Looking at the error message again it says 'Unsupported command',
Can you please share your properties files? I think that you have
misconfugred it, I guess you use for example AuthzExtension instead
of AuthnExtension or vice versa, maybe misconfigured mapping.
On Fri, Feb 10, 2017 at 6:28 PM, Slava Bendersky <volga629(a)networklab.ca> wrote:
Hello Ondra,
I tried increase logging and command fail
"outcome" => "failed",
"failure-description" => "WFLYCTL0216: Management resource '[
(\"subsystem\" => \"logging\"),
(\"logger\" => \"org.ovirt.engine.core.sso\")
]' not found",
"rolled-back" => true
}
Slava,
________________________________
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>
Sent: Thursday, February 9, 2017 2:31:16 PM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
Can you please enable DEBUG log of the SSO package and try login and
then share the logs, please?
You can enable the debug log as following (use admin@internal password):
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &&
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"
After tests you can disable it later as follows:
$ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"
On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629(a)networklab.ca>
wrote:
> Hello Everyone,
> Anything else possible to check ?
>
> Slava.
>
> ________________________________
> From: "Slava Bendersky" <volga629(a)networklab.ca>
> To: "Ondra Machacek" <omachace(a)redhat.com>
> Cc: "users" <users(a)ovirt.org>
> Sent: Saturday, February 4, 2017 2:27:31 PM
>
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
> Hello Ondra,
> Log is empty
>
> [root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
> -rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
>
> Slava.
>
> ________________________________
> From: "Ondra Machacek" <omachace(a)redhat.com>
> To: "Slava Bendersky" <volga629(a)networklab.ca>
> Cc: "users" <users(a)ovirt.org>, "Ravi"
<rnori(a)redhat.com>
> Sent: Saturday, February 4, 2017 10:35:31 AM
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
>
>
> On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629(a)networklab.ca>
wrote:
>
> Hello Everyone,
> Having trouble implement FreeIPA authentication with GSSAPI SSO and
> ovirt
> 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
> log to web admin with internal user and added FeeIPA user as SuperUser
> role.
> Also I added under System FreeIPA group authorized to login on any attempt
> to login with FreeIPA credentials getting message
>
>
> 2017-02-04 00:03:08,464Z ERROR
> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default
> task-6)
> [] Internal Server Error: Unsupported command
> 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-6) [] Unsupported command
> 2017-02-04 00:03:08,659Z ERROR
> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3)
> []
> server_error: Unsupported command
>
>
> Ravi, do you know what this can cause?
>
>
>
> Also when in extensions.d directory contain the following files. If I
> remove
> mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up
> in drop down list. Any http don't have influence on this.
>
>
> That is correct behavior, we dont show profiles, which uses http for
> authn.
>
>
> [root@vhe00 extensions.d]# pwd
> /etc/ovirt-engine/extensions.d
>
> [root@vhe00 extensions.d]# ls
> mydomain.lan-authn.properties mydomain.lan-http-authn.properties
> mydomain.lan.properties internal-authz.properties
> mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
> internal-authn.properties
> [root@vhe00 extensions.d]#
>
>
> If possible clarify how it should be and what is possible issue.
>
>
> Can you please take a look to /var/log/httpd/ssl_error_log if any errors
> there?
>
>
>
>
> Slava.
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users