[ovirt-users] Unable to login to the WEB UI

[Martin Perina]

On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <
fabrice.bacchella at icloud.com> wrote:

> Next step :
>
> The UI says, even with a restarted navigator:
>
> org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code
> 60)): expected a valid value (number, String, array, object, 'true',
> 'false' or 'null') at [Source: java.io.StringReader at 74749f78; line: 3,
> column: 2]
>

​I haven't seen this error before, could you please share server.log and
engine.log?
​


>
>
> I shift-reload, got a welcome screen, click on "Administration portal". I
> then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a
> redirect to:
>
> https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US
> that then redirect to:
>
> https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10
>
> And it fail with again with still:
> org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code
> 60)): expected a valid value (number, String, array, object, 'true',
> 'false' or 'null') at [Source: java.io.StringReader at 328a4512; line: 3,
> column: 2]​


> Many requests were send to ovirt.mydomain, but just one to
> realhost.mydomain:443, I don't know why.
>

​You need to have correctly set up engine FQDN and it has to be resolvable.
If you don't have correctly set engine FQDN, you can fix that ​
​using ovirt​-engine-rename tool, more info can be found at:

https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/

Also be aware that you need to use that engine FQDN to access oVirt 4.0


> I didn't ask for any SSO, I already use my own (CAS), it was working well
> and the update never ask for activating something new.
>

​This is one of the oVirt 4.0 features​, we have implemented OAUTH SSO for
all engine parts: webadmin, userportal and restapi. If you are using CAS
(althought it's officially supported by oVirt), that probably means you
have configured cas authentication on Apache, passing authenticated
username using aaa-misc as authn extension and aaa-ldap as authz extension
(to get group memberships for authenticated user). If that's true then
please take a look at

https://bugzilla.redhat.com/show_bug.cgi?id=1342192

there are some changes on Apache configuration (the bug is for kerberos,
but I suspect similar config is needed also for cas module in apache).


>
> > Le 3 août 2016 à 15:09, Martin Perina <mperina at redhat.com> a écrit :
> >
> > Hi,
> > please follow steps as described in BZ:
> >
> > 1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you
> may choose different filename but it has to end with '.conf' suffix) with
> following content:
> >
> >   ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>"
> >   ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java
> keystore>"
> >
> > 2. Restart the engine
> >
> > If the above doesn't work please attach server.log/engine.log
> >
> > Thanks
> >
> > Martin Perina
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160803/c19a0072/attachment-0001.html>