Bug 996757

Summary: setup exiting out after generating token
Product: OKD Reporter: Lynn Root <lroot>
Component: Command Line InterfaceAssignee: Jordan Liggitt <jliggitt>
Status: CLOSED INSUFFICIENT_DATA QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.xCC: ccoleman, dpal
Target Milestone: ---Keywords: UpcomingRelease
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-05 19:39:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Lynn Root 2013-08-13 21:30:34 UTC
Description of problem:

When kinit'ed in locally as a user, a token during `rhc setup` can not be generated.  

Version-Release number of selected component (if applicable):

RHC version: 1.12.4

How reproducible:

Every time.

Steps to Reproduce:

1. Setup OpenShift Origin with the Broker to use `mod_auth_kerb` to defer to IPA/Kerberos for user authentication (how to here: http://www.freeipa.org/page/OpenShift_Broker_Apache_%2B_mod_auth_kerb_for_IdM)
2. `$ gem install rhc gssapi ffi`
3. `$ kinit $USER`
4. run `rhc setup` and answer "yes" to "Generate a token now? (yes|no)".

Actual results:

RHC setup returns with "Your authorization token is expired or invalid." then quits.  Tokens are in fact generated in the ~/.openshift/ folder.

Expected results:

rhc setup continues to setup the client.

Additional info:

Note: The above RHC steps should not ask for user/password.  The `kinit` on the local machine takes care of that for the user.

Related: In a different setup (client does not have gssapi & ffi rubygems installed), I was able to generate a token (based on user/pass login rather than kinit'ing) through rhc setup.  I then ran `rhc setup --token=$TOKEN_FILE` and get this error: `/usr/local/share/gems/gems/httpclient-2.3.3/lib/httpclient/auth.rb:197: stack level too deep (SystemStackError)`

Comment 1 Clayton Coleman 2013-08-19 20:04:41 UTC
I think this may be a config issue - you have to pass through requests containing Authorization: Bearer * to the backend.