<div dir="auto"><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Feb 4, 2017 1:21 AM, "Slava Bendersky" <<a href="mailto:volga629@networklab.ca">volga629@networklab.ca</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:lucida console,sans-serif;font-size:12pt;color:#000000"><div>Hello Everyone,</div><div>Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I log to web admin with internal user and added FeeIPA user as SuperUser role. Also I added under System FreeIPA group authorized to login on any attempt to login with FreeIPA credentials getting message</div><div><br></div><div><br></div><div><div>2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.<wbr>servlets.<wbr>InteractiveAuthServlet] (default task-6) [] Internal Server Error: Unsupported command</div><div>2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.<wbr>utils.SsoUtils] (default task-6) [] Unsupported command</div><div>2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.<wbr>servlet.SsoPostLoginServlet] (default task-3) [] server_error: Unsupported command</div></div></div></div></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto">Ravi, do you know what this can cause?</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:lucida console,sans-serif;font-size:12pt;color:#000000"><div><br></div><div><br></div><div>Also when in extensions.d directory contain the following files. If I remove <span style="color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none">mydomain.lan-authn.<wbr>properties then in web ui FreeIPA domain not showing up in drop down list. Any http don't have influence on this.</span></div></div></div></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto">That is correct behavior, we dont show profiles, which uses http for authn.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:lucida console,sans-serif;font-size:12pt;color:#000000"><div><span style="color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none"><br></span></div><div><div>[root@vhe00 extensions.d]# pwd</div><div>/etc/ovirt-engine/extensions.d</div><div><br></div><div>[root@vhe00 extensions.d]# ls</div><div>mydomain.lan-authn.properties <span style="color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none"><wbr>mydomain.lan</span>-http-authn.<wbr>properties <span style="color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none">mydomain.lan</span>.properties internal-authz.properties</div><div><span style="color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none">mydomain.lan</span>-authz.properties <span style="color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none"><wbr>mydomain.lan</span>-http-mapping.<wbr>properties internal-authn.properties</div><div>[root@vhe00 extensions.d]# </div></div><div><br></div><div><br></div><div>If possible clarify how it should be and what is possible issue.</div></div></div></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto">Can you please take a look to /var/log/httpd/ssl_error_log if any errors there?</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:lucida console,sans-serif;font-size:12pt;color:#000000"><font color="#888888"><div><br></div><div><br></div><div><br></div><div>Slava. </div></font></div></div><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div></div>