Unable to login to the WEB UI
After the upgrad, I'm unable to log in, I'm getting the following error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Where should I look to correct that ?
Hi, are you using HTTPS certificate signed by external CA? If so please follow steps described in Doc Text of https://bugzilla.redhat.com/show_bug.cgi?id=1336838 Thanks Martin Perina On Wed, Aug 3, 2016 at 1:18 PM, Fabrice Bacchella < fabrice.bacchella@icloud.com> wrote:
After the upgrad, I'm unable to log in, I'm getting the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Where should I look to correct that ? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Indeed, the certificate for the web interface is not coming from ovirt's internal PKI, but from our own internal one. I have a custom trust store not located in /etc/pki/java/cacerts, I did try to add ENGINE_PROPERTIES="${ENGINE_PROPERTIES} javax.net.ssl.trustStore=.../allmyca.jks javax.net.ssl.trustStorePassword=''" in a file in /etc/ovirt-engine/engine.conf.d but it didn't help. Can I add them in /etc/pki/ovirt-engine/.truststore ?
Le 3 août 2016 à 13:22, Martin Perina <mperina@redhat.com> a écrit :
Hi,
are you using HTTPS certificate signed by external CA? If so please follow steps described in Doc Text of
https://bugzilla.redhat.com/show_bug.cgi?id=1336838
Thanks
Martin Perina
On Wed, Aug 3, 2016 at 1:18 PM, Fabrice Bacchella <fabrice.bacchella@icloud.com> wrote: After the upgrad, I'm unable to log in, I'm getting the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Where should I look to correct that ? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, please follow steps as described in BZ: 1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content: ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>" 2. Restart the engine If the above doesn't work please attach server.log/engine.log Thanks Martin Perina On Wed, Aug 3, 2016 at 2:49 PM, Fabrice Bacchella < fabrice.bacchella@icloud.com> wrote:
Indeed, the certificate for the web interface is not coming from ovirt's internal PKI, but from our own internal one.
I have a custom trust store not located in /etc/pki/java/cacerts, I did try to add ENGINE_PROPERTIES="${ENGINE_PROPERTIES} javax.net.ssl.trustStore=.../allmyca.jks javax.net.ssl.trustStorePassword=''" in a file in /etc/ovirt-engine/engine.conf.d but it didn't help.
Can I add them in /etc/pki/ovirt-engine/.truststore ?
Le 3 août 2016 à 13:22, Martin Perina <mperina@redhat.com> a écrit :
Hi,
are you using HTTPS certificate signed by external CA? If so please
follow steps described in Doc Text of
https://bugzilla.redhat.com/show_bug.cgi?id=1336838
Thanks
Martin Perina
On Wed, Aug 3, 2016 at 1:18 PM, Fabrice Bacchella <
fabrice.bacchella@icloud.com> wrote:
After the upgrad, I'm unable to log in, I'm getting the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Where should I look to correct that ? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Next step : The UI says, even with a restarted navigator: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2] I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to: https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US that then redirect to: https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10 And it fail with again with still: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2] Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why. I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.
Le 3 août 2016 à 15:09, Martin Perina <mperina@redhat.com> a écrit :
Hi, please follow steps as described in BZ:
1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:
ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"
2. Restart the engine
If the above doesn't work please attach server.log/engine.log
Thanks
Martin Perina
On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella < fabrice.bacchella@icloud.com> wrote:
Next step :
The UI says, even with a restarted navigator:
org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2]
I haven't seen this error before, could you please share server.log and engine.log?
I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to:
https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US that then redirect to:
And it fail with again with still: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2]
Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why.
You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that using ovirt-engine-rename tool, more info can be found at: https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostna... Also be aware that you need to use that engine FQDN to access oVirt 4.0
I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.
This is one of the oVirt 4.0 features, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it's officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that's true then please take a look at https://bugzilla.redhat.com/show_bug.cgi?id=1342192 there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).
Le 3 août 2016 à 15:09, Martin Perina <mperina@redhat.com> a écrit :
Hi, please follow steps as described in BZ:
1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:
ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"
2. Restart the engine
If the above doesn't work please attach server.log/engine.log
Thanks
Martin Perina
Good morning , "You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that using ovirt-engine-rename tool, more info can be found at: https://www.ovirt.org/documentation/how-to/networking/changing-engine- hostname/ " can I make the procedure with host and vms in production? Thanks. 2016-08-03 14:34 GMT-03:00 Martin Perina <mperina@redhat.com>:
On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella < fabrice.bacchella@icloud.com> wrote:
Next step :
The UI says, even with a restarted navigator:
org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2]
I haven't seen this error before, could you please share server.log and engine.log?
I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to: https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?& app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine% 2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US that then redirect to: https://realhost.mydomain:443/ovirt-engine/sso/oauth/ authorize?client_id=ovirt-engine-core&response_type= code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443% 2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope= ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth% 3Asequence-priority%3D%7E&state=5ku3vXkfb10
And it fail with again with still: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2]
Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why.
You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that using ovirt-engine-rename tool, more info can be found at:
https://www.ovirt.org/documentation/how-to/networking/changing-engine- hostname/
Also be aware that you need to use that engine FQDN to access oVirt 4.0
I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.
This is one of the oVirt 4.0 features, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it's officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that's true then please take a look at
https://bugzilla.redhat.com/show_bug.cgi?id=1342192
there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).
Le 3 août 2016 à 15:09, Martin Perina <mperina@redhat.com> a écrit :
Hi, please follow steps as described in BZ:
1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:
ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"
2. Restart the engine
If the above doesn't work please attach server.log/engine.log
Thanks
Martin Perina
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Le 10 ao=C3=BBt 2016 =C3=A0 17:30, Marcelo Leandro = <marceloltmm@gmail.com> a =C3=A9crit : =20 Good morning , =20 "You need to have correctly set up engine FQDN and it has to be = resolvable. If you don't have correctly set engine FQDN, you can fix =
=20 = https://www.ovirt.org/documentation/how-to/networking/changing-engine-host= name/ = <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos= tname/> " =20 can I make the procedure with host and vms in production? =20 Thanks. =20 2016-08-03 14:34 GMT-03:00 Martin Perina <mperina@redhat.com = <mailto:mperina@redhat.com>>: =20 =20 On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella = <fabrice.bacchella@icloud.com <mailto:fabrice.bacchella@icloud.com>> = wrote: Next step : =20 The UI says, even with a restarted navigator: =20 org.codehaus.jackson.JsonParseException: Unexpected character ('<' = (code 60)): expected a valid value (number, String, array, object, = 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; =
=20 =E2=80=8BI haven't seen this error before, could you please share = server.log and engine.log? =E2=80=8B=20 =20 =20 I shift-reload, got a welcome screen, click on "Administration =
= https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=3Dhttps%3A= %2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=3D= en_US = <https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=3Dhttps%3= A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale= =3Den_US> that then redirect to: = https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=3D= ovirt-engine-core&response_type=3Dcode&redirect_uri=3Dhttps%3A%2F%2Fovirt.= mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=3Do= virt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E= &state=3D5ku3vXkfb10 = <https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_id=3Dov= irt-engine-core&response_type=3Dcode&redirect_uri=3Dhttps%3A%2F%2Fovirt.my= domain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=3Dovi= rt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&s= tate=3D5ku3vXkfb10> =20 And it fail with again with still: org.codehaus.jackson.JsonParseException: Unexpected character ('<' = (code 60)): expected a valid value (number, String, array, object, = 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; =
=20 Many requests were send to ovirt.mydomain, but just one to = realhost.mydomain:443, I don't know why. =20 =E2=80=8BYou need to have correctly set up engine FQDN and it has to = be resolvable. If you don't have correctly set engine FQDN, you can fix =
--Apple-Mail=_FD9339EF-8F59-4AFB-9484-EACD0D63D5BA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I'm not sure it's a good idea if you're running 4.0. This procedure does = half of the job as it don't touch the custom java trust store and = missing parts are mandatory for ovirt 4. So I'm now stuck with an = unreachable UI after an upgrade and I don't know if I can roll back.=20 that =E2=80=8B=E2=80=8Busing ovirt=E2=80=8B-engine-rename tool, more = info can be found at: line: 3, column: 2] portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", = but I got a redirect to: line: 3, column: 2]=E2=80=8B=20 that =E2=80=8B=E2=80=8Busing ovirt=E2=80=8B-engine-rename tool, more = info can be found at:
=20 = https://www.ovirt.org/documentation/how-to/networking/changing-engine-host= name/ = <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos= tname/> =20 Also be aware that you need to use that engine FQDN to access oVirt = 4.0 =20 =20 I didn't ask for any SSO, I already use my own (CAS), it was working = well and the update never ask for activating something new. =20 =E2=80=8BThis is one of the oVirt 4.0 features=E2=80=8B, we have = implemented OAUTH SSO for all engine parts: webadmin, userportal and = restapi. If you are using CAS (althought it's officially supported by = oVirt), that probably means you have configured cas authentication on = Apache, passing authenticated username using aaa-misc as authn extension = and aaa-ldap as authz extension (to get group memberships for = authenticated user). If that's true then please take a look at=20 =20 https://bugzilla.redhat.com/show_bug.cgi?id=3D1342192 = <https://bugzilla.redhat.com/show_bug.cgi?id=3D1342192> =20 there are some changes on Apache configuration (the bug is for = kerberos, but I suspect similar config is needed also for cas module in = apache). =20 =20 =20
Le 3 ao=C3=BBt 2016 =C3=A0 15:09, Martin Perina <mperina@redhat.com = <mailto:mperina@redhat.com>> a =C3=A9crit :
Hi, please follow steps as described in BZ:
1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf = (you may choose different filename but it has to end with '.conf' = suffix) with following content:
ENGINE_HTTPS_PKI_TRUST_STORE=3D"<full path to your java keystore>" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=3D"<password to your java = keystore>"
2. Restart the engine
If the above doesn't work please attach server.log/engine.log
Thanks
Martin Perina =20 =20 =20
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users = <http://lists.ovirt.org/mailman/listinfo/users> =20 =20
--Apple-Mail=_FD9339EF-8F59-4AFB-9484-EACD0D63D5BA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><div class=3D"">I'm not sure it's a good idea if you're = running 4.0. This procedure does half of the job as it don't touch the = custom java trust store and missing parts are mandatory for ovirt 4. So = I'm now stuck with an unreachable UI after</div><div class=3D"">an = upgrade and I don't know if I can roll back. </div><br = class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">Le = 10 ao=C3=BBt 2016 =C3=A0 17:30, Marcelo Leandro <<a = href=3D"mailto:marceloltmm@gmail.com" = class=3D"">marceloltmm@gmail.com</a>> a =C3=A9crit :</div><br = class=3D"Apple-interchange-newline"><div class=3D""><div dir=3D"ltr" = class=3D""><div class=3D""><div class=3D"">Good morning ,<br = class=3D""><br class=3D"">"You need to have correctly set up engine FQDN and it has to be resolvable.=20= If you don't have correctly set engine FQDN, you can fix that = =E2=80=8B=E2=80=8Busing ovirt=E2=80=8B-engine-rename tool, more info can = be found at:<br class=3D""><br class=3D""><a = href=3D"https://www.ovirt.org/documentation/how-to/networking/changing-eng= ine-hostname/" target=3D"_blank" class=3D"">https://www.ovirt.org/<wbr = class=3D"">documentation/how-to/<wbr class=3D"">networking/<span = class=3D"">changing</span>-engine-<wbr class=3D""><span = class=3D"">hostname</span>/</a> "<br class=3D""><br class=3D""></div>can = I make the procedure with host and vms in production?<br class=3D""><br = class=3D""></div>Thanks.<br class=3D""></div><div = class=3D"gmail_extra"><br class=3D""><div class=3D"gmail_quote">2016-08-03= 14:34 GMT-03:00 Martin Perina <span dir=3D"ltr" class=3D""><<a = href=3D"mailto:mperina@redhat.com" target=3D"_blank" = class=3D"">mperina@redhat.com</a>></span>:<br class=3D""><blockquote = class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc = solid;padding-left:1ex"><div dir=3D"ltr" class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif"><br class=3D""></div><div= class=3D"gmail_extra"><br class=3D""><div class=3D"gmail_quote"><span = class=3D"">On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <span = dir=3D"ltr" class=3D""><<a href=3D"mailto:fabrice.bacchella@icloud.com"= target=3D"_blank" class=3D"">fabrice.bacchella@icloud.com</a>></span> = wrote:<br class=3D""><blockquote class=3D"gmail_quote" style=3D"margin:0px= 0px 0px 0.8ex;border-left:1px solid = rgb(204,204,204);padding-left:1ex">Next step :<br class=3D""> <br class=3D""> The UI says, even with a restarted navigator:<br class=3D""> <br class=3D""> org.codehaus.jackson.<wbr class=3D"">JsonParseException: Unexpected = character ('<' (code 60)): expected a valid value (number, String, = array, object, 'true', 'false' or 'null') at [Source: = java.io.StringReader@74749f78; line: 3, column: 2]<br = class=3D""></blockquote></span><div class=3D""><br class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8BI= haven't seen this error before, could you please share server.log and = engine.log?<br class=3D"">=E2=80=8B</div> </div><span = class=3D""><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px = 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br class=3D""> <br class=3D""> I shift-reload, got a welcome screen, click on "Administration portal". = I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got = a redirect to:<br class=3D""> <a = href=3D"https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_ur= l=3Dhttps%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3De= n_US&locale=3Den_US" rel=3D"noreferrer" target=3D"_blank" = class=3D"">https://ovirt.mydomain/ovirt-<wbr = class=3D"">engine/webadmin/sso/login?&<wbr = class=3D"">app_url=3Dhttps%3A%2F%2Fovirt.<wbr = class=3D"">mydomain%2Fovirt-engine%<wbr = class=3D"">2Fwebadmin%2F%3Flocale%3Den_<wbr = class=3D"">US&locale=3Den_US</a><br class=3D""> that then redirect to:<br class=3D""> <a = href=3D"https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_= id=3Dovirt-engine-core&response_type=3Dcode&redirect_uri=3Dhttps%3= A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callb= ack&scope=3Dovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequen= ce-priority%3D%7E&state=3D5ku3vXkfb10" rel=3D"noreferrer" = target=3D"_blank" class=3D"">https://realhost.mydomain:443/<wbr = class=3D"">ovirt-engine/sso/oauth/<wbr = class=3D"">authorize?client_id=3Dovirt-<wbr = class=3D"">engine-core&response_type=3D<wbr = class=3D"">code&redirect_uri=3Dhttps%3A%2F%<wbr = class=3D"">2Fovirt.mydomain%3A443%<wbr = class=3D"">2Fovirt-engine%2Fwebadmin%<wbr = class=3D"">2Fsso%2Foauth2-callback&scope=3D<wbr = class=3D"">ovirt-app-admin+ovirt-app-<wbr = class=3D"">portal+ovirt-ext%3Dauth%<wbr = class=3D"">3Asequence-priority%3D%7E&<wbr = class=3D"">state=3D5ku3vXkfb10</a><br class=3D""> <br class=3D""> And it fail with again with still:<br class=3D""> org.codehaus.jackson.<wbr class=3D"">JsonParseException: Unexpected = character ('<' (code 60)): expected a valid value (number, String, = array, object, 'true', 'false' or 'null') at [Source: = java.io.StringReader@328a4512; line: 3, column: = 2]=E2=80=8B </blockquote><blockquote class=3D"gmail_quote" = style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid = rgb(204,204,204);padding-left:1ex"> <br class=3D""> Many requests were send to ovirt.mydomain, but just one to = realhost.mydomain:443, I don't know why.<br = class=3D""></blockquote></span><div class=3D""><br class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8BY= ou need to have correctly set up engine FQDN and it has to be = resolvable. If you don't have correctly set engine FQDN, you can fix = that =E2=80=8B</div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8Bu= sing ovirt=E2=80=8B-engine-rename tool, more info can be found at:<br = class=3D""><br class=3D""><a = href=3D"https://www.ovirt.org/documentation/how-to/networking/changing-eng= ine-hostname/" target=3D"_blank" class=3D"">https://www.ovirt.org/<wbr = class=3D"">documentation/how-to/<wbr = class=3D"">networking/changing-engine-<wbr class=3D"">hostname/</a><br = class=3D""><br class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">Also be = aware that you need to use that engine FQDN to access oVirt 4.0<br = class=3D""><br class=3D""></div></div><span class=3D""><blockquote = class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px = solid rgb(204,204,204);padding-left:1ex"> <br class=3D""> I didn't ask for any SSO, I already use my own (CAS), it was working = well and the update never ask for activating something new.<br = class=3D""></blockquote></span><div class=3D""><br class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8BT= his is one of the oVirt 4.0 features=E2=80=8B, we have implemented OAUTH = SSO for all engine parts: webadmin, userportal and restapi. If you are = using CAS (althought it's officially supported by oVirt), that probably = means you have configured cas authentication on Apache, passing = authenticated username using aaa-misc as authn extension and aaa-ldap as = authz extension (to get group memberships for authenticated user). If = that's true then please take a look at <br class=3D""><br class=3D""><a = href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D1342192" = target=3D"_blank" class=3D"">https://bugzilla.redhat.com/<wbr = class=3D"">show_bug.cgi?id=3D1342192</a><br class=3D""><br = class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">there = are some changes on Apache configuration (the bug is for kerberos, but I = suspect similar config is needed also for cas module in apache).<br = class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline"><br = class=3D""></div></div><span class=3D""><blockquote class=3D"gmail_quote" = style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid = rgb(204,204,204);padding-left:1ex"> <br class=3D""> <br class=3D""> > Le 3 ao=C3=BBt 2016 =C3=A0 15:09, Martin Perina <<a = href=3D"mailto:mperina@redhat.com" target=3D"_blank" = class=3D"">mperina@redhat.com</a>> a =C3=A9crit :<br class=3D""> ><br class=3D""> > Hi,<br class=3D""> > please follow steps as described in BZ:<br class=3D""> ><br class=3D""> > 1. Create /etc/ovirt-engine/engine.conf.<wbr = class=3D"">d/99-custom-truststore.conf (you may choose different = filename but it has to end with '.conf' suffix) with following = content:<br class=3D""> ><br class=3D""> > ENGINE_HTTPS_PKI_TRUST_STORE=3D<wbr class=3D"">"<full = path to your java keystore>"<br class=3D""> > ENGINE_HTTPS_PKI_TRUST_STORE_<wbr = class=3D"">PASSWORD=3D"<password to your java keystore>"<br = class=3D""> ><br class=3D""> > 2. Restart the engine<br class=3D""> ><br class=3D""> > If the above doesn't work please attach server.log/engine.log<br = class=3D""> ><br class=3D""> > Thanks<br class=3D""> ><br class=3D""> > Martin Perina<br class=3D""> <br class=3D""> </blockquote></span></div><br class=3D""></div></div> <br class=3D"">______________________________<wbr = class=3D"">_________________<br class=3D""> Users mailing list<br class=3D""> <a href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D""> <a href=3D"http://lists.ovirt.org/mailman/listinfo/users" = rel=3D"noreferrer" target=3D"_blank" = class=3D"">http://lists.ovirt.org/<wbr = class=3D"">mailman/listinfo/users</a><br class=3D""> <br class=3D""></blockquote></div><br class=3D""></div> </div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_FD9339EF-8F59-4AFB-9484-EACD0D63D5BA--
participants (3)
-
Fabrice Bacchella -
Marcelo Leandro -
Martin Perina