[Engine-devel] users cannot log into userportal
Alexander Wels
awels at redhat.com
Fri Aug 9 12:19:34 UTC 2013
On Thursday, August 08, 2013 09:10:33 PM Einav Cohen wrote:
> > ----- Original Message -----
> > From: "Dead Horse" <deadhorseconsulting at gmail.com>
> > Sent: Thursday, August 8, 2013 7:51:03 PM
> >
> > I verified the fix against current master with multiple installs and
> > browsers. Thanks guys!
> >
> > Fix verified to work with:
> > Firefox Version 22.0-1
> > Google Chrome Version 28.0.1500.95
> >
> > I still noted an odd issue with Firefox Version 17.0.8-1 (Current Firefox
> > EL6 Version).
> > The login into the user portal succeeds and a successful login is logged,
> > however the login remains hung at the login dialog indefinitely.
> > Reloading the page and closing the browser does not change things.
> > Also removing ~/<username>/.mozilla and starting fresh results in the
> > same.
> > Can someone else check and verify similar oddness with EL6 Firefox.
>
> similar oddness was indeed encountered lately. Alexander (added) is
> currently investigating.
> @Alexander - can you please update on the investigation progress in this
> thread?
As noted this seems to only happen with FF 17 ESR, which is the current EL6
version. If I use firebug or attach a GWT debugger, the problem goes away. Heck
if I compile GWT in draft mode the problem goes away. I did however make some
progress yesterday in determining the cause. It seems to me that for some
reason revealDefaultPlace in the user portal is called multiple times and in
certain cases the second time the method is called it never finishes which
causes the behavior we are seeing.
Still no solution, but this is my top priority to get working.
Alexander
> > - DHC
> >
> >
> > On Wed, Aug 7, 2013 at 1:50 PM, Dead Horse < deadhorseconsulting at gmail.com
> > > wrote:
> >
> >
> >
> > I see the fix in Gerrit/GIT. Thanks guys! I will test and update results
> > tomorrow morning.
> > - DHC
> >
> >
> > On Wed, Aug 7, 2013 at 1:01 PM, Yair Zaslavsky < yzaslavs at redhat.com >
> > wrote:
> >
> >
> >
> >
> >
> > ----- Original Message -----
> >
> > > From: "Yair Zaslavsky" < yzaslavs at redhat.com >
> > > To: "Dead Horse" < deadhorseconsulting at gmail.com >
> > > Cc: "engine-devel" < engine-devel at ovirt.org >
> > > Sent: Wednesday, August 7, 2013 9:00:34 PM
> > > Subject: Re: [Engine-devel] users cannot log into userportal
> > >
> > >
> > >
> > > ----- Original Message -----
> > >
> > > > From: "Dead Horse" < deadhorseconsulting at gmail.com >
> > > > To: "Itamar Heim" < iheim at redhat.com >
> > > > Cc: "engine-devel" < engine-devel at ovirt.org >, "Yair Zaslavsky"
> > > > < yzaslavs at redhat.com >
> > > > Sent: Wednesday, August 7, 2013 6:14:02 PM
> > > > Subject: Re: [Engine-devel] users cannot log into userportal
> > > >
> > > > BZ994604 ( https://bugzilla.redhat.com/show_bug.cgi?id=994604 ) has
> > > > been
> > > > opened.
> > > > - DHC
> > >
> > > Thanks for your help DHC,
> > > This was already fixed by rnori.
> >
> > Of course "already fixed" comparing with current time. This was indeed a
> > real issue.
> >
> > > > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim < iheim at redhat.com >
wrote:
> > > > > On 08/07/2013 12:10 AM, Dead Horse wrote:
> > > > >> I have found some steps to reproduce this easily.
> > > > >>
> > > > >> Start the engine bound to an AD for authentication
> > > > >> log in to the user portal as an AD user which has been granted a
> > > > >> Role
> > > > >> (I
> > > > >> used PowerUserRole)
> > > > >>
> > > > >> Result: Login will succeed
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:10,088 INFO
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-10)
> > > > >> Running command: LoginUserCommand internal: false.
> > > > >> 2013-08-06 15:54:10,139 INFO
> > > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > > >> AuditLogDirector]
> > > > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
> > > > >> Custom Event ID: -1, Message: User ovirttest logged in.
> > > > >>
> > > > >> log out of the user portal
> > > > >> Result: log out succeeds
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:12,448 INFO
> > > > >> [org.ovirt.engine.core.bll.**LogoutUserCommand]
> > > > >> (ajp--127.0.0.1-8702-2)
> > > > >> Running command: LogoutUserCommand internal: false.
> > > > >> 2013-08-06 15:54:12,474 INFO
> > > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > > >> AuditLogDirector]
> > > > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
> > > > >> Custom Event ID: -1, Message: User ovirttest logged out.
> > > > >>
> > > > >> As the same user log in to the user portal again but this purposely
> > > > >> input the wrong password.
> > > > >> Result: log in will fail
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:20,830 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
> > > > >> information
> > > > >> was invalid (24)
> > > > >> 2013-08-06 15:54:20,832 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > > > >> username and password.
> > > > >> 2013-08-06 15:54:20,843 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > > >> LDAP://foodc02.foo.test.com:**389 < http://foodc02.foo.test.com:389
> > > > >> >
> > > > >> <
> > > > >> http://foodc02.foo.test.com:**389 < http://foodc02.foo.test.com:389
> > > > >> >>
> > > > >> using
> > > > >> user ovirttest at FOO.TEST.COM <mailto: ovirttest at FOO.TEST.COM **> due
> > > > >> to
> > > > >>
> > > > >> Authentication Failed. Please verify the username and password.. We
> > > > >> should not try the next server
> > > > >> 2013-08-06 15:54:20,850 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
> > > > >> information
> > > > >> was invalid (24)
> > > > >> 2013-08-06 15:54:20,851 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > > > >> username and password.
> > > > >> 2013-08-06 15:54:20,852 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > > >> LDAP://foodc01.foo.test.com:**389 < http://foodc01.foo.test.com:389
> > > > >> >
> > > > >> <
> > > > >> http://foodc01.foo.test.com:**389 < http://foodc01.foo.test.com:389
> > > > >> >>
> > > > >> using
> > > > >> user ovirttest at FOO.TEST.COM <mailto: ovirttest at FOO.TEST.COM **> due
> > > > >> to
> > > > >>
> > > > >> Authentication Failed. Please verify the username and password.. We
> > > > >> should not try the next server
> > > > >> 2013-08-06 15:54:20,853 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to
> > > > >> domain
> > > > >> gso.med.ge.com < http://gso.med.ge.com >. Ldap Query Type is
> > > > >> getUserByName
> > > > >>
> > > > >> 2013-08-06 15:54:20,854 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > > > >> username and password.
> > > > >> 2013-08-06 15:54:20,855 ERROR
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD :
> > > > >> ovirttest
> > > > >> 2013-08-06 15:54:20,856 WARN
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> CanDoAction of action LoginUser failed.
> > > > >> Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSWORD
> > > > >>
> > > > >> Try again to log in as the same user this time typing the correct
> > > > >> password.
> > > > >> Result: Login fails!
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:25,186 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to
> > > > >> domain
> > > > >> gso.med.ge.com < http://gso.med.ge.com >. Ldap Query Type is
> > > > >> getUserByName
> > > > >>
> > > > >> 2013-08-06 15:54:25,187 ERROR
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> USER_FAILED_TO_AUTHENTICATE : ovirttest
> > > > >> 2013-08-06 15:54:25,187 WARN
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_**
> > > > >> AUTHENTICATE
> > > > >>
> > > > >> Try again with another AD user.
> > > > >> Result: Login fails!
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:38,056 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-5) Failed authenticating user: ovirtadmin to
> > > > >> domain
> > > > >> gso.med.ge.com < http://gso.med.ge.com >. Ldap Query Type is
> > > > >> getUserByName
> > > > >>
> > > > >> 2013-08-06 15:54:38,057 ERROR
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-5)
> > > > >> USER_FAILED_TO_AUTHENTICATE : ovirtadmin
> > > > >> 2013-08-06 15:54:38,058 WARN
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-5)
> > > > >> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_**
> > > > >> AUTHENTICATE
> > > > >>
> > > > >> Logging into the admin portal as the admin at internal user will yield
> > > > >> that
> > > > >> engine seems to have forgotten about and can no longer enumerate AD
> > > > >> users and groups.
> > > > >> engine stays in this state until it has been restarted.
> > > > >>
> > > > >> I also note the two following errors in the engine log file as
> > > > >> well:
> > > > >> 2013-08-06 15:53:41,098 ERROR
> > > > >> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC
> > > > >> service
> > > > >> thread 1-9) Could not parse option AutoRecoveryAllowedTypes value.
> > > > >> 2013-08-06 15:53:41,161 ERROR
> > > > >> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC
> > > > >> service
> > > > >> thread 1-9) Failed to decrypt value for property
> > > > >> AttestationTruststorePass will be used encrypted value:
> > > > >> javax.crypto.**BadPaddingException: Data must start with zero
> > > > >>
> > > > >> - DHC
> > > > >>
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 1:31 PM, Dead Horse
> > > > >> < deadhorseconsulting at gmail.com
> > > > >> <mailto: deadhorseconsulting@ ** gmail.com <
> > > > >> deadhorseconsulting at gmail.com >
> > > > >>
> > > > >>
> > > > >> wrote:
> > > > >>
> > > > >> Really attaching logs from other install.
> > > > >> - DHC
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 1:30 PM, Dead Horse
> > > > >> < deadhorseconsulting at gmail.com
> > > > >> <mailto: deadhorseconsulting@ ** gmail.com <
> > > > >> deadhorseconsulting at gmail.com >>>
> > > > >> wrote:
> > > > >>
> > > > >> Also I note that he login does succeed in the AD servers logs as
> > > > >> well as the engine also acknowledges the same. However the login
> > > > >> ends up in either the user logging in and the dialog sitting in
> > > > >> space forever and/or the engine no longer enumerating the AD
> > > > >> users/groups.
> > > > >>
> > > > >> Attached are logs from another install seeing the same thing.
> > > > >> -DHC
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 1:20 PM, Dead Horse
> > > > >> < deadhorseconsulting at gmail.com
> > > > >> <mailto: deadhorseconsulting@ ** gmail.com <
> > > > >> deadhorseconsulting at gmail.com >>>
> > > > >> wrote:
> > > > >>
> > > > >>
> > > > >> Seeing and issue where users are not able to log in. Also
> > > > >> for some reason the engine is seemingly forgeting about AD
> > > > >> users. Removing the AD domain via engine-manage-domains and
> > > > >> re-adding it works for enumerating the users, however the
> > > > >> first attempt to login as a user results in the engine no
> > > > >> longer enumerating the users nor allowing logins.
> > > > >> Attached are the pertinent logs.
> > > > >>
> > > > >> Engine is built and running from current master as of this
> > > > >> morning, and was installed/built and upgraded via RPMs
> > > > >> yum/engine-upgrade
> > > > >>
> > > > >> - DHC
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >> ______________________________**_________________
> > > > >> Engine-devel mailing list
> > > > >> Engine-devel at ovirt.org
> > > > >> http://lists.ovirt.org/**mailman/listinfo/engine-devel <
> > > > >> http://lists.ovirt.org/mailman/listinfo/engine-devel >
> > > > >
> > > > > thanks for reproducing with such clear steps. can you please open a
> > > > > bug?
> > > > > yair - can you try and reproduce as well (I tried on an older rhev
> > > > > 3.2
> > > > > i
> > > > > have and couldn't with the IPA provider)
> > >
> > > _______________________________________________
> > > Engine-devel mailing list
> > > Engine-devel at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> >
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
More information about the Engine-devel
mailing list