Mohsen Jafari (Mar 07 2024 at 11:26): Mohsen Jafari (Mar 07 2024 at 11:26):I have developed an OpenID Connect Provider and now want to configure Dataverse's login approach so that users can authenticate themselves through my OpenID Connect Provider.
I have set the following options in Dataverse (i.e., /usr/local/payara6/glassfish/domains/domain1/config/domain.xml):
<jvm-options>-Ddataverse.auth.oidc.enabled=true</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.client-id=some_id</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.client-secret=some_secret</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/.well-known/openid-configuration</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.title=OpenID Title</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.subtitle=OpenID SubTitle</jvm-options>
I have developed an OpenID Connect Provider and now want to configure Dataverse's login approach so that users can authenticate themselves through my OpenID Connect Provider.
I have set the following options in Dataverse (i.e., /usr/local/payara6/glassfish/domains/domain1/config/domain.xml):
<jvm-options>-Ddataverse.auth.oidc.enabled=true</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.client-id=some_id</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.client-secret=some_secret</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/.well-known/openid-configuration</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.title=OpenID Title</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.subtitle=OpenID SubTitle</jvm-options>
I restarted the service using command /usr/local/payara6/bin/asadmin restart-domain domain1.
Now I expect to see a new button (for OpenID Connect) in the Dataverse's login view but I do not see such a thing and only the normal login button is - as always - shown. Also I see the logs using the command cat /usr/local/payara6/glassfish/domains/domain1/logs/server.log and the logs show the following:
[2024-03-07T10:59:39.449+0000] [Payara 6.2023.8] [SEVERE] [] [edu.harvard.iq.dataverse.authorization.AuthenticationProvidersRegistrationServiceBean] [tid: _ThreadID=70 _ThreadName=http-thread-pool::http-listener-1(2)] [timeMillis: 1709809179449] [levelValue: 1000] [[ Exception setting up an OIDC auth provider via MicroProfile Config edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException: OIDC provider metadata at https://my.oidc.com/api/auth/.well-known/openid-configuration/ not parsable. at edu.harvard.iq.dataverse.authorization.providers.oauth2.oidc.OIDCAuthProvider.getMetadata(OIDCAuthProvider.java:129) at edu.harvard.iq.dataverse.authorization.providers.oauth2.oidc.OIDCAuthProvider.(OIDCAuthProvider.java:91) at edu.harvard.iq.dataverse.authorization.providers.oauth2.oidc.OIDCAuthenticationProviderFactory.buildFromSettings(OIDCAuthenticationProviderFactory.java:67) at edu.harvard.iq.dataverse.authorization.AuthenticationProvidersRegistrationServiceBean.startup(AuthenticationProvidersRegistrationServiceBean.java:129) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.BeanCallbackInterceptor.intercept(InterceptorManager.java:1022) at com.sun.ejb.containers.interceptors.CallbackChainImpl.invokeNext(CallbackChainImpl.java:72) at com.sun.ejb.containers.interceptors.CallbackInvocationContext.proceed(CallbackInvocationContext.java:204) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.init(SystemInterceptorProxy.java:125) at jdk.internal.reflect.GeneratedMethodAccessor226.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.CallbackInterceptor.intercept(InterceptorManager.java:978) at com.sun.ejb.containers.interceptors.CallbackChainImpl.invokeNext(CallbackChainImpl.java:72) at com.sun.ejb.containers.interceptors.CallbackInvocationContext.proceed(CallbackInvocationContext.java:204) at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72) at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52) at jdk.internal.reflect.GeneratedMethodAccessor224.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.CallbackInterceptor.intercept(InterceptorManager.java:978) at com.sun.ejb.containers.interceptors.CallbackChainImpl.invokeNext(CallbackChainImpl.java:72) at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:418) at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:381) at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:2071) at com.sun.ejb.containers.AbstractSingletonContainer.createSingletonEJB(AbstractSingletonContainer.java:585) at com.sun.ejb.containers.AbstractSingletonContainer$SingletonContextFactory.create(AbstractSingletonContainer.java:743) at com.sun.ejb.containers.AbstractSingletonContainer.instantiateSingletonInstance(AbstractSingletonContainer.java:477) at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:219) at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:180) at com.sun.ejb.containers.AbstractSingletonContainer.checkInit(AbstractSingletonContainer.java:451) at com.sun.ejb.containers.AbstractSingletonContainer._getContext(AbstractSingletonContainer.java:189) at com.sun.ejb.containers.CMCSingletonContainer._getContext(CMCSingletonContainer.java:85) at com.sun.ejb.containers.BaseContainer.getContext(BaseContainer.java:2607) at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:2024) at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210) at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90) at jdk.proxy76/jdk.proxy76.$Proxy344.getAuthenticationProvidersMap(Unknown Source) at edu.harvard.iq.dataverse.authorization.EJB31_Generated__AuthenticationProvidersRegistrationServiceBean__Intf____Bean.getAuthenticationProvidersMap(Unknown Source) at edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean.getAuthenticationProviderIdsOfType(AuthenticationServiceBean.java:150) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588) at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408) at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4835) at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:653) at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834) at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:603) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140) at jdk.internal.reflect.GeneratedMethodAccessor289.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888) at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833) at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:603) at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72) at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52) at jdk.internal.reflect.GeneratedMethodAccessor224.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888) at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833) at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)...
Also, the following is the output of the https://my.oidc.com/api/auth/.well-known/openid-configuration:
{
"issuer": "https://my.oidc.com/api/auth",
"authorization_endpoint": "https://my.oidc.com/api/auth/authorize",
"token_endpoint": "https://my.oidc.com/api/auth/oauth-access-token",
"userinfo_endpoint": "https://my.oidc.com/api/auth/oauth-user-profile",
"jwks_uri": "https://my.oidc.com/api/auth/.well-known/jwks.json",
"response_types_supported": ["code", "token", "id_token", "code id_token"],
"subject_types_supported": ["public", "pairwise"],
"id_token_signing_alg_values_supported": ["RS256", "ES256", "HS256"]
}
Philip Durbin ๐ (Mar 07 2024 at 12:54):@Mohsen Jafari hi! This just a guess but maybe instead of
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/.well-known/openid-configuration</jvm-options>
... you should try...
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/</jvm-options>
I'm looking at <issuer url> under https://guides.dataverse.org/en/6.1/installation/oidc.html#how-to-use
Mohsen Jafari (Mar 07 2024 at 12:57):Philip Durbin said:
Mohsen Jafari hi! This just a guess but maybe instead of
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/.well-known/openid-configuration</jvm-options>... you should try...
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/</jvm-options>I'm looking at
<issuer url>under https://guides.dataverse.org/en/6.1/installation/oidc.html#how-to-use
You are right. Thanks.
Philip Durbin ๐ (Mar 07 2024 at 12:58):It works! Great! :grinning:
Mohsen Jafari (Mar 07 2024 at 15:08):How is it possible to set redirect_uri for dataverse (in case of using OpenID approach)?
Philip Durbin ๐ (Mar 07 2024 at 15:31):Huh, I see a related commit by @Oliver Bertuch at https://github.com/IQSS/dataverse/commit/9a4b49fae048e727abb198c71bbd55127ef9934c but I'm really not sure.
Mohsen Jafari (Mar 07 2024 at 15:42):Philip Durbin said:
Huh, I see a related commit by Oliver Bertuch at https://github.com/IQSS/dataverse/commit/9a4b49fae048e727abb198c71bbd55127ef9934c but I'm really not sure.
You are right. By seeing the commit I found out that I should set the following jvm option in domain.xml:
<jvm-options>-Ddataverse.fqdn=MY_DATAVERSE_IP</jvm-options>
Philip Durbin ๐ (Mar 07 2024 at 15:46):Fantastic.
Notification Bot (Mar 11 2024 at 08:11):Mohsen Jafari has marked this topic as resolved.
Last updated: Oct 30 2025 at 06:21 UTC