<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <span dir="ltr">&lt;<a href="mailto:fabrice.bacchella@icloud.com" target="_blank">fabrice.bacchella@icloud.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Next step :<br>
<br>
The UI says, even with a restarted navigator:<br>
<br>
org.codehaus.jackson.JsonParseException: Unexpected character (&#39;&lt;&#39; (code 60)): expected a valid value (number, String, array, object, &#39;true&#39;, &#39;false&#39; or &#39;null&#39;) at [Source: java.io.StringReader@74749f78; line: 3, column: 2]<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​I haven&#39;t seen this error before, could you please share server.log and engine.log?<br>​</div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
I shift-reload, got a welcome screen, click on &quot;Administration portal&quot;. I then got a warning. The vhost for ovirt is &quot;ovirt.mydomain&quot;, but I got a redirect to:<br>
<a href="https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&amp;app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&amp;locale=en_US" rel="noreferrer" target="_blank">https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&amp;app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&amp;locale=en_US</a><br>
that then redirect to:<br>
<a href="https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&amp;response_type=code&amp;redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&amp;scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&amp;state=5ku3vXkfb10" rel="noreferrer" target="_blank">https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&amp;response_type=code&amp;redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&amp;scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&amp;state=5ku3vXkfb10</a><br>
<br>
And it fail with again with still:<br>
org.codehaus.jackson.JsonParseException: Unexpected character (&#39;&lt;&#39; (code 60)): expected a valid value (number, String, array, object, &#39;true&#39;, &#39;false&#39; or &#39;null&#39;) at [Source: java.io.StringReader@328a4512; line: 3, column: 2]​ </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don&#39;t know why.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​You need to have correctly set up engine FQDN and it has to be resolvable. If you don&#39;t have correctly set engine FQDN, you can fix that ​</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​using ovirt​-engine-rename tool, more info can be found at:<br><br><a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/">https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Also be aware that you need to use that engine FQDN to access oVirt 4.0<br><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I didn&#39;t ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​This is one of the oVirt 4.0 features​, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it&#39;s officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that&#39;s true then please take a look at <br><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1342192">https://bugzilla.redhat.com/show_bug.cgi?id=1342192</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
&gt; Le 3 août 2016 à 15:09, Martin Perina &lt;<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>&gt; a écrit :<br>
&gt;<br>
&gt; Hi,<br>
&gt; please follow steps as described in BZ:<br>
&gt;<br>
&gt; 1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with &#39;.conf&#39; suffix) with following content:<br>
&gt;<br>
&gt;   ENGINE_HTTPS_PKI_TRUST_STORE=&quot;&lt;full path to your java keystore&gt;&quot;<br>
&gt;   ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=&quot;&lt;password to your java keystore&gt;&quot;<br>
&gt;<br>
&gt; 2. Restart the engine<br>
&gt;<br>
&gt; If the above doesn&#39;t work please attach server.log/engine.log<br>
&gt;<br>
&gt; Thanks<br>
&gt;<br>
&gt; Martin Perina<br>
<br>
</blockquote></div><br></div></div>