGRjC-FMApL46Ynspr0cQ8p9O7Xvn2HM-Woie0Go1qTzOVGjbfxH6T\", \"x5c\": [\"MIIBtTCCATugAwIBAgIhAIbm9WBN+HCiH6EX9cnF5fw15eN0V8qi6TiQxIvsnw2bMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzAzWhcNMTkwNjI5MTgzNzEwWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8eteePH/24m3K0cPqMrJJF5AYZlWHm8M3ScyOOewzAcDILMtqmH97HAQAkqBs7v2VtKgqjLtI1pGRjC+FMApL46Ynspr0cQ8p9O7Xvn2HM+Woie0Go1qTzOVGjbfxH6ToycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDaAAwZQIwCp5XnOtimuxN/IKRe6iPAzVgcwzxkvJzmCrgufkUpKePPeSUJ0yY8M6ae61pP7mYAjEA1bVmj5rpzkCNEakfOXmbuwYOF54udoAfLhlThmWTQwwRcG45dMQb4z0tucHBsk7O\"] }, { \"kid\": \"7415fe31-33c8-457e-8598-9811f3c239b9\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES512\", \"exp\": 1561833430223, \"crv\": \"P-521\", \"x\": \"AQCIZzJ0s-SrxxDwECjNthtjQDGinbOWX4eY9_GOA1w3Bug80x-K-BdQNqU_3tJKHnbsdZO8VelL5-epue8ydg1u\", \"y\": \"tnQ8DeLEOFCmZUue-4eICh220CsJ40j41j9iV7eLQ-S81iSPEUFWQYNwhLxAwJx6NMN0FRsgK3iMp5X3rhYm-cs\", \"x5c\": [\"MIICADCCAWGgAwIBAgIhAKj3V8R3kb/xhNOi7j47cAcP8g3u14WgycWdUnf8XCSTMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzAzWhcNMTkwNjI5MTgzNzEwWjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBAIhnMnSz5KvHEPAQKM22G2NAMaKds5Zfh5j38Y4DXDcG6DzTH4r4F1A2pT/e0koedux1k7xV6Uvn56m57zJ2DW4AtnQ8DeLEOFCmZUue+4eICh220CsJ40j41j9iV7eLQ+S81iSPEUFWQYNwhLxAwJx6NMN0FRsgK3iMp5X3rhYm+cujJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBjAAwgYgCQgGes+j89ydu0PpSEbX5MNVwj3A77OUb7rqx21TQ9SRIpQL7qatH+Ffs2ZSLhLJKBZoaR8M5S3prGAKdscX4l/RkOwJCAZ/4HDoCf819snkpctD7pDo23XT1j9fzSIMiAHaxxU9Y/ZFqA+L4KcwY4+hoYMEE94bAm8AWCzKcrIPK612WdaEz\"] }]}", "oxAuthLogoutSessionRequired": "false", "oxAuthGrantType": "client_credentials", "oxAuthIdTokenSignedResponseAlg": "HS256", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!BCB0.4376", "oxAuthAppType": "native", "oxAuthTokenEndpointAuthMethod": "private_key_jwt"});
340[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
341
342
343
344UPSERT INTO `gluu` (KEY, VALUE) VALUES ("uma_scopes_@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06D", {"oxRevision": "1", "oxPolicyScriptDn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F9A5,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxId": "https://u144.gluu.info/oxauth/restv1/uma/scopes/scim_access", "displayName": "SCIM Access", "objectClass": ["oxAuthUmaScopeDescription", "top"], "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06D,ou=scopes,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06D", "owner": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB,ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"});
345[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
346
347
348
349UPSERT INTO `gluu` (KEY, VALUE) VALUES ("uma_resources_0f13ae5a-135e-4b01-a290-7bbe62e7d40f", {"oxAuthUmaScope": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06D,ou=scopes,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxAssociatedClient": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!0438.06D9,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxId": "0f13ae5a-135e-4b01-a290-7bbe62e7d40f", "displayName": "SCIM Resource", "objectClass": ["oxUmaResource", "top"], "oxRevision": "1", "dn": "oxId=0f13ae5a-135e-4b01-a290-7bbe62e7d40f,ou=resources,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxResource": "https://u144.gluu.info/identity/restv1/scim/v2", "owner": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB,ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxFaviconImage": "http://www.gluu.org/img/scim_logo.png"});
350[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
351
352
353
354
35518:41:57 06/29/18 Importing ldif file ./output/asimba.ldif to Couchebase
35618:41:57 06/29/18 Running Couchbase query from file /tmp/n1ql/asimba.n1ql
35718:41:57 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/asimba.n1ql
35818:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
359 [0m
360
361
362 Path to history file for the shell : /root/.cbq_history
363UPSERT INTO `gluu` (KEY, VALUE) VALUES ("oxasimba_idps_@!2B96.42E9.2953.68ED!0002!D21C.8343!EEDB.B1D4.DFBF.3A38.21EE.2B81.2510.2CC8", {"dn": "inum=@!2B96.42E9.2953.68ED!0002!D21C.8343!EEDB.B1D4.DFBF.3A38.21EE.2B81.2510.2CC8,ou=idps,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "uniqueIdentifier": "https://ce.gluu.info/idp/shibboleth", "objectClass": ["oxAsimbaIDP", "top"], "oxasimbaentry": "{\"inum\":\"@!2B96.42E9.2953.68ED!0002!D21C.8343!EEDB.B1D4.DFBF.3A38.21EE.2B81.2510.2CC8\",\"id\":\"https://ce.gluu.info/idp/shibboleth\",\"sourceId\":null,\"friendlyName\":\"Gluu Server CE\",\"metadataUrl\":\"https://ce.gluu.info/idp/shibboleth\",\"metadataTimeout\":-1,\"metadataFile\":\"\",\"enabled\":true,\"acsIndex\":true,\"scoping\":false,\"nameIdPolicy\":false,\"allowCreate\":true,\"nameIdFormat\":null,\"avoidSubjectConfirmations\":false,\"disableSSOForIDP\":false,\"lastModified\":1455524023953}", "inum": "@!2B96.42E9.2953.68ED!0002!D21C.8343!EEDB.B1D4.DFBF.3A38.21EE.2B81.2510.2CC8", "friendlyname": "Gluu Server CE"});
364[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
365
366
367
368UPSERT INTO `gluu` (KEY, VALUE) VALUES ("oxasimba_requestorpools_@!2B96.42E9.2953.68ED!0002!D21C.8343!1975.CC4F.ACC1.A803.A40D.AEC1.1C3A.285D", {"dn": "inum=@!2B96.42E9.2953.68ED!0002!D21C.8343!1975.CC4F.ACC1.A803.A40D.AEC1.1C3A.285D,ou=requestorpools,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "uniqueIdentifier": "requestorpool.1", "objectClass": ["oxAsimbaRequestorPool", "top"], "oxasimbaentry": "{\"inum\":\"@!2B96.42E9.2953.68ED!0002!D21C.8343!1975.CC4F.ACC1.A803.A40D.AEC1.1C3A.285D\",\"id\":\"requestorpool.1\",\"friendlyName\":\"Requestor Pool 1\",\"enabled\":true,\"lastModified\":1455524056416,\"forcedAuthenticate\":false,\"preAuthorizationProfileID\":null,\"postAuthorizationProfileID\":\"postauthz.1\",\"attributeReleasePolicyID\":\"asimba.releasepolicy.1\",\"properties\":null,\"authenticationProfileIDs\":\"remote.saml2\",\"requestors\":null}", "inum": "@!2B96.42E9.2953.68ED!0002!D21C.8343!1975.CC4F.ACC1.A803.A40D.AEC1.1C3A.285D", "friendlyname": "Requestor Pool 1"});
369[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
370
371
372
373UPSERT INTO `gluu` (KEY, VALUE) VALUES ("oxasimba_requestors_@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.7902.5796.74A6", {"dn": "inum=@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.7902.5796.74A6,ou=requestors,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "uniqueIdentifier": "https://ce.gluu.info/shibboleth", "objectClass": ["oxAsimbaSPRequestor", "top"], "oxasimbaentry": "{\"inum\":\"@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.7902.5796.74A6\",\"id\":\"https://ce.gluu.info/shibboleth\",\"friendlyName\":\"Apache webserver Requestor\",\"metadataUrl\":\"https://ce.gluu.info/Shibboleth.sso/Metadata\",\"metadataTimeout\":-1,\"metadataFile\":\"\",\"poolID\":\"requestorpool.1\",\"properties\":null,\"enabled\":true,\"signing\":false,\"lastModified\":1455524077539}", "inum": "@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.7902.5796.74A6", "friendlyname": "Local Apache webserver Requestor"});
374[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
375
376
377
378UPSERT INTO `gluu` (KEY, VALUE) VALUES ("oxasimba_requestors_@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.4987.7891.5325", {"dn": "inum=@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.4987.7891.5325,ou=requestors,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "uniqueIdentifier": "http://sptest2.gluu.org/secure", "objectClass": ["oxAsimbaSPRequestor", "top"], "oxasimbaentry": "{\"inum\":\"@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.4987.7891.5325\",\"id\":\"http://sptest2.gluu.org/secure\",\"friendlyName\":\"Gluu Test SP\",\"metadataUrl\":null,\"metadataTimeout\":-1,\"metadataFile\":\"${webapp.root}/WEB-INF/sample-data/sptest2.xml\",\"poolID\":\"requestorpool.1\",\"properties\":null,\"enabled\":true,\"signing\":false,\"lastModified\":1455524077539}", "inum": "@!2B96.42E9.2953.68ED!0002!D21C.8343!869E.85EC.BEC2.B1A6.0ECC.4987.7891.5325", "friendlyname": "Gluu Test SP"});
379[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
380
381
382
383UPSERT INTO `gluu` (KEY, VALUE) VALUES ("oxasimba_selectors_@!2B96.42E9.2953.68ED!0002!D21C.8343!3627.987E.69FE.6A8B.C478.2586.E944.04C0", {"dn": "inum=@!2B96.42E9.2953.68ED!0002!D21C.8343!3627.987E.69FE.6A8B.C478.2586.E944.04C0,ou=selectors,ou=oxasimba,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "uniqueIdentifier": "https://ce.gluu.info/shibboleth", "objectClass": ["oxAsimbaSelector", "top"], "oxasimbaentry": "{\"inum\":\"@!2B96.42E9.2953.68ED!0002!D21C.8343!3627.987E.69FE.6A8B.C478.2586.E944.04C0\",\"id\":\"https://ce.gluu.info/shibboleth\",\"organizationId\":\"https://ce.gluu.info/idp/shibboleth\",\"friendlyName\":\"Selector rule 1, shibboleth SP -> shibboleth IDP\",\"enabled\":true,\"lastModified\":1455524102424}", "organizationid": "https://ce.gluu.info/idp/shibboleth", "inum": "@!2B96.42E9.2953.68ED!0002!D21C.8343!3627.987E.69FE.6A8B.C478.2586.E944.04C0", "friendlyname": "Selector rule 1, shibboleth SP -> shibboleth IDP"});
384[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
385
386
387
388
38918:41:57 06/29/18 Importing ldif file ./output/passport.ldif to Couchebase
39018:41:57 06/29/18 Running Couchbase query from file /tmp/n1ql/passport.n1ql
39118:41:57 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/passport.n1ql
39218:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
393 [0m
394
395
396 Path to history file for the shell : /root/.cbq_history
397UPSERT INTO `gluu` (KEY, VALUE) VALUES ("clients_@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!CE00.DD41", {"oxAuthRequireAuthTime": "false", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!CE00.DD41,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "Passport Resource Server Client", "oxAuthScope": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!6D99,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "objectClass": ["oxAuthClient", "top"], "oxPersistClientAuthorizations": "false", "oxAuthJwks": "{\"keys\": [ { \"kid\": \"3c268c0a-6cd8-406c-8094-b784a64961ce\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS256\", \"exp\": 1561833435608, \"n\": \"uv9ekHF6a9K62Z5t0hj3jDR1Kpwo95gzJSqH08GqFCvD1ZI6BEmTDzTAwNf5UgW-UBDvlldCQoJv4vKOwah0JzElCXKrSRtnLT9qMVb6809hIBD9j0aC7zPsEMsyqn6idCnTHH_HHrGgmyIE2v-tzw4B_SyZC6VEPIKv_7LNosh4oV2E5U5RwXDMPyQSnO8xhAhFoP4zYPvu8csBrWtp-dqne-cNG1dVfQjAUYeVDfwdZIyA3viVxRTy2KaiujuBrIH-gALpj3YFucN-YAxD8nqv6u8VVC99hOvdMMI0tfBOP5Xp-zH46AonUCDcMgnHL0cRZeoUflyYWoM5AqN6Vw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAICc46Jv8aaRRNd81ggEbnzr3+WQ1UAyVVlgr1yOqqTLMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzA2WhcNMTkwNjI5MTgzNzE1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv9ekHF6a9K62Z5t0hj3jDR1Kpwo95gzJSqH08GqFCvD1ZI6BEmTDzTAwNf5UgW+UBDvlldCQoJv4vKOwah0JzElCXKrSRtnLT9qMVb6809hIBD9j0aC7zPsEMsyqn6idCnTHH/HHrGgmyIE2v+tzw4B/SyZC6VEPIKv/7LNosh4oV2E5U5RwXDMPyQSnO8xhAhFoP4zYPvu8csBrWtp+dqne+cNG1dVfQjAUYeVDfwdZIyA3viVxRTy2KaiujuBrIH+gALpj3YFucN+YAxD8nqv6u8VVC99hOvdMMI0tfBOP5Xp+zH46AonUCDcMgnHL0cRZeoUflyYWoM5AqN6VwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBALF1XoLmTi8fEFW+Ds+j3Hsrw5hszxXnLpEAZqRjOcWx/shqzu85ZVE8vFsRs6E5xY/yyy5Lutuqr1Am1U8EGnb7p+deX0tuQOwbsVXwOPFq93i0qX+mtgdK/ytGOXtA/0JuICdUk+NFrK1/dJZiiCcPYwo8+VuxBKXBPwHxTacsSZoeo8aVd4xrM4x+Db53jTd4dsaqpQfDLIsjuQuauf3MQNkN1y5EQUY9jhIt1wxrBpzrl4WV8EdY01ScK5Y5Nh+Q1O98EeTG3Y5veRLALVQ8k6dtZRUQkDjWdOBBXPRz5sLIf3njEAnNidF73yhdVYkIwsxRkJgksuywU78dm2Y=\"] }, { \"kid\": \"b19342ef-2e73-4c46-b251-bf91539fca58\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS384\", \"exp\": 1561833435608, \"n\": \"kZoPgMAsVxAROiJK65viZmXvOqq3ez2tYWk-gaYEahoXIWEAI2XlxILyqXZ9OPcBsYJwaFgYnF9y_hv0VIryXOY5hstPj_lL06RAy_DZYsk74uf1U9kJU2U-_RCZ55NXc0tx0B-HQOCx0y4OjBjb-T8OSS_26BnKL9Je8raemwOLCOeEmS4-fxw_lKoPh6gV4OxBb1Vavo8F-PUFJGaaj-VVY15_5V3b4z1hXmAPX94Ca7GJmIfCJUJKHR0IdEa_EzDl-WW6ARY-DA5VufkduQN92pPAgNO7P9CTZxcrteZ1S_VTVwqsvwlbq_7RYWwfuOsF-VvN6RvTLq1nblNPsw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgefKfzJcNYdGFcGD/RkQvvzJj1Q0a408fSA2X3YLQj+kwDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDZaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRmg+AwCxXEBE6Ikrrm+JmZe86qrd7Pa1haT6BpgRqGhchYQAjZeXEgvKpdn049wGxgnBoWBicX3L+G/RUivJc5jmGy0+P+UvTpEDL8NliyTvi5/VT2QlTZT79EJnnk1dzS3HQH4dA4LHTLg6MGNv5Pw5JL/boGcov0l7ytp6bA4sI54SZLj5/HD+Uqg+HqBXg7EFvVVq+jwX49QUkZpqP5VVjXn/lXdvjPWFeYA9f3gJrsYmYh8IlQkodHQh0Rr8TMOX5ZboBFj4MDlW5+R25A33ak8CA07s/0JNnFyu15nVL9VNXCqy/CVur/tFhbB+46wX5W83pG9MurWduU0+zAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEATXmviI0971imiV9aVRAQosW8AD12SCzELgerNIMw4EtHThW9bHVj+aPb5JtpoNKuHTFvGTMobNnnowQaXc9CeUPJkso/2g23ET95FTtjBuJvVYfZx2hgoYpNmLug3VtF7GCUv8bwAtZzN7Fov+C8hWyOAl3S2Wnfy6+Pawe6ma3Vi0gG5iu1y0Y3LF1p9GLECcGF2zHJw8C+eplGChYPB5f0DtQ1RHgi48lU9YgRN3Kddq4kV+epevyCmnxie2pTxqddgjs1wpBy7UE6dZjBVs/iBm0JttT9FopxEfuk0yCl7mbVuWqtJF23+TAnfS8a+9ifSDY5RO20QbfBS64jYw==\"] }, { \"kid\": \"5229e3a4-571a-496f-a0c5-014baa31a06a\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS512\", \"exp\": 1561833435608, \"n\": \"nMZru-dIwG_ybrRRj6D3cXtfr_ZS6-hNq4iVPF-1l5cE1FUMe13150bOl1a7M3sCQpZc5LTn16U6yIMVcHl229NKSl-BoA4nW5dVhjl3-rqoQRt7Je72ionsAcFRQnI23r4Sz2mj4iwfvQBejFeVgpBSvOgKxajJYrVYM0M-RBzFwbkZlnDNbZXXNf0OOro_bjVW2t962_eR0mp26VjddhQSkJG_15qL6qKatk42WESrsWNusn5bg6NW6LvMsOyXoWQisbgUmFSvutD9lIU6KvoCbOwUOrC5egLk6TKhthZ3xzWioGlDsOUaz0sgVTB2jY-hOcfM8TEU6nQhePm3BQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgWgdIPphTMj3puqvLeUxYIfxs1q9e/auASH/2WuopiuEwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDZaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcxmu750jAb/JutFGPoPdxe1+v9lLr6E2riJU8X7WXlwTUVQx7XfXnRs6XVrszewJCllzktOfXpTrIgxVweXbb00pKX4GgDidbl1WGOXf6uqhBG3sl7vaKiewBwVFCcjbevhLPaaPiLB+9AF6MV5WCkFK86ArFqMlitVgzQz5EHMXBuRmWcM1tldc1/Q46uj9uNVba33rb95HSanbpWN12FBKQkb/Xmovqopq2TjZYRKuxY26yfluDo1bou8yw7JehZCKxuBSYVK+60P2UhToq+gJs7BQ6sLl6AuTpMqG2FnfHNaKgaUOw5RrPSyBVMHaNj6E5x8zxMRTqdCF4+bcFAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAXTnYjETE13MP4KMMrAlgXzhEO0U4BdJmbJKC9KBGOn2GrIrg89rTFS1FNzWzL+9mkio2FvG0iMZK0W7f22K0nnBlGTo4hNC7qbN3V8nQl9kzeccdA/u3vnJzXiFko4biO7BgFyj5EEbD88RaMccdPGs9UR4/x3brD0ehzAw046RxhwfPqbitBWMKZVQwgz6vPxxKzh+RqxBPCbKOYzTx1BjKzFKuOK8IyryscuAdG2zXpQNyVQ/bSgQUMmm4nuO9bdpUAz5RPpGApVWMvyFCpeHrl0wBUFAQK4Wyy1wD8fQkULOnKwsxTm94xViSFW23dr6Vs7lBPFBJIf9N1jFkgg==\"] }, { \"kid\": \"88bd9995-b155-4a12-bb03-281f09139365\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES256\", \"exp\": 1561833435608, \"crv\": \"P-256\", \"x\": \"peLIrsd5aI7vAQFy7APX5pogEoSoziq9-3w-FtBbk28\", \"y\": \"UMa5PaKbWWkrzEHjFbTum9jt4fGFOe9Zm26hhUeQWAo\", \"x5c\": [\"MIIBdzCCAR2gAwIBAgIgGgbCjAAUBGt/Mh9I+h8gU2ZPkKy1j0noyYvD4I4nNjMwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDdaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASl4siux3loju8BAXLsA9fmmiAShKjOKr37fD4W0FuTb1DGuT2im1lpK8xB4xW07pvY7eHxhTnvWZtuoYVHkFgKoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSAAwRQIhAIYx538VwK79dKyDPsGPCrwKI4vMsRRG1NjPlLlNmgVNAiBQqL3taPE0MlXPCnrejA4+oKlPWazOhto44mKllcKzlQ==\"] }, { \"kid\": \"34a2ebe4-11bc-44be-b6fc-6a3652516532\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES384\", \"exp\": 1561833435608, \"crv\": \"P-384\", \"x\": \"sx40L5SYKl6G367ri19eb57aFW_bIHlWxxLkSLeeJbcXqs5wfGWSzs_VUSDcwMxc\", \"y\": \"va6SACrpqyoVfyJ20EkZ_LEQgLoD9hrZH2d0XrB5hmbU7pPy-A1io8ZQfDEp1LLQ\", \"x5c\": [\"MIIBtTCCATqgAwIBAgIgCnWLLXusbxqIjHy/wXn6OsIhOWRsm2dl4HQI4y7N11swCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDdaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASzHjQvlJgqXobfruuLX15vntoVb9sgeVbHEuRIt54ltxeqznB8ZZLOz9VRINzAzFy9rpIAKumrKhV/InbQSRn8sRCAugP2GtkfZ3ResHmGZtTuk/L4DWKjxlB8MSnUstCjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNpADBmAjEAwuHQNpLEptBaqfjJyKOrpQ5dXb5j/vxXYPWUZjPOH6x1RGr6P/DVYUO9sgw5jxNxAjEA54gGKqwaF7ZbdBtY91U9XUnTuj4ptaoBPKPOSz44OiLuSyIZJihYMj7oyy/M1IXN\"] }, { \"kid\": \"93731abf-5a28-4550-833e-a05ade3e0b4a\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES512\", \"exp\": 1561833435608, \"crv\": \"P-521\", \"x\": \"ue4JyspQkKLER-CxRi_F-rz0CGHMuyu_QadhiwccbWwbM-lMS3u-Wm0qI-YCRqKXjg1kT1Cg92ISLkTUPAtoKOU\", \"y\": \"hAo4a2Rd-A8jUpCRPCn-WDqMkt-zvotZkg3aSKrwszN0mJzdWt_J-Y1z0zJ4-CyWKoqaGxbs9He7fCqI_nKJOJI\", \"x5c\": [\"MIIB/zCCAWCgAwIBAgIgPc8mkAZHqzUG8DusZgb/baxT9fhYEK1azScyc/hlyRQwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDdaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAC57gnKylCQosRH4LFGL8X6vPQIYcy7K79Bp2GLBxxtbBsz6UxLe75abSoj5gJGopeODWRPUKD3YhIuRNQ8C2go5QCECjhrZF34DyNSkJE8Kf5YOoyS37O+i1mSDdpIqvCzM3SYnN1a38n5jXPTMnj4LJYqipobFuz0d7t8Koj+cok4kqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GMADCBiAJCAeoxP4RP32opttBSYEXlKH6tgA1VjTbceCpYqgYpm4M6BhY1Si82Yx5VySQZMxkpbtPPYBPBNAgjonM35W5LdfvVAkIB9tzohipGIpO78cn2u560hgQEwTg3OUSaozfcuFMxmNc/dRdPHxmwsui3ZzpzKrQrUacsBZBTHDtAPRIL6zOsS+k=\"] }, { \"kid\": \"9181e1b2-b524-4a05-b797-efaa0d931824\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS256\", \"exp\": 1561833435608, \"n\": \"qvXEbJs0ez-dY2H-BzpX8NRDrcecIwLRWnelpKirhlOhJGiNhrsXI9v76CBWhhPWnYdztsGKAvWI_iOC2b9Vl6Zj5JD9Ctres2g5X55lmO3H3-SluxyMyKlDh0yEB1s4sgnjWUYCkWOxHg5woGOhtCDxNI0ZZfL2C59YeouKzJxAiRCeWoyor4iGLGU3f-hosyAqzAxTJGjZH4XQicNRCkfHqJj8Ovn3j0jP0krYLKF1w7Liq4s1PrNc4Cme9KM2bN4n4Ji5JElLr7JGYSgdWZ68AmE3I75gYINTKB0OMPy6y52rpvz_N6FRWeE-7mzplih9vyu5minj4Xa4eNrcSQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgH8CTkfyEk1/MsFTtkBGvF15IhaerfPzGM12p3sNP7F8wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDdaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq9cRsmzR7P51jYf4HOlfw1EOtx5wjAtFad6WkqKuGU6EkaI2Guxcj2/voIFaGE9adh3O2wYoC9Yj+I4LZv1WXpmPkkP0K2t6zaDlfnmWY7cff5KW7HIzIqUOHTIQHWziyCeNZRgKRY7EeDnCgY6G0IPE0jRll8vYLn1h6i4rMnECJEJ5ajKiviIYsZTd/6GizICrMDFMkaNkfhdCJw1EKR8eomPw6+fePSM/SStgsoXXDsuKrizU+s1zgKZ70ozZs3ifgmLkkSUuvskZhKB1ZnrwCYTcjvmBgg1MoHQ4w/LrLnaum/P83oVFZ4T7ubOmWKH2/K7maKePhdrh42txJAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAXI4AHAqEGbnU8/k8/Hlcbsn4j9lDY21nRbxNHF21OWvbFue5g0mCnaQ+aWmih7nLEy3CDOMo2qJBzD5KYtujtCev30MHj2dZmNbC1CHDDc7Cz2t6Ff3zWEjjeY+1rW3DtfWcy8fPMdCeSUbCfA91IXFXJ9fpfOX/8oUimbfpCFFIBsdpcwim1UVBgQfqc6PPlcdvWHLBu0Qw2qBqkoePQbYSJNE+2B3Ud7khitcskJ2UfzXMxXj+77AYO++tsrJ6nlEMJjw2nCqW/6jgrLlyHFiXsjiFDSJJ9QlhD+rMnpC6qq0UOyr8tQ2Zpavioo/hTEgayNZwf0X7Ut3xgheJCg==\"] }, { \"kid\": \"096cdd77-4301-4c1a-830c-630109ae8648\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS384\", \"exp\": 1561833435608, \"n\": \"3e-JgaskA2bsKd40pqX_xd9Defi_06Cb01xaejsMxvuFtYJSIEfvTpw0VOsc1Ni1fn2DyBK1uqif4zaL6_4wSamFORjt7-C93HBDWA77jZyU5f_nJAUfbdquBx15Ex_g9BQwkJU9LAci3WMtELx-3giooiq60gOGHoxMIFWSE9gt3Kw8eNM5-dNHGiufEV4N_kel1NRqQ2rK8fs4vn_WuqFQ5qGnjtDItm89X1HD_ok5ivOg9a4Fk5nMzS5FkDpuKVmrG3yN9L5uDVOXtMGh9zWKb6_FmR6iobcJRzPMfLLuiwd8V_5smQlie5Rh4u5Xm-pih_jdx3qPSGSTPmn85w\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAOSg6wJMRiWpCZDoGOdJo8P+ulyb6b1T5RGaiQ+njjR2MA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzA3WhcNMTkwNjI5MTgzNzE1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3e+JgaskA2bsKd40pqX/xd9Defi/06Cb01xaejsMxvuFtYJSIEfvTpw0VOsc1Ni1fn2DyBK1uqif4zaL6/4wSamFORjt7+C93HBDWA77jZyU5f/nJAUfbdquBx15Ex/g9BQwkJU9LAci3WMtELx+3giooiq60gOGHoxMIFWSE9gt3Kw8eNM5+dNHGiufEV4N/kel1NRqQ2rK8fs4vn/WuqFQ5qGnjtDItm89X1HD/ok5ivOg9a4Fk5nMzS5FkDpuKVmrG3yN9L5uDVOXtMGh9zWKb6/FmR6iobcJRzPMfLLuiwd8V/5smQlie5Rh4u5Xm+pih/jdx3qPSGSTPmn85wIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAHXYGm8+WuB68TnZcMRyt9bkyipH84Ia8jz7mdkNpVECRs+nU7pFGIK95OeC4jWjMSx/cIQHLmmrTHaktpKlo3p8ROIUTPkhHIDdaw3Vg3x0MdLyqE0nOdnF1jK/JvTVB1GYKs26y5bUdty6ho4Ym3SNFWZrzdB9YFA9SV1Ke3DPfkJnk62MPxaWVPWp5zsoqz0uXLXlxARK30sVXmd71uRPWKjJQ2EsdILNQ3jpu6tIj3rKxDjw+eT9zjmAHsM8ZXC3maq/GslBhvxrUMiki7TNJqhojRME1ZkLsZ5am93IiGnzmrAlSt4hgVxv+MRKd0nOzWIB1BPcC8RbnGwQ0mw=\"] }, { \"kid\": \"3e80aae0-bfc9-4612-9fde-16a6ee28122a\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS512\", \"exp\": 1561833435608, \"n\": \"qLsigg-9dbnLJV-xAjHTiKVi4AkynKPL_Y4Vz0ELXTn4DsoTpFOW3SWxEabiAQAzJM8heOCJLhXOj5v4daSG2sHfsINObwN9Nz3Wx5In9bnV-DGirHln4Ncjhs_xXuOr_yzwlt54s5IdW-7L5__kTTKQlZFBPrBWY2M9ijjfHqxlXeQ4K-_qpZXMifG15BGhsCpf5hE5ofpYBIt4SzgbQzvFXsbKEafyOj3Emvc3uutjUpqMngkwybXWxWVlUM1o1cXKz9md_F5X7Rnt3fkMkeUuvH6NwREnTYLepCj5NdpEywVIZmMERY76NgDf8Bns2QQw_cr_-wkAzhFlSPMeLQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgcc18OSTT7ih4pQV7MG1k/KMQ371kEVIk2yAq7JAPZpAwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDhaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCouyKCD711ucslX7ECMdOIpWLgCTKco8v9jhXPQQtdOfgOyhOkU5bdJbERpuIBADMkzyF44IkuFc6Pm/h1pIbawd+wg05vA303PdbHkif1udX4MaKseWfg1yOGz/Fe46v/LPCW3nizkh1b7svn/+RNMpCVkUE+sFZjYz2KON8erGVd5Dgr7+qllcyJ8bXkEaGwKl/mETmh+lgEi3hLOBtDO8VexsoRp/I6PcSa9ze662NSmoyeCTDJtdbFZWVQzWjVxcrP2Z38XlftGe3d+QyR5S68fo3BESdNgt6kKPk12kTLBUhmYwRFjvo2AN/wGezZBDD9yv/7CQDOEWVI8x4tAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAMWQV/qTvu2UKS3ClIUbmBDtZP4IYdduQKKBVHpVWZXCxOs+D+JAPa783Qt02HwMBiHUduJg4gKKmVFS3elMjAsxxFlw22qny2W0ZwgEu+9X+qYZcmoWINLuMtXczAczcn4Zr8egHYPJ/YRHAlZcINqPeWHLT44OsAQaaxwqbcz9xC9W7usJqD01BmHiyuepfj+b6LniHGnbUlVd7UvfedWFwiEDFj8YXUFcoPctJ0DdXBtQ7x8u4JNIHxDk6ptFq/Uo3bREx9nX1Z+vwl8Pl6+cES3rjRVRolhHmcXIK5sl8gs5V0IDV6Wy+lDXimusYInvAf3oE2BAO8w0yloRjPg==\"] }, { \"kid\": \"9a7082c6-25fa-4fd3-b114-c38802253699\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES256\", \"exp\": 1561833435608, \"crv\": \"P-256\", \"x\": \"TIm95HELEbi3C-7SmPRbWHpV1s6dHWItCsIwkDjOrVs\", \"y\": \"Je_HZ5IcEzWVvhWUKfMKTH0uYJc1IV3fM7V43ccbp1Y\", \"x5c\": [\"MIIBdzCCAR2gAwIBAgIgQhvQUl909Qllz07IlvI7wW7EDPFPOjyltWCvHJHL2OQwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDhaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARMib3kcQsRuLcL7tKY9FtYelXWzp0dYi0KwjCQOM6tWyXvx2eSHBM1lb4VlCnzCkx9LmCXNSFd3zO1eN3HG6dWoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSAAwRQIhAKAHHn78RoANT8RxiKim/J8iOVWpnEG6u7CjLmWiVrjXAiA/jlxb6XVTg0hNiUkKTv/KZiwmTbKm/dwvGMZ4BkqBJQ==\"] }, { \"kid\": \"f0497486-1ebd-4576-95c1-8004c7dd51fc\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES384\", \"exp\": 1561833435608, \"crv\": \"P-384\", \"x\": \"g0qEfQf72qWMPDtrdlNEuLWtT5nhdPH47RraQb_XnSd5eYmNbn_79Vp5MHmgql3a\", \"y\": \"1x13rb4HonB8pdPU99er6H6wFilXJR256vWDnq66RfgTHCF4I7NDFvkIyQ1sJV74\", \"x5c\": [\"MIIBtTCCATqgAwIBAgIgSn1Yeh1TOPmJrYnvFE8LoE5jQvR/k7hBTs38N1KzunkwCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDhaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASDSoR9B/vapYw8O2t2U0S4ta1PmeF08fjtGtpBv9edJ3l5iY1uf/v1WnkweaCqXdrXHXetvgeicHyl09T316vofrAWKVclHbnq9YOerrpF+BMcIXgjs0MW+QjJDWwlXvijJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNpADBmAjEA3TXzcqDiytSHekbtEgkrvqC8b/1fhpo9WOwH3cOeryuEHEyax8xL2YQceCWzMMQwAjEAmc8blOU74+mlfNqp7mg3zZjkAeahP3wheZp69Z1mg4hSG/WqlA4AX4YjBCflj1LX\"] }, { \"kid\": \"e73c5414-4530-4562-ae7e-f140a36bf77e\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES512\", \"exp\": 1561833435608, \"crv\": \"P-521\", \"x\": \"t-8tfCAtgRc-8bvDXmwUK-IEdu4k5mbx9LyRh99ufFQtos8-jHlkwuvoTkXc0S_YpvtYkO_q8SbSr_S5yhfbSko\", \"y\": \"0ZfRFWw3d4h1IoSUbXrBJ6-9wO_D1d2C3QNp8sJnRzj8yg6tYNttm7DQLbIs2AT3lDl46w3sjbS1h9Tj4ca0zXY\", \"x5c\": [\"MIIB/jCCAWCgAwIBAgIgcxTnaO+NfWQ1p0R7+nOJdzL/jNFIAP4GUO4tb9XCCZMwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MDhaFw0xOTA2MjkxODM3MTVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAC37y18IC2BFz7xu8NebBQr4gR27iTmZvH0vJGH3258VC2izz6MeWTC6+hORdzRL9im+1iQ7+rxJtKv9LnKF9tKSgDRl9EVbDd3iHUihJRtesEnr73A78PV3YLdA2nywmdHOPzKDq1g222bsNAtsizYBPeUOXjrDeyNtLWH1OPhxrTNdqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJBZvu2n5QIRFnWQOZpFMNV8z95UE7ecsM/UxOI/LRjYQIoLcIUk5w+tY/cE+eNHJhapvTWozNmtdhWLl4YZYA+KVUCQgEy7l3D812czBbSGPhKQv6jtFfk9wPV4wy4vwxFaV4MpbSuduEPL34PixZwwJ4fX7wJ9/xn2Wmg25GPR6MDXwVvCw==\"] }]}", "oxAuthLogoutSessionRequired": "false", "oxAuthGrantType": "client_credentials", "oxAuthIdTokenSignedResponseAlg": "HS256", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!CE00.DD41", "oxAuthAppType": "native", "oxAuthTokenEndpointAuthMethod": "private_key_jwt"});
398[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
399
400
401
402UPSERT INTO `gluu` (KEY, VALUE) VALUES ("clients_@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!D185.70B0", {"oxAuthRequireAuthTime": "false", "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!D185.70B0,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "displayName": "Passport Requesting Party Client", "oxAuthScope": ["inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0009!6D98,ou=scopes,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"], "objectClass": ["oxAuthClient", "top"], "oxPersistClientAuthorizations": "false", "oxAuthJwks": "{\"keys\": [ { \"kid\": \"54b31a67-4c8a-4855-bcf5-3b2b7956a8d2\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS256\", \"exp\": 1561833439853, \"n\": \"mhI_2nvpv6I1OT0_orOpcbbNOaAHxtz4s5srHrRpnneiIOPBdLt3jEj1L8CVraD7adqmRX4tD31fgOYJwC2IUc692TrlhsnP7UHXIOdCFNNmC5_FHGsx1jnzzin68DCa_iI5HGc6QSz5i_6-l6wNGIpEBlAAxuVvfVYMC5uCjBFrZM0xVUhkufkSPWjNO9erOTedBYQf6LXqm-l4ZmJBwTuoRpZ5hJGN7PJFBFC11D3wGILH36jBDWUO2NWeODJ3NGxStDv1g_53rHjtZyrYsla_L2SJTqLZVZ5lke8axMR_dF8AFVM-GdNIuA1o2OOA64Lp12TGIECdffuNwgg8qw\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAO2aUT/TMWBdNgzN7B7Oz5nBXVUf9IHGdGT701Us9tELMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzEwWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhI/2nvpv6I1OT0/orOpcbbNOaAHxtz4s5srHrRpnneiIOPBdLt3jEj1L8CVraD7adqmRX4tD31fgOYJwC2IUc692TrlhsnP7UHXIOdCFNNmC5/FHGsx1jnzzin68DCa/iI5HGc6QSz5i/6+l6wNGIpEBlAAxuVvfVYMC5uCjBFrZM0xVUhkufkSPWjNO9erOTedBYQf6LXqm+l4ZmJBwTuoRpZ5hJGN7PJFBFC11D3wGILH36jBDWUO2NWeODJ3NGxStDv1g/53rHjtZyrYsla/L2SJTqLZVZ5lke8axMR/dF8AFVM+GdNIuA1o2OOA64Lp12TGIECdffuNwgg8qwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAHUg5qPHX2Ap8YVxyfW2mzny3D+K3FF9rI28c+1GJPFy+MA4vK5Xm6DPoOkG0yfoOQdRmT8FaLWK8CO1adkNNLBwpjlzwAiNI0Jo4AB+K4NLAoYKckKwB57lRyszH3IZNO/sZl0sAC6MaTqBtqEplfgp4bUSNIjYCmE4fXQ0fWk6Gc7USJ5INYgkcQCmuYikJLcpkYoMJvjAbHR1A6sV3dl8EvFhU9+GPjEN1QGHotlUXDTmKdRQWJ7PEyj8Yh5K6Bs/HD9FfAzo2R52DU3pNpqjTFu4CGJmlSndevRx3gQk723sVNQWv+7C8DbHU9GzpCF8fMkpq4a5sCOkLLDuyrA=\"] }, { \"kid\": \"121d48f8-1498-4ec7-827f-34827cb22d7f\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS384\", \"exp\": 1561833439853, \"n\": \"oCANAIPwvQYSJ1jq3xfLxu2NCeCjPSFNtJJwmN_rSmBhgVCw68xJaylN6RHXUyWAJJ_eD7Pwj_lrCLT214y7Xm8lx93ZuK3H3IHJPjlVorXCk6OpYZB1PfU04dizcWd66gHvBEb83voW71VwGJsnbCcgxjKnideXbrwZvMSStvvoHhVnbY92IDF2ZbxMD4KS5eMadvJ1ls_P-f6CBEQmdzkKmROpv7Gq9ukjIBmuSj55_QURqpJgIHngyIbKDGUcx1L2ZmWgVPQbOL8_Fxk0Pu1HUJtvTxCkgXzdMkV3nRXWRUszseXuqPQqkLVxZO9xHXhU89cwFzQ5JPn-9rcusQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgBrPcgvui08o07ST/WG/XHeJxakh7PJOnaSAfL2wieHEwDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MTBaFw0xOTA2MjkxODM3MTlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgIA0Ag/C9BhInWOrfF8vG7Y0J4KM9IU20knCY3+tKYGGBULDrzElrKU3pEddTJYAkn94Ps/CP+WsItPbXjLtebyXH3dm4rcfcgck+OVWitcKTo6lhkHU99TTh2LNxZ3rqAe8ERvze+hbvVXAYmydsJyDGMqeJ15duvBm8xJK2++geFWdtj3YgMXZlvEwPgpLl4xp28nWWz8/5/oIERCZ3OQqZE6m/sar26SMgGa5KPnn9BRGqkmAgeeDIhsoMZRzHUvZmZaBU9Bs4vz8XGTQ+7UdQm29PEKSBfN0yRXedFdZFSzOx5e6o9CqQtXFk73EdeFTz1zAXNDkk+f72ty6xAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAV39KuG/7KzGTtGafRoSq/PxqQDz4m5XikKi/gDd2IC19lC94mJ6LdNrKiEwltJz+SftP53Z70J+g3GS2UPnzUO97CANP9cK4rvuO2xEdP258gLN0LmTecmu8o6s17yA/UaHEySxdYg+kHBO3dYZmi0t97S7XWfeaqlTwejadXuKAYRfObFEboJWRPx7CEdN4J8eTecbF4JcnESoLcL0ECRRBToCPscCKYBUVngKF6m//YiFkkf4WmsNdalX7cmto1gMv3DKS9fmCG6un5wUYp9Qes3nYXJvobQvGXIjWYseDJl/bvKEszLnyuU21Px5XqjSSMYKCS/a84Zb3q9sXmg==\"] }, { \"kid\": \"e3d49f56-a4fd-427f-a328-46e5f6c77347\", \"kty\": \"RSA\", \"use\": \"sig\", \"alg\": \"RS512\", \"exp\": 1561833439853, \"n\": \"vBTnl8FDWfaKOG5oN3i-v9lDBqVMyJKZtdutSWz1ntObomgHZccN9SicJT1tk1yxCAxzgWyUm7oqOijVM_KcVuOhaHLkLsiN_uzJQ1-7sjK13V2134eLEGThS8749Hp0yNCJyliJJeCHsz6GznVe9qGPu0gcgbl5qD8WPU_tsoqmLRWY7OchdlMeWYV_sHheWjAt837XpWLN8m5x2MzYasLn5J7u2slVmDYzU_cdOyr5LkF7NskU1-e5-HBgu3ScNE-O6-lKzSFmEOmEsuKC6tidmussHftlWskR5bxGXxV4z_AC3AZMqPJIJx7XUPR56DMH1crQrvTb6eJil_oniQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgK/l3B8fTD5g0hlwu9e+knrI81Y35AZ7cDrz8YTiGjfowDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MTBaFw0xOTA2MjkxODM3MTlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8FOeXwUNZ9oo4bmg3eL6/2UMGpUzIkpm1261JbPWe05uiaAdlxw31KJwlPW2TXLEIDHOBbJSbuio6KNUz8pxW46FocuQuyI3+7MlDX7uyMrXdXbXfh4sQZOFLzvj0enTI0InKWIkl4IezPobOdV72oY+7SByBuXmoPxY9T+2yiqYtFZjs5yF2Ux5ZhX+weF5aMC3zftelYs3ybnHYzNhqwufknu7ayVWYNjNT9x07KvkuQXs2yRTX57n4cGC7dJw0T47r6UrNIWYQ6YSy4oLq2J2a6ywd+2VayRHlvEZfFXjP8ALcBkyo8kgnHtdQ9HnoMwfVytCu9Nvp4mKX+ieJAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAgiM4WZvMiDQwFP+XRmGsgN0ryMIkqZQqsmfEVAjv9hm9ubPTKPUUoVeucg0B/+uRjvEUHQrAfxsuGrL8DoGQc7DC3dRnJhkL6rF/jRDg9MkbYbdjvaTbqzbSZef/fP8LK+JyUDOhCg8aX71nxMveCrT7iXvZWpWZlXxUcr4NOC5zhFduiNBrUf+DXjh8USUXGMs33liQRm7vtbuHiGa14nQc5qWQdEvWJ1aG4HtDnTzG83oc2hZKfO8/RGV0JD/Jpfobtc2PwDg7qxXqmT9q/UdeMLUWC8veUeG3eQDgCrU884h43pxc5z8alL6pi/y6BD4y80KUOor9774iUCMVKQ==\"] }, { \"kid\": \"c502f52f-9fbc-4af8-8f29-965b76f769e5\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES256\", \"exp\": 1561833439853, \"crv\": \"P-256\", \"x\": \"UdvtorppXLTgA-tBrc4-n-SXILex5pKDdLwyEgAbbuM\", \"y\": \"au4vuQ9uNqd1RKiQVKDSA1HBc22ezkOGe6iM03oDtH8\", \"x5c\": [\"MIIBeTCCAR6gAwIBAgIhANBvDMjoPJa8Ebz9NAk2Ls1hUhMl0r94izHco0/C6AJ/MAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzExWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUdvtorppXLTgA+tBrc4+n+SXILex5pKDdLwyEgAbbuNq7i+5D242p3VEqJBUoNIDUcFzbZ7OQ4Z7qIzTegO0f6MnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0kAMEYCIQDxQLTqXLao51ngYyxdvBMX3WNP7KqiqwV+/ilTzFSOEAIhAKHbGavKcfYNWZoct6ozSPUpeIfz2PXvzxrseKUXgq6P\"] }, { \"kid\": \"e40c4078-82b2-4459-856e-f20e9c74680e\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES384\", \"exp\": 1561833439853, \"crv\": \"P-384\", \"x\": \"cK4dC-FcHRJ61ZwVzLO03V91SnxtbX-P8HM-nZUNJpJeBM3gc1uwsDGYrHqL28f9\", \"y\": \"tXZluVJGKVpOwIZs6jq2pqPvbVuNinuwFN3iW03-U_4S1D4sYmXqhPEMkwe30-E0\", \"x5c\": [\"MIIBtDCCATugAwIBAgIhAJeRBEju0NXsSfOjuztc3kOKwT4pyNBmamfFnLClt2IOMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzExWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEcK4dC+FcHRJ61ZwVzLO03V91SnxtbX+P8HM+nZUNJpJeBM3gc1uwsDGYrHqL28f9tXZluVJGKVpOwIZs6jq2pqPvbVuNinuwFN3iW03+U/4S1D4sYmXqhPEMkwe30+E0oycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDZwAwZAIwD5i6szisINGSS5rW0LRSbkMRUMgRJRq/KzprPBx8gUDQjfq5FiRBymHjzWpZM7YKAjBHZRl7AxKBoVax6vYLz+gdpFn145gmGpnRFZBKhD34D6oFkQCG1zXTeTiTRRzYkxU=\"] }, { \"kid\": \"b1a6ec43-cb59-4698-aeee-c180f428c533\", \"kty\": \"EC\", \"use\": \"sig\", \"alg\": \"ES512\", \"exp\": 1561833439853, \"crv\": \"P-521\", \"x\": \"AZ1oIymGHSL4jqPc7AaLBnh6633kIWvTWPZQgOqxI_hnpYNxzXM7rWQHe6URq3j8SU7NMhA97999ToNjq0O_UoDw\", \"y\": \"AXvDRYlDKYtu7TivpoBHwUExRMTTZSEMttv4hoFRZulnddQSqp7hzqK03OGEtxMs1-UVeboPKo-ts2D7W4xLpsN5\", \"x5c\": [\"MIICADCCAWGgAwIBAgIhAIuRJlovaYcpbiGJAsDj8JdkNx1m68o0S7bHBXDYMIbsMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzExWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBnWgjKYYdIviOo9zsBosGeHrrfeQha9NY9lCA6rEj+Gelg3HNczutZAd7pRGrePxJTs0yED3v331Og2OrQ79SgPABe8NFiUMpi27tOK+mgEfBQTFExNNlIQy22/iGgVFm6Wd11BKqnuHOorTc4YS3EyzX5RV5ug8qj62zYPtbjEumw3mjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBjAAwgYgCQgFqzoEWSnhyR7dUthwf3QLAqX90cUR2x1EUkZznqbagPDGmXCpd89vCJ6mKoW3JmADzt9m1bEVAi3NujP8EeyTKCgJCAaGbNoKwx6ihQ1B/RjSmAV4hRg3Gu1hJzKGfCoNMia21m2pjheHb4o4KyE28/gIpfssyqal7TvxTVcwXtE0RZpI6\"] }, { \"kid\": \"c5f896d5-05bf-4545-8289-7e524965b9dd\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS256\", \"exp\": 1561833439853, \"n\": \"4zETTRHmliCVbl4GqXu8ixjdg64K5kc7yOIkpWe45r9laFJd70tbqwM5lnUoHm4vEnQNLAAPFRtXZ60jrrzqOFLjEv1UTK6eJQ6I8ubAYnqtZO1ifX-_nbOak-CryTT9qCzxbl5VEQw28yPQ5oMPeLsgn3OGUy97vkX6ghUP-xZQSTiFZjzrJa58LBylhGyWdLufofLbLb0cg3vnFyN32LHfDfASg-mqKfa9TnDkb1vaRU5Oyube9c7ZL66hJPQe-nkprFmd7Lf3e1AahxvG7cLomffzyTX8OUWKa0Np-sjXYgMsZ2hGT2ydWai3gYJxnxV59R2EnGcC1deQMfjX8w\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgCiEO5WdEx0n7G061vqO+PFmCczutNEbPaQSFwrEU5OwwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MTFaFw0xOTA2MjkxODM3MTlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjMRNNEeaWIJVuXgape7yLGN2DrgrmRzvI4iSlZ7jmv2VoUl3vS1urAzmWdSgebi8SdA0sAA8VG1dnrSOuvOo4UuMS/VRMrp4lDojy5sBieq1k7WJ9f7+ds5qT4KvJNP2oLPFuXlURDDbzI9Dmgw94uyCfc4ZTL3u+RfqCFQ/7FlBJOIVmPOslrnwsHKWEbJZ0u5+h8tstvRyDe+cXI3fYsd8N8BKD6aop9r1OcORvW9pFTk7K5t71ztkvrqEk9B76eSmsWZ3st/d7UBqHG8btwuiZ9/PJNfw5RYprQ2n6yNdiAyxnaEZPbJ1ZqLeBgnGfFXn1HYScZwLV15Ax+NfzAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAqLa5v5Vo0cL7YHkm4RN0schS3nETGwOeTBYT3Thru3FO/dmX2+GShpKcRwsg3bGduifVP6pYmLeL071zct8akAIIPR3/dneml7msZ2GxbeStzXF1i0lgNL6Uw8f56F+PbFgULQXlGm6bbBZtyfAUl8bc4HFI5MQ4DBvNiM20RVxfO3BOTTChowWvrK9cxNMHsiNlGbyUjCklzhD7BviojLkGnfIBMdpjdBPxJGOTk+uXAt+hK7gIVBC33tQ1JUFK54OK3uR7T7MrzgN43x8ujCw3Ms/M2n4WQB4xsBhHeyK+uTVmo9lnCzvwlOEBQ8UQXpCI3O1ozMv+gqC4ch20fQ==\"] }, { \"kid\": \"ab793af2-732a-43f9-9999-ccd7db43917b\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS384\", \"exp\": 1561833439853, \"n\": \"zBFMyNeJSZcuZZo4h43EA2IM1POIz_zRmRWgRUz_XiKsVxlPwKd1hPEHSoGtaECfTP9DMsClh5eaIBp7qISlh5FR79bYE8kv1ODEdI7K4FX8Omn0GUTZXPSCrP7ta1hx4XZPe2el6n0I1MdmUltCyw8-H-j4NK2N0BBCBcHpLhbxamH8v4hnBhjx603LlNwVl7YoXdUrqzC54iAM3_OW8tLXXxtrlMEyS1Xbi3PkqCcL_T3Cs4sKhPg3DYewebTrq8Oy6yQLHs6Te2mN0YVK_pKyrdlgtKdjtMban0OJNlqslRfwk0azUp4MSQl93nqBOVYrvF77fhmdM1YLj5qqsQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDBDCCAeygAwIBAgIhAIccvZPdHDaWbkUSMADAyJ1DhJLyJ6T9W+ec3R9gTzTiMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzExWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBFMyNeJSZcuZZo4h43EA2IM1POIz/zRmRWgRUz/XiKsVxlPwKd1hPEHSoGtaECfTP9DMsClh5eaIBp7qISlh5FR79bYE8kv1ODEdI7K4FX8Omn0GUTZXPSCrP7ta1hx4XZPe2el6n0I1MdmUltCyw8+H+j4NK2N0BBCBcHpLhbxamH8v4hnBhjx603LlNwVl7YoXdUrqzC54iAM3/OW8tLXXxtrlMEyS1Xbi3PkqCcL/T3Cs4sKhPg3DYewebTrq8Oy6yQLHs6Te2mN0YVK/pKyrdlgtKdjtMban0OJNlqslRfwk0azUp4MSQl93nqBOVYrvF77fhmdM1YLj5qqsQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBACQq65jhlml/Bi3dE3G80cpIFv77n8Y7/6Am7fcWRvrgdI95fsZENVKQDx5oGuBrk57MGl8ap7rqEmUjPeWPveLuza8ans2FQrFJp6rW8/frfLKDBdfL+1QyKXKOB++Yan8eX3TEM8mq1Pm7istmaaP1dX5zmAb85r1rqwISEEqrU+Iw8UZ1WIrGMkTEnK5gC8NHyrPKeSWSPcuZwgAkaEwNhDJRr/Zk0+UGZihrFN/sKUqsMX/dzjQenuFLiCm/h1dwluV3UEukbnHF/7HbQNG4bP5y79NEHh2pdzvxSsgN5vXNi+RrlH53haFrCWW3SaqUbzXhEhi2+uMkNvqxd5o=\"] }, { \"kid\": \"dd5b9d7f-bd78-4923-8ddc-754a9b39f9e9\", \"kty\": \"RSA\", \"use\": \"enc\", \"alg\": \"RS512\", \"exp\": 1561833439853, \"n\": \"o-CoX1ROKXcOKW6ZDFTfXW7x7iPpcjmHdhbYqPulxmYxJ3w9lfVoTvlMAVI8EA1QJcGEdqyKMVzjVGY9BV7ZeVCgBTy8HbQ3oZItNBJsu6UP_GM16xWGR9JN1tHj_O5K0xKbgZ3i-ZGcL2z6f17r3gE9_1sbJnN9ZiRek9jRpyuUvbhiwnUizRV8xkd0vi4jlOw4RITdAwSfC9wg4ZvGeBIp_Iqdx17xm7kg4ZEDmBI4Qdctb4j41TJCwY_iyQOTWX_-EsX3sv87qoDNvRdIHbTPooDd1RbO5WN3LF8SlvXDrlLNRKfnmosxfXasT9a4zGpLDXbxn1LdpPrbrRnElQ\", \"e\": \"AQAB\", \"x5c\": [\"MIIDAzCCAeugAwIBAgIgSCPEGdRyz2ONAhdS38eb9K1OC00EzM2/XSJ0zTowKMQwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xODA2MjkxODM3MTJaFw0xOTA2MjkxODM3MTlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj4KhfVE4pdw4pbpkMVN9dbvHuI+lyOYd2Ftio+6XGZjEnfD2V9WhO+UwBUjwQDVAlwYR2rIoxXONUZj0FXtl5UKAFPLwdtDehki00Emy7pQ/8YzXrFYZH0k3W0eP87krTEpuBneL5kZwvbPp/XuveAT3/Wxsmc31mJF6T2NGnK5S9uGLCdSLNFXzGR3S+LiOU7DhEhN0DBJ8L3CDhm8Z4Ein8ip3HXvGbuSDhkQOYEjhB1y1viPjVMkLBj+LJA5NZf/4Sxfey/zuqgM29F0gdtM+igN3VFs7lY3csXxKW9cOuUs1Ep+eaizF9dqxP1rjMaksNdvGfUt2k+tutGcSVAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAPz2QQeWcUEd8moGsod8G6ftMX7p+rjeja67cdsZ46SwK5d5BY6caejSadeG27+y25zG6/y665+Lm6cbK/10tUfTjyuzMcWxF3OP9rLk27TwHusR+qOdot2tbXGE5pXo/kwFSMXNcrLlGhVzk7v4lI1HyIuVDHyMKQIYzZm1R/rSZo9z9dyC+Dgg7+ovfB/4gh3HRXg17qLALCWQeTuroIwCXFVniixcnADQP09Q6Yh2Td9xMyVvzH6HQTR42yO+88wvLaoQXTYIHKgDW7O23px99d5WNH8x0kO8O3b878FbJ1DGvF99DUd8QAxMTDAe9wJf8KQykrhaivssx6qoI6Q==\"] }, { \"kid\": \"161b3191-c8ba-4859-8d2d-89eb9e5793a6\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES256\", \"exp\": 1561833439853, \"crv\": \"P-256\", \"x\": \"OpMq9izTinEysxOIaZ1EDVrwIqIY4KxjbvHpI83peNE\", \"y\": \"ju29IAKnc6ZH4Y6LJkSvucaGHpX5Obki0cQOgFY8RKM\", \"x5c\": [\"MIIBeTCCAR6gAwIBAgIhAIKByDjY4l4WRCexFFfgEQZjH/oes6U16DVYr8MiKPZrMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzEyWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOpMq9izTinEysxOIaZ1EDVrwIqIY4KxjbvHpI83peNGO7b0gAqdzpkfhjosmRK+5xoYelfk5uSLRxA6AVjxEo6MnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0kAMEYCIQDEZKlICT40KYn6Idx2ADbtsJw9fYnS6MA5CccreGZv8gIhAN68SesIFP5j3iKo0DCvCjb84t6DjXCJo7/56/C2CijE\"] }, { \"kid\": \"c9e0428b-0787-42db-8c61-d5c0847fdcd1\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES384\", \"exp\": 1561833439853, \"crv\": \"P-384\", \"x\": \"K00T-dvP5lEeuX4wL-b0fRSi7BkNy6s_AnBz9055BYgPE0zBfX2fY-rCfkNIZFTM\", \"y\": \"raI8VN5IwHS3RV8DRYnqVLZ6DfLjq2tD87eFsQqQUKBKhX36JmPl6Y3R7FTgVsmj\", \"x5c\": [\"MIIBtTCCATugAwIBAgIhALW8jyKXXXyOw4ykmj+6TIJg38dnStmUxosVDYBrgjeQMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzEyWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEK00T+dvP5lEeuX4wL+b0fRSi7BkNy6s/AnBz9055BYgPE0zBfX2fY+rCfkNIZFTMraI8VN5IwHS3RV8DRYnqVLZ6DfLjq2tD87eFsQqQUKBKhX36JmPl6Y3R7FTgVsmjoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDaAAwZQIwBKdXfO3zAp2B7BR5KaF7DSnoVKaWTLSQMLLzhBek+FAmoRDhg7ZJXDYk2aG4as1cAjEAq6EEtFC0ACwWby3QaCPQF8hbc/Xv0y5RjI3brhASy1HjwzKtVdeU51uSEl/iiAPA\"] }, { \"kid\": \"7db4b080-9d30-4317-9304-1b19b7fc271f\", \"kty\": \"EC\", \"use\": \"enc\", \"alg\": \"ES512\", \"exp\": 1561833439853, \"crv\": \"P-521\", \"x\": \"5VLEfFMj05RKZ54rHCvy7go-mQj064q7NMuWXE5qc2pO3cInGm40tqJUpz4yUNdMJtL893DMQBJra8Bh-457c40\", \"y\": \"44F7WjKBrsVBqdiEXL5HeYPD7StwfCO998ly1tjNJTYMY0f5u_gaNLccvDNuB9E0hc9LBDpxthk7Z4HGu8uwoeA\", \"x5c\": [\"MIICADCCAWGgAwIBAgIhAP4s0eP9f0DxYO0OfJsn5JszIK3fwXWfWhtx08txuo+wMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTgwNjI5MTgzNzEyWhcNMTkwNjI5MTgzNzE5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA5VLEfFMj05RKZ54rHCvy7go+mQj064q7NMuWXE5qc2pO3cInGm40tqJUpz4yUNdMJtL893DMQBJra8Bh+457c40A44F7WjKBrsVBqdiEXL5HeYPD7StwfCO998ly1tjNJTYMY0f5u/gaNLccvDNuB9E0hc9LBDpxthk7Z4HGu8uwoeCjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBjAAwgYgCQgDvFe6z8l5Uj35gOGEkXwLAv4a/yqefGnrXd/XvUjuO5HJrLvrQ/Q/b7mDzVhdbYzbJ+T83YuPS/tmRVv5t3KTKIgJCAT9iyaTKQKoy6UknqkSqAv/b8eSpn3LhqIobqkQy8zYnocvI71ZbvtVztRcyo4468JLjXxMGBsCBiJJzJ0Mcym88\"] }]}", "oxAuthLogoutSessionRequired": "false", "oxAuthGrantType": "client_credentials", "oxAuthIdTokenSignedResponseAlg": "HS256", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!D185.70B0", "oxAuthAppType": "native", "oxAuthTokenEndpointAuthMethod": "private_key_jwt"});
403[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
404
405
406
407UPSERT INTO `gluu` (KEY, VALUE) VALUES ("uma_scopes_@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06E", {"oxRevision": "1", "oxPolicyScriptDn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0011!2DAF.F9A5,ou=scripts,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxId": "https://u144.gluu.info/oxauth/restv1/uma/scopes/passport_access", "displayName": "Passport Access", "objectClass": ["oxAuthUmaScopeDescription", "top"], "dn": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06E,ou=scopes,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "inum": "@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06E", "owner": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB,ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu"});
408[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
409
410
411
412UPSERT INTO `gluu` (KEY, VALUE) VALUES ("uma_resources_0f963ecc-93f0-49c1-beae-ad2006abbb99", {"oxAuthUmaScope": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0010!8CAD.B06E,ou=scopes,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxAssociatedClient": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0008!CE00.DD41,ou=clients,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxId": "0f963ecc-93f0-49c1-beae-ad2006abbb99", "displayName": "Passport Resource", "objectClass": ["oxUmaResource", "top"], "oxRevision": "1", "dn": "oxId=0f963ecc-93f0-49c1-beae-ad2006abbb99,ou=resources,ou=uma,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxResource": "https://u144.gluu.info/identity/restv1/passport/config", "owner": "inum=@!7194.95E2.1D42.FF59!0001!6975.2B50!0000!A8F2.DE1E.D7FB,ou=people,o=@!7194.95E2.1D42.FF59!0001!6975.2B50,o=gluu", "oxFaviconImage": "http://www.gluu.org/img/passport_logo.png"});
413[31m ERROR 107 : Not connected to any cluster. Use \CONNECT command. [0m
414
415
416
417
41818:41:57 06/29/18 Importing ldif file ./output/oxpassport-config.ldif to Couchebase
41918:41:57 06/29/18 Running Couchbase query from file /tmp/n1ql/oxpassport-config.n1ql
42018:41:57 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/oxpassport-config.n1ql
42118:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
422 [0m
423
424
425 Path to history file for the shell : /root/.cbq_history
426
42718:41:57 06/29/18 Importing ldif file ./output/oxidp.ldif to Couchebase
42818:41:57 06/29/18 Running Couchbase query from file /tmp/n1ql/oxidp.n1ql
42918:41:57 06/29/18 Running: /opt/couchbase/bin/cbq --user admin --password secret --engine localhost:28091 --file /tmp/n1ql/oxidp.n1ql
43018:41:57 06/29/18 [31m ERROR 100 : N1QL: Connection failure Requested resource not found.
431 [0m
432
433
434 Path to history file for the shell : /root/.cbq_history
435
43618:41:57 06/29/18 ***** Error caught in main loop *****
43718:41:57 06/29/18 Traceback (most recent call last):
438 File "./setup.py", line 3919, in <module>
439 installObject.install_gluu_components()
440 File "./setup.py", line 2097, in install_gluu_components
441 self.install_couchebase()
442 File "./setup.py", line 3683, in install_couchebase
443 self.couchbaseProperties()
444 File "./setup.py", line 3663, in couchbaseProperties
445 prop = prop % prop_dict
446KeyError: 'inumAppliance'