You can translate the question and the replies:

Denodo 8.0 Update 20210715 OAuth authentication to obtain roles from multi-valued claim

Hi, in Denodo Professional 8.0 version 20210715 there was added enhancement #54397. Added support in northbound OAuth authentication to obtain roles from multi-valued claims. I have now a similar problem with Denodo Express (download here). I am wondering if above enhancement #54397 was added to Denodo Express, and if not, if this can be done? Thanks for looking into this! Kind regards Johan
oauth
user
04-01-2023 04:09:16 -0500
code

3 Answers

Hi, In general, whenever the update is released to the Denodo Platform, the Denodo Express is updated simultaneously as well. The Denodo express has the same features as the Denodo Platform except for some of the Restrictions which are mentioned in the [**Restrictions of Denodo Express.**](https://community.denodo.com/docs/html/browse/8.0/en/platform/installation/appendix/limitations_of_the_denodo_express_license/limitations_of_the_denodo_express_license) So, the redmine you have mentioned **#54397** has been included in the latest Denodo Express which was updated on the last August 2022. So we believe that the issue you facing might not related to the redmine **#54397.** For more information on downloading the latest version of Denodo Express I could refer to the link [**Denodo Express 8.0**](https://www.denodo.com/en/denodo-platform/denodo-express) Hope it helps!
Denodo Team
05-01-2023 04:13:47 -0500
code
Hi Denodo Team, Thank you for your quick reaction. Currently I am using Denodo Express in AWS with OAuth authentication and I set for scope the URL of the OpenID to receive the groups validation. However I get below error from denodo when validating the access token, see below extract of vdp.log. Do you know what could be the reason of this? Thanks Johan 21249 [DNI(279)-10.178.32.64] TRACE 2023-01-03T16:37:37.502 com.denodo.vdb.security.OauthAuthenticator [] - Processing the claims of the node ""https://ecas.ec.europa.eu/claims/groups"" **821249 [DNI(279)-10.178.32.64] DEBUG 2023-01-03T16:37:37.502 com.denodo.vdb.security.OauthAuthenticator [] - The OAuth access token is missing the mandatory claim 'sub' or 'scopes' or both ** 821249 [DNI(279)-10.178.32.64] DEBUG 2023-01-03T16:37:37.502 com.denodo.internal.o.a.r.server.ObjectRef [] - error while processing request InvokeRequest [VDBManagerImpl@363008736::open80/1] {requestId=18, objectId=[0:0:0-0], oneWay=false} object is VDBManagerImpl[UnicastServerRef [liveRef: [endpoint:[10.178.32.64:9995](local),objID:[433e2be2:185783b84fd:-7fff, 6612300567159182048]]]] method is public abstract com.denodo.vdb.vdbinterface.common.IQueryExecutor com.denodo.vdb.vdbinterface.common.IVDBManager.open80(java.util.Properties) throws com.denodo.vdb.vdbinterface.common.VDBServerException,java.rmi.RemoteException java.lang.reflect.InvocationTargetException: null at com.denodo.internal.o.a.r.server.ObjectRef.invoke(ObjectRef.java:149) ~[denodo-asyncrmi.jar:8.0.6] at com.denodo.internal.o.a.r.netty.RMIServerHandler.dispatch(RMIServerHandler.java:182) ~[denodo-asyncrmi.jar:8.0.6] at com.denodo.internal.o.a.r.netty.RMIServerHandler.channelRead(RMIServerHandler.java:79) ~[denodo-asyncrmi.jar:8.0.6] at com.denodo.internal.i.n.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[denodo-asyncrmi.jar:8.0.6] at com.denodo.internal.i.n.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[denodo-asyncrmi.jar:8.0.6] at com.denodo.internal.i.n.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[denodo-asyncrmi.jar:8.0.6] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at com.denodo.internal.i.n.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[denodo-asyncrmi.jar:8.0.6] at java.lang.Thread.run(Thread.java:834) ~[?:?] Caused by: com.denodo.vdb.vdbinterface.common.VDBServerException at com.denodo.vdb.vdbinterface.server.VDBManagerImpl.open80(Unknown Source) ~[denodo-vdp-server.jar:8.0.6] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at com.denodo.internal.o.a.r.server.ObjectRef.invoke(ObjectRef.java:110) ~[denodo-asyncrmi.jar:8.0.6] ... 9 more
user
 Edited on: 23-01-2023 01:46:27 -0500
Hi, In general the error ‘The Oauth access token missing the mandatory claim ‘sub’ or ‘scopes’ usually occurs when the access token not including the ‘subject’ and ‘scopes’ attributes else some identity providers returns the information in parameters with other names (i.e Identity providers generate the access tokens with the attribute ‘scp’ instead of ‘scope’). For that reason, Virtual DataPort allows configuring the name of the attributes with the values for the ‘Subject’ and the ‘Scope’ of the access token, to do this I could perform the below check: 1. In the Virtual DataPort Administration Tool, Navigate to **‘Administration’ > ‘Server Configuration’.** 1. In the** ‘Server Configuration**’ select the** ‘OAuth’** under the ‘**Server authentication’** tab. 1. Change the following fields if default values do not match with the attributes provided in the access token. * ** Subject field name * Scope field name** 1. Restart the server inorder to take effect. For more information you could refer to the [**Enabling OAuth Authentication**](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/server_configuration/server_authentication/oauth_authentication/setting-up_the_oauth_authentication_in_the_virtual_dataport_server) section under Virtual DataPort Administration Guide. Suppose if you still need help and if you are a valid support user then you could raise a support case on [**Denodo Support Site**](https://support.denodo.com/MainPage.do) so that our support team can help you. Hope this helps!
Denodo Team
20-01-2023 06:21:19 -0500
code
You must sign in to add an answer. If you do not have an account, you can register here