| Summary: | REST API authentication does not work for RTGov server | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Fuse Service Works 6 | Reporter: | Jiri Pechanec <jpechane> |
| Component: | Installer | Assignee: | Thomas Hauser <thauser> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Len DiMaggio <ldimaggi> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.0 GA | CC: | atangrin, soa-p-jira |
| Target Milestone: | ER8 | ||
| Target Release: | 6.0.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
The keystore is present when dtgov is installed but not when rtgov-only is installed. Thanks for finding this discrepancy. Fixed in 080dffb80c7c809ec760ce3f40c60d169367b43f Verified in ER8 |
A vault file is missing after default installation from installer Logged exception 09:50:21,004 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/gadget-web].[makeRequest]] (http-localhost/127.0.0.1:9080-3) JBWEB000236: Servlet.service() for servlet makeRequest threw exception: java.lang.RuntimeException: java.lang.Exception: No KeyStore found at path /home/jpechane/releases/er7/rtgov/jboss-eap-6.1/standalone/configuration/overlord-saml.keystore at org.overlord.gadgets.web.server.http.auth.SAMLBearerTokenAuthenticationProvider.createSAMLBearerTokenAssertion(SAMLBearerTokenAuthenticationProvider.java:88) [classes:] at org.overlord.gadgets.web.server.http.auth.SAMLBearerTokenAuthenticationProvider.provideAuthentication(SAMLBearerTokenAuthenticationProvider.java:72) [classes:] at org.overlord.gadgets.web.server.http.AuthenticatingHttpFetcher.fetch(AuthenticatingHttpFetcher.java:97) [classes:] at org.apache.shindig.gadgets.http.DefaultRequestPipeline.execute(DefaultRequestPipeline.java:108) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.shindig.gadgets.servlet.MakeRequestHandler.fetch(MakeRequestHandler.java:150) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.shindig.gadgets.servlet.MakeRequestServlet.doGet(MakeRequestServlet.java:55) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.shindig.gadgets.servlet.MakeRequestServlet.doPost(MakeRequestServlet.java:68) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4] at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.shindig.gadgets.servlet.ETagFilter.doFilter(ETagFilter.java:55) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.shindig.auth.AuthenticationServletFilter.callChain(AuthenticationServletFilter.java:151) [shindig-common-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.shindig.auth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:96) [shindig-common-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.shindig.common.servlet.HostFilter.doFilter(HostFilter.java:39) [shindig-common-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:499) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: java.lang.Exception: No KeyStore found at path /home/jpechane/releases/er7/rtgov/jboss-eap-6.1/standalone/configuration/overlord-saml.keystore at org.overlord.commons.auth.jboss7.SAMLBearerTokenUtil.loadKeystore(SAMLBearerTokenUtil.java:150) [overlord-commons-auth-1.1.0-redhat-4.jar:1.1.0-redhat-4] at org.overlord.gadgets.web.server.http.auth.SAMLBearerTokenAuthenticationProvider.createSAMLBearerTokenAssertion(SAMLBearerTokenAuthenticationProvider.java:84) [classes:] ... 34 more Security domain config <security-domain name="overlord-jaxrs" cache-type="default"> <authentication> <login-module code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule" flag="sufficient"> <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/> <module-option name="signatureRequired" value="true"/> <module-option name="keystorePath" value="${jboss.server.config.dir}/overlord-saml.keystore"/> <module-option name="keystorePassword" value="${VAULT::vault::saml-keystore.password::1}"/> <module-option name="keyAlias" value="overlord"/> <module-option name="keyPassword" value="${VAULT::overlord::overlord-alias.password::1}"/> </login-module> <login-module code="RealmDirect" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> File overlord-saml.keystore is missing