<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <span dir="ltr"><<a href="mailto:fabrice.bacchella@icloud.com" target="_blank">fabrice.bacchella@icloud.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Next step :<br>
<br>
The UI says, even with a restarted navigator:<br>
<br>
org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2]<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">I haven't seen this error before, could you please share server.log and engine.log?<br></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to:<br>
<a href="https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US" rel="noreferrer" target="_blank">https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US</a><br>
that then redirect to:<br>
<a href="https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10" rel="noreferrer" target="_blank">https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10</a><br>
<br>
And it fail with again with still:<br>
org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2] </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">using ovirt-engine-rename tool, more info can be found at:<br><br><a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/">https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Also be aware that you need to use that engine FQDN to access oVirt 4.0<br><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">This is one of the oVirt 4.0 features, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it's officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that's true then please take a look at <br><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1342192">https://bugzilla.redhat.com/show_bug.cgi?id=1342192</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
> Le 3 août 2016 à 15:09, Martin Perina <<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>> a écrit :<br>
><br>
> Hi,<br>
> please follow steps as described in BZ:<br>
><br>
> 1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:<br>
><br>
> ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>"<br>
> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"<br>
><br>
> 2. Restart the engine<br>
><br>
> If the above doesn't work please attach server.log/engine.log<br>
><br>
> Thanks<br>
><br>
> Martin Perina<br>
<br>
</blockquote></div><br></div></div>