<html><body><div style="font-family: lucida console,sans-serif; font-size: 12pt; color: #000000"><div>Hello Ondra,</div><div>I tried increase logging and command fail</div><div><br data-mce-bogus="1"></div><div><div>&nbsp; &nbsp; "outcome" =&gt; "failed",</div><div>&nbsp; &nbsp; "failure-description" =&gt; "WFLYCTL0216: Management resource '[</div><div>&nbsp; &nbsp; (\"subsystem\" =&gt; \"logging\"),</div><div>&nbsp; &nbsp; (\"logger\" =&gt; \"org.ovirt.engine.core.sso\")</div><div>]' not found",</div><div>&nbsp; &nbsp; "rolled-back" =&gt; true</div><div>}</div></div><div><br></div><div><br data-mce-bogus="1"></div><div>Slava,</div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"Ondra Machacek" &lt;omachace@redhat.com&gt;<br><b>To: </b>"Slava Bendersky" &lt;volga629@networklab.ca&gt;<br><b>Cc: </b>"users" &lt;users@ovirt.org&gt;<br><b>Sent: </b>Thursday, February 9, 2017 2:31:16 PM<br><b>Subject: </b>Re: [ovirt-users] FreeIPA with ovirt 4.1<br></div><br><div data-marker="__QUOTED_TEXT__">Can you please enable DEBUG log of the SSO package and try login and<br>then share the logs, please?<br><br>You can enable the debug log as following (use admin@internal password):<br><br>/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh<br>--controller=127.0.0.1:8706 --connect --user=admin@internal<br>"/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &amp;&amp;<br>/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh<br>--controller=127.0.0.1:8706 --connect --user=admin@internal<br>"/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"<br><br>After tests you can disable it later as follows:<br><br>&nbsp;$ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh<br>--controller=127.0.0.1:8706 --connect --user=admin@internal<br>"/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"<br><br>On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky &lt;volga629@networklab.ca&gt; wrote:<br>&gt; Hello Everyone,<br>&gt; Anything else possible to check ?<br>&gt;<br>&gt; Slava.<br>&gt;<br>&gt; ________________________________<br>&gt; From: "Slava Bendersky" &lt;volga629@networklab.ca&gt;<br>&gt; To: "Ondra Machacek" &lt;omachace@redhat.com&gt;<br>&gt; Cc: "users" &lt;users@ovirt.org&gt;<br>&gt; Sent: Saturday, February 4, 2017 2:27:31 PM<br>&gt;<br>&gt; Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1<br>&gt;<br>&gt; Hello Ondra,<br>&gt; Log is empty<br>&gt;<br>&gt; [root@vhe00 ~]# ls -la &nbsp;/var/log/httpd/ssl_error_log<br>&gt; -rw-r--r--. 1 root root 0 Feb &nbsp;2 04:45 /var/log/httpd/ssl_error_log<br>&gt;<br>&gt; Slava.<br>&gt;<br>&gt; ________________________________<br>&gt; From: "Ondra Machacek" &lt;omachace@redhat.com&gt;<br>&gt; To: "Slava Bendersky" &lt;volga629@networklab.ca&gt;<br>&gt; Cc: "users" &lt;users@ovirt.org&gt;, "Ravi" &lt;rnori@redhat.com&gt;<br>&gt; Sent: Saturday, February 4, 2017 10:35:31 AM<br>&gt; Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1<br>&gt;<br>&gt;<br>&gt;<br>&gt; On Feb 4, 2017 1:21 AM, "Slava Bendersky" &lt;volga629@networklab.ca&gt; wrote:<br>&gt;<br>&gt; Hello Everyone,<br>&gt; Having trouble implement &nbsp;FreeIPA authentication with GSSAPI SSO &nbsp;and ovirt<br>&gt; 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I<br>&gt; log to web admin with internal user and added FeeIPA user as SuperUser role.<br>&gt; Also I added under System FreeIPA group authorized to login on any attempt<br>&gt; to login with FreeIPA credentials getting message<br>&gt;<br>&gt;<br>&gt; 2017-02-04 00:03:08,464Z ERROR<br>&gt; [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6)<br>&gt; [] Internal Server Error: Unsupported command<br>&gt; 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]<br>&gt; (default task-6) [] Unsupported command<br>&gt; 2017-02-04 00:03:08,659Z ERROR<br>&gt; [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) []<br>&gt; server_error: Unsupported command<br>&gt;<br>&gt;<br>&gt; Ravi, do you know what this can cause?<br>&gt;<br>&gt;<br>&gt;<br>&gt; Also when in extensions.d directory contain the following files. If I remove<br>&gt; mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up<br>&gt; in drop down list. Any http don't have influence on this.<br>&gt;<br>&gt;<br>&gt; That is correct behavior, we dont show profiles, which uses http for authn.<br>&gt;<br>&gt;<br>&gt; [root@vhe00 extensions.d]# pwd<br>&gt; /etc/ovirt-engine/extensions.d<br>&gt;<br>&gt; [root@vhe00 extensions.d]# ls<br>&gt; mydomain.lan-authn.properties mydomain.lan-http-authn.properties<br>&gt; mydomain.lan.properties &nbsp; &nbsp; &nbsp;internal-authz.properties<br>&gt; mydomain.lan-authz.properties mydomain.lan-http-mapping.properties<br>&gt; internal-authn.properties<br>&gt; [root@vhe00 extensions.d]#<br>&gt;<br>&gt;<br>&gt; If possible clarify how it should be and what is possible issue.<br>&gt;<br>&gt;<br>&gt; Can you please take a look to /var/log/httpd/ssl_error_log if any errors<br>&gt; there?<br>&gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt; Slava.<br>&gt;<br>&gt; _______________________________________________<br>&gt; Users mailing list<br>&gt; Users@ovirt.org<br>&gt; http://lists.ovirt.org/mailman/listinfo/users<br>&gt;<br>&gt;<br>&gt;<br>&gt; _______________________________________________<br>&gt; Users mailing list<br>&gt; Users@ovirt.org<br>&gt; http://lists.ovirt.org/mailman/listinfo/users<br></div></div></body></html>