Hide Forgot
After installation it is possible to log to RTGov console but whenever a user tries to add gadgets and use the server throws an exception and no data are available 08:41:11,041 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/gadget-web].[ServiceOverviewProxyServlet]] (http-/127.0.0.1:8080-7) JBWEB000236: Servlet.service() for servlet ServiceOverviewProxyServlet threw exception: java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8080/overlord-rtgov/service/dependency/overview?width=300 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1625) [rt.jar:1.7.0_25] at org.overlord.gadgets.web.server.servlets.RestProxyServlet.doGet(RestProxyServlet.java:114) [classes:] at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.shindig.gadgets.servlet.ETagFilter.doFilter(ETagFilter.java:55) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Created attachment 802199 [details] standalone.xml patch The problem is that authentication has been switched over to SAML bearer token authentication (which does not require any credentials to be stored in the gadget server configuration file). However, the gadget server has not been added as a recognized SAML assertion issuer in the overlord service provider login module configuration in standalone.xml. This patch should fix the problem.
This change will require updates to the sramp cli-scripts used in the installer.
In order to unblock testing - please document how QE can correct the script to workaround the bug.
You could apply the attached patch to standalone.xml after installation of FSW is complete.
Within jboss-eap-6.1/cli-scripts/overlord-addSecurityDomains.cli, the final line needs to change from /subsystem=security/security-domain=overlord-jaxrs/authentication=classic:add(login-modules=[{code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule",flag=sufficient,module-options={allowedIssuers="/s-ramp-ui,/s-ramp-governance,/dtgov-ui"}},{code=UsersRoles,flag=sufficient,module-options={usersProperties="${jboss.server.config.dir}/overlord-idp-users.properties",rolesProperties="${jboss.server.config.dir}/overlord-idp-roles.properties"}}] to /subsystem=security/security-domain=overlord-jaxrs/authentication=classic:add(login-modules=[{code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule",flag=sufficient,module-options={allowedIssuers="/s-ramp-ui,/s-ramp-governance,/dtgov-ui,/gadget-web"}},{code=UsersRoles,flag=sufficient,module-options={usersProperties="${jboss.server.config.dir}/overlord-idp-users.properties",rolesProperties="${jboss.server.config.dir}/overlord-idp-roles.properties"}}]
Not sure I should be assigned to this bug, by the way
I can confirm the patch fixes the issues.
Fixed by 4c5c41b0a6c0f6c198de2731a86d6e493b405f71
Verified in ER4 04-Oct-2013 04:44