[ovirt-users] ovirtvm-console : Failed to execute login on behalf - for user

Nathanaël Blanchet blanchet at abes.fr
Tue Mar 28 15:50:43 UTC 2017 

Hi,

I was trying 4.1 beta on a dev plateform in january when I first wrote 
about this bug.

I'm now in 4.1 production, and the bug becomes really annoying with 
serial console. Fortunately I can successfully continue to log into 
webadmin with the same login.

ssh -vvv tells me the authentication succeeded, so it is nothing to do 
with any special character in my password.

Here are my credentials:

[oVirt shell (connected)]# list users --show-all --kwargs 
"last_name=*Blanchet"

id                        : aa47e979-713b-421b-bee2-8c547c1ca57f
name                      : Nathanaël
domain-id                 : 616265732E66722D617574687A
domain-name               : abes.fr-authz
domain_entry_id           : 4634733074656957673061686946612B6E58416939773D3D
email                     : blanchet at abes.fr
last_name                 : Blanchet
namespace                 : DC=levant,DC=abes,DC=fr
principal                 : sblanchet at levant.abes.fr
user_name                 : sblanchet at levant.abes.fr@abes.fr-authz

They are exaclty the same as my colleague who succeeds to authenticate 
with ssh

[oVirt shell (connected)]# list users --show-all --kwargs "last_name=Couren"

id                        : 53c70b4a-e8e3-4fd3-b8db-cd518fc1a372
name                      : Michaël
domain-id                 : 616265732E66722D617574687A
domain-name               : abes.fr-authz
domain_entry_id           : 497338714735756636554F684255526544384F7476673D3D
email                     : couren at abes.fr
last_name                 : Couren
namespace                 : DC=levant,DC=abes,DC=fr
principal                 : scouren at levant.abes.fr
user_name                 : scouren at levant.abes.fr@abes.fr-auth

Is there anything new?


Le 02/03/2017 à 12:21, Eduardo Mayoral a écrit :
>
> Hi,
>
>     I am getting exactly the same issue here with 4.1 , when trying to 
> log in to the serial console over SSH.
>
>
> The user with domain is "emayoral_adm at arsyslan.es" (please note 
> mailman may translate the "at" character to a textual "_at_"). The 
> First name and last name as read from active directory is "Eduardo 
> Mayoral" (with no quotes)
>
> The password is: 08.HJYqoce,nrW (OK, this is not the real password, 
> but it has the same special characters and approximate structure and 
> length)
>
> This is the engine.log output.
>
> 2017-03-02 11:13:31,917Z INFO 
> [org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand] (default task-25) 
> [5d9b7d18] Running command: LoginOnBehalfCommand internal: true.
> 2017-03-02 11:13:31,938Z ERROR 
> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-33) [] 
> OAuthException server_error: java.text.ParseException: Invalid 
> character ' ' encountered.
> 2017-03-02 11:13:31,939Z ERROR 
> [org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand] (default task-25) 
> [5d9b7d18] Unable to create engine session: EngineException:  user 
> emayoral_adm at arsyslan.es in domain 'arsyslan.es-authz (Failed with 
> error PRINCIPAL_NOT_FOUND and code 5200)
> 2017-03-02 11:13:31,945Z ERROR 
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (default task-25) [5d9b7d18] EVENT_ID: 
> USER_LOGIN_ON_BEHALF_FAILED(1,402), Correlation ID: 5d9b7d18, Call 
> Stack: null, Custom Event ID: -1, Message: Failed to execute login on 
> behalf - for user emayoral_adm at arsyslan.es.
> 2017-03-02 11:13:31,945Z ERROR 
> [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default 
> task-25) [5d9b7d18] Error processing request: : 
> java.lang.RuntimeException: Unable to create session using LoginOnBehalf
>     at 
> org.ovirt.engine.core.services.VMConsoleProxyServlet.availableConsoles(VMConsoleProxyServlet.java:102) 
> [services.jar:]
>     at 
> org.ovirt.engine.core.services.VMConsoleProxyServlet.produceContentFromParameters(VMConsoleProxyServlet.java:177) 
> [services.jar:]
>     at 
> org.ovirt.engine.core.services.VMConsoleProxyServlet.doPost(VMConsoleProxyServlet.java:213) 
> [services.jar:]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) 
> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 
> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:66) 
> [utils.jar:]
>     at 
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) 
> [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805) 
> [undertow-core-1.4.0.Final.jar:1.4.0.Final]
>     at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
> [rt.jar:1.8.0_121]
>     at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
> [rt.jar:1.8.0_121]
>     at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121]
>
> Did you find the cause for this and possible fixes or workarounds?
>
>
> -- 
> Eduardo Mayoral Jimeno (emayoral at arsys.es)
> Administrador de sistemas. Departamento de Plataformas. Arsys internet.
> +34 941 620 145 ext. 5153

-- 
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 	
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanchet at abes.fr

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170328/ddedcf8a/attachment-0001.html>

More information about the Users mailing list