I have developed an OpenID Connect Provider and now want to configure Dataverse's login approach so that users can authenticate themselves through my OpenID Connect Provider.
I have set the following options in Dataverse (i.e., /usr/local/payara6/glassfish/domains/domain1/config/domain.xml):
<jvm-options>-Ddataverse.auth.oidc.enabled=true</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.client-id=some_id</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.client-secret=some_secret</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/.well-known/openid-configuration</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.title=OpenID Title</jvm-options>
<jvm-options>-Ddataverse.auth.oidc.subtitle=OpenID SubTitle</jvm-options>
I restarted the service using command /usr/local/payara6/bin/asadmin restart-domain domain1.
Now I expect to see a new button (for OpenID Connect) in the Dataverse's login view but I do not see such a thing and only the normal login button is - as always - shown. Also I see the logs using the command cat /usr/local/payara6/glassfish/domains/domain1/logs/server.log and the logs show the following:
[2024-03-07T10:59:39.449+0000] [Payara 6.2023.8] [SEVERE] [] [edu.harvard.iq.dataverse.authorization.AuthenticationProvidersRegistrationServiceBean] [tid: _ThreadID=70 _ThreadName=http-thread-pool::http-listener-1(2)] [timeMillis: 1709809179449] [levelValue: 1000] [[ Exception setting up an OIDC auth provider via MicroProfile Config edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException: OIDC provider metadata at https://my.oidc.com/api/auth/.well-known/openid-configuration/ not parsable. at edu.harvard.iq.dataverse.authorization.providers.oauth2.oidc.OIDCAuthProvider.getMetadata(OIDCAuthProvider.java:129) at edu.harvard.iq.dataverse.authorization.providers.oauth2.oidc.OIDCAuthProvider.(OIDCAuthProvider.java:91) at edu.harvard.iq.dataverse.authorization.providers.oauth2.oidc.OIDCAuthenticationProviderFactory.buildFromSettings(OIDCAuthenticationProviderFactory.java:67) at edu.harvard.iq.dataverse.authorization.AuthenticationProvidersRegistrationServiceBean.startup(AuthenticationProvidersRegistrationServiceBean.java:129) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.BeanCallbackInterceptor.intercept(InterceptorManager.java:1022) at com.sun.ejb.containers.interceptors.CallbackChainImpl.invokeNext(CallbackChainImpl.java:72) at com.sun.ejb.containers.interceptors.CallbackInvocationContext.proceed(CallbackInvocationContext.java:204) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.init(SystemInterceptorProxy.java:125) at jdk.internal.reflect.GeneratedMethodAccessor226.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.CallbackInterceptor.intercept(InterceptorManager.java:978) at com.sun.ejb.containers.interceptors.CallbackChainImpl.invokeNext(CallbackChainImpl.java:72) at com.sun.ejb.containers.interceptors.CallbackInvocationContext.proceed(CallbackInvocationContext.java:204) at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72) at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52) at jdk.internal.reflect.GeneratedMethodAccessor224.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.CallbackInterceptor.intercept(InterceptorManager.java:978) at com.sun.ejb.containers.interceptors.CallbackChainImpl.invokeNext(CallbackChainImpl.java:72) at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:418) at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:381) at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:2071) at com.sun.ejb.containers.AbstractSingletonContainer.createSingletonEJB(AbstractSingletonContainer.java:585) at com.sun.ejb.containers.AbstractSingletonContainer$SingletonContextFactory.create(AbstractSingletonContainer.java:743) at com.sun.ejb.containers.AbstractSingletonContainer.instantiateSingletonInstance(AbstractSingletonContainer.java:477) at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:219) at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:180) at com.sun.ejb.containers.AbstractSingletonContainer.checkInit(AbstractSingletonContainer.java:451) at com.sun.ejb.containers.AbstractSingletonContainer._getContext(AbstractSingletonContainer.java:189) at com.sun.ejb.containers.CMCSingletonContainer._getContext(CMCSingletonContainer.java:85) at com.sun.ejb.containers.BaseContainer.getContext(BaseContainer.java:2607) at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:2024) at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210) at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90) at jdk.proxy76/jdk.proxy76.$Proxy344.getAuthenticationProvidersMap(Unknown Source) at edu.harvard.iq.dataverse.authorization.EJB31_Generated__AuthenticationProvidersRegistrationServiceBean__Intf____Bean.getAuthenticationProvidersMap(Unknown Source) at edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean.getAuthenticationProviderIdsOfType(AuthenticationServiceBean.java:150) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588) at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408) at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4835) at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:653) at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834) at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:603) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163) at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140) at jdk.internal.reflect.GeneratedMethodAccessor289.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888) at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833) at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:603) at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72) at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52) at jdk.internal.reflect.GeneratedMethodAccessor224.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888) at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833) at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375) at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4807) at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4795) at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212) at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90) at jdk.proxy76/jdk.proxy76.$Proxy394.getAuthenticationProviderIdsOfType(Unknown Source) at edu.harvard.iq.dataverse.authorization.EJB31_Generated__AuthenticationServiceBean__Intf____Bean.getAuthenticationProviderIdsOfType(Unknown Source) at edu.harvard.iq.dataverse.LoginPage.init(LoginPage.java:111) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.glassfish.expressly.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:186) at org.glassfish.expressly.parser.AstValue.invoke(AstValue.java:253) at org.glassfish.expressly.MethodExpressionImpl.invoke(MethodExpressionImpl.java:248) at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:70) at com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:74) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:62) at jakarta.faces.component.UIViewAction.broadcast(UIViewAction.java:506) at jakarta.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:858) at jakarta.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1332) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:56) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:72) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:159) at jakarta.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:691) at jakarta.faces.webapp.FacesServlet.service(FacesServlet.java:449) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1554) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:331) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211) at org.glassfish.tyrus.servlet.TyrusServletFilter.doFilter(TyrusServletFilter.java:83) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211) at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:257) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:166) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:372) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:239) at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:174) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:153) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:196) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:88) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:246) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:178) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:118) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:96) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:51) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:510) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:82) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:83) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:101) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:535) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:515) at java.base/java.lang.Thread.run(Thread.java:840) ]]
Also, the following is the output of the https://my.oidc.com/api/auth/.well-known/openid-configuration:
{
"issuer": "https://my.oidc.com/api/auth",
"authorization_endpoint": "https://my.oidc.com/api/auth/authorize",
"token_endpoint": "https://my.oidc.com/api/auth/oauth-access-token",
"userinfo_endpoint": "https://my.oidc.com/api/auth/oauth-user-profile",
"jwks_uri": "https://my.oidc.com/api/auth/.well-known/jwks.json",
"response_types_supported": ["code", "token", "id_token", "code id_token"],
"subject_types_supported": ["public", "pairwise"],
"id_token_signing_alg_values_supported": ["RS256", "ES256", "HS256"]
}
Instead of:
-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/.well-known/openid-configuration
I should have used:
-Ddataverse.auth.oidc.auth-server-url=https://my.oidc.com/api/auth/