[joe@ose3-master ~]$ oc version oc v3.0.2.903 kubernetes v1.2.0-alpha.1-1107-g4c8e6f4 atomic-openshift-3.0.2.903-0.git.0.a4ff36b.el7aos.x86_64 atomic-openshift-clients-3.0.2.903-0.git.0.a4ff36b.el7aos.x86_64 atomic-openshift-master-3.0.2.903-0.git.0.a4ff36b.el7aos.x86_64 atomic-openshift-node-3.0.2.903-0.git.0.a4ff36b.el7aos.x86_64 atomic-openshift-sdn-ovs-3.0.2.903-0.git.0.a4ff36b.el7aos.x86_64 tuned-profiles-atomic-openshift-node-3.0.2.903-0.git.0.a4ff36b.el7aos.x86_64 [joe@ose3-master ~]$ oc login -u joe -p redhat --certificate-authority=/etc/origin/master/ca.crt --server=https://ose3-master.example.com:8443 --loglevel=8 [1045/4640] I1024 14:29:18.537688 12027 debugging.go:99] GET https://ose3-master.example.com:8443/ I1024 14:29:18.537738 12027 debugging.go:106] Request Headers: I1024 14:29:18.537742 12027 debugging.go:109] User-Agent: oc/v3.0.2.903 (linux/amd64) openshift/a4ff36b I1024 14:29:18.553664 12027 debugging.go:124] Response Status: 200 OK in 15 milliseconds I1024 14:29:18.553687 12027 debugging.go:127] Response Headers: I1024 14:29:18.553691 12027 debugging.go:130] Content-Type: application/json I1024 14:29:18.553695 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.553698 12027 debugging.go:130] Content-Length: 196 I1024 14:29:18.553717 12027 request.go:777] Response Body: { "paths": [ "/api", "/api/v1", "/controllers", "/healthz", "/healthz/ping", "/logs/", "/metrics", "/ready", "/oapi", "/oapi/v1", "/swaggerapi/" ] } I1024 14:29:18.553979 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.553987 12027 debugging.go:106] Request Headers: I1024 14:29:18.553990 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.555529 12027 debugging.go:124] Response Status: 401 Unauthorized in 1 milliseconds I1024 14:29:18.555551 12027 debugging.go:127] Response Headers: I1024 14:29:18.555558 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.555561 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.555565 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.555569 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.555619 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.555624 12027 debugging.go:106] Request Headers: I1024 14:29:18.555627 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.555630 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.556814 12027 debugging.go:124] Response Status: 401 Unauthorized in 1 milliseconds I1024 14:29:18.556825 12027 debugging.go:127] Response Headers: I1024 14:29:18.556829 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.556833 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.556836 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.556839 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.556872 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.556877 12027 debugging.go:106] Request Headers: I1024 14:29:18.556880 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.556883 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.557729 12027 debugging.go:124] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:29:18.557738 12027 debugging.go:127] Response Headers: I1024 14:29:18.557742 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.557745 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.557749 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.557752 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.557779 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.557783 12027 debugging.go:106] Request Headers: I1024 14:29:18.557786 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.557789 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.558646 12027 debugging.go:124] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:29:18.558656 12027 debugging.go:127] Response Headers: I1024 14:29:18.558660 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.558664 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.558667 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.558677 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.558697 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.558701 12027 debugging.go:106] Request Headers: I1024 14:29:18.558704 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.558707 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.559406 12027 debugging.go:124] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:29:18.559416 12027 debugging.go:127] Response Headers: I1024 14:29:18.559419 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.559423 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.559426 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.559429 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.559456 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.559460 12027 debugging.go:106] Request Headers: I1024 14:29:18.559463 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.559466 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.560022 12027 debugging.go:124] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:29:18.560031 12027 debugging.go:127] Response Headers: I1024 14:29:18.560035 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.560039 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.560042 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.560045 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.560070 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.560075 12027 debugging.go:106] Request Headers: I1024 14:29:18.560078 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.560081 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.560631 12027 debugging.go:124] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:29:18.560640 12027 debugging.go:127] Response Headers: I1024 14:29:18.560643 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.560647 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.560650 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.560654 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.560678 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1024 14:29:18.560682 12027 debugging.go:106] Request Headers: I1024 14:29:18.560685 12027 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1024 14:29:18.560688 12027 debugging.go:109] X-Csrf-Token: 1 I1024 14:29:18.561225 12027 debugging.go:124] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:29:18.561234 12027 debugging.go:127] Response Headers: I1024 14:29:18.561237 12027 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1024 14:29:18.561241 12027 debugging.go:130] Date: Sat, 24 Oct 2015 18:29:18 GMT I1024 14:29:18.561245 12027 debugging.go:130] Content-Length: 0 I1024 14:29:18.561248 12027 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1024 14:29:18.561275 12027 debugging.go:99] GET https://ose3-master.example.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client ..... Older OC works, sort-of: oc v3.0.1.0-503-g7cc6deb kubernetes v1.0.0 [thoraxe@t440 ~]$ oc login https://ose3-master.example.com:8443 --loglevel=8 I1024 14:33:03.586116 17110 debugging.go:98] GET https://ose3-master.example.com:8443/osapi I1024 14:33:03.586174 17110 debugging.go:105] Request Headers: I1024 14:33:03.586182 17110 debugging.go:108] User-Agent: oc/v3.0.1.0 (linux/amd64) openshift/7cc6deb I1024 14:33:03.602746 17110 debugging.go:123] Response Status: in 16 milliseconds I1024 14:33:03.602775 17110 debugging.go:126] Response Headers: The server uses a certificate signed by an unknown authority. You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n): y Username: joe I1024 14:33:06.252116 17110 debugging.go:98] GET https://ose3-master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token I1024 14:33:06.252128 17110 debugging.go:105] Request Headers: I1024 14:33:06.252132 17110 debugging.go:108] X-Csrf-Token: 1 I1024 14:33:06.269955 17110 debugging.go:123] Response Status: 401 Unauthorized in 17 milliseconds I1024 14:33:06.269971 17110 debugging.go:126] Response Headers: I1024 14:33:06.269985 17110 debugging.go:129] Www-Authenticate: Basic realm="openshift" I1024 14:33:06.269989 17110 debugging.go:129] Date: Sat, 24 Oct 2015 18:33:05 GMT I1024 14:33:06.269993 17110 debugging.go:129] Content-Length: 0 I1024 14:33:06.269996 17110 debugging.go:129] Content-Type: text/plain; charset=utf-8 Authentication required for https://ose3-master.example.com:8443 (openshift) Password: I1024 14:33:08.468086 17110 debugging.go:98] GET https://ose3-master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token I1024 14:33:08.468096 17110 debugging.go:105] Request Headers: I1024 14:33:08.468100 17110 debugging.go:108] X-Csrf-Token: 1 I1024 14:33:08.468106 17110 debugging.go:108] Authorization: Basic am9lOnJlZGhhdA== I1024 14:33:08.468986 17110 debugging.go:123] Response Status: 401 Unauthorized in 0 milliseconds I1024 14:33:08.469000 17110 debugging.go:126] Response Headers: I1024 14:33:08.469004 17110 debugging.go:129] Date: Sat, 24 Oct 2015 18:33:07 GMT I1024 14:33:08.469008 17110 debugging.go:129] Content-Length: 0 I1024 14:33:08.469011 17110 debugging.go:129] Content-Type: text/plain; charset=utf-8 I1024 14:33:08.469015 17110 debugging.go:129] Www-Authenticate: Basic realm="openshift" I1024 14:33:08.469025 17110 request.go:777] Response Body: I1024 14:33:08.469040 17110 request.go:834] Response Body: Login failed (401 Unauthorized) So, definitely we should be unauthorized, but the infinite loop is... not good.
This was fixed in Origin yesterday (https://bugzilla.redhat.com/show_bug.cgi?id=1273623), waiting for a new OSE build.
Now there are no infinite loops,so verify this bug. $ oc version oc v3.0.2.903-29-g49953d6 kubernetes v1.2.0-alpha.1-1107-g4c8e6f4 $ oc login --server=localhost:8443 --loglevel=8 I1026 13:24:58.972504 24589 debugging.go:99] GET https://localhost:8443/ I1026 13:24:58.972573 24589 debugging.go:106] Request Headers: I1026 13:24:58.972586 24589 debugging.go:109] User-Agent: oc/v3.0.2.903 (linux/amd64) openshift/49953d6 I1026 13:24:59.006218 24589 debugging.go:124] Response Status: in 33 milliseconds I1026 13:24:59.006258 24589 debugging.go:127] Response Headers: I1026 13:24:59.006398 24589 debugging.go:99] GET https://localhost:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1026 13:24:59.006415 24589 debugging.go:106] Request Headers: I1026 13:24:59.006425 24589 debugging.go:109] X-Csrf-Token: 1 I1026 13:24:59.066322 24589 debugging.go:124] Response Status: 401 Unauthorized in 59 milliseconds I1026 13:24:59.066367 24589 debugging.go:127] Response Headers: I1026 13:24:59.066379 24589 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1026 13:24:59.066391 24589 debugging.go:130] Date: Mon, 26 Oct 2015 05:25:05 GMT I1026 13:24:59.066400 24589 debugging.go:130] Content-Length: 0 I1026 13:24:59.066410 24589 debugging.go:130] Content-Type: text/plain; charset=utf-8 Authentication required for https://localhost:8443 (openshift) Username: joe Password: I1026 13:25:08.313810 24589 debugging.go:99] GET https://localhost:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client I1026 13:25:08.313849 24589 debugging.go:106] Request Headers: I1026 13:25:08.313868 24589 debugging.go:109] X-Csrf-Token: 1 I1026 13:25:08.313887 24589 debugging.go:109] Authorization: Basic am9lOnJlZGhhdA== I1026 13:25:08.316699 24589 debugging.go:124] Response Status: 401 Unauthorized in 2 milliseconds I1026 13:25:08.316764 24589 debugging.go:127] Response Headers: I1026 13:25:08.316787 24589 debugging.go:130] Content-Length: 0 I1026 13:25:08.316808 24589 debugging.go:130] Content-Type: text/plain; charset=utf-8 I1026 13:25:08.316829 24589 debugging.go:130] Www-Authenticate: Basic realm="openshift" I1026 13:25:08.316850 24589 debugging.go:130] Date: Mon, 26 Oct 2015 05:25:14 GMT I1026 13:25:08.316931 24589 basicauth.go:42] already prompted for challenge, won't prompt again Login failed (401 Unauthorized)
This fix is available in OpenShift Enterprise 3.1.