Bug 1491193 – Error getting when request token from web console

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1491193 - Error getting when request token from web console

Summary:	Error getting when request token from web console

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Auth (Show other bugs)
Sub Component:
Version:	3.7.0
Hardware:	All All

Priority	high Severity high
Target Milestone:	---
Target Release:	3.7.0
Assigned To:	Simo Sorce
QA Contact:	Chuan Yu
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-09-13 05:31 EDT by Chuan Yu
Modified:	2017-11-28 17:10 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: The secret for the private browser OAuth client was not correctly initialized. Consequence: The request token endpoint did not work. Fix: Correctly initialize the browser OAuth client on server start. Result: The request endpoint can be used to request tokens.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-11-28 17:10:32 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Origin (Github)	16078	None	None	None	2017-09-13 08:39 EDT
Origin (Github)	16109	None	None	None	2017-09-13 08:39 EDT
Origin (Github)	16146	None	None	None	2017-09-13 08:40 EDT
Red Hat Product Errata	RHSA-2017:3188	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-28 21:34:54 EST

Groups: None (edit)

Description Chuan Yu 2017-09-13 05:31:47 EDT

Description of problem:
Error getting when request token from web console

Version-Release number of selected component (if applicable):
openshift v3.7.0-0.125.0
kubernetes v1.7.0+695f48a16f
etcd 3.2.1

How reproducible:
always

Steps to Reproduce:
1.Request token from web console:

  https://master_url:8443/oauth/token/request

  input the username/password
2.
3.

Actual results:
Error getting token: The client is not authorized to request a token using this method

Expected results:
Token reqeust successfully.

Additional info:
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n<style>\n\tbody     { font-family: sans-serif; font-size: 14px; margin: 2em 2%; background-color: #F9F9F9; }\n\th2       { font-size: 1.4em;}\n\th3       { font-size: 1em; margin: 1.5em 0 0; }\n\tcode,pre { font-family: Menlo, Monaco, Consolas, monospace; }\n\tcode     { font-weight: 300; font-size: 1.5em; margin-bottom: 1em; display: inline-block;  color: #646464;  }\n\tpre      { padding-left: 1em; border-radius: 5px; color: #003d6e; background-color: #EAEDF0; padding: 1.5em 0 1.5em 4.5em; white-space: normal; text-indent: -2em; }\n\ta        { color: #00f; text-decoration: none; }\n\ta:hover  { text-decoration: underline; }\n\t@media (min-width: 768px) {\n\t\t.nowrap { white-space: nowrap; }\n\t}\n</style>\n\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n  "
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "Error getting token: The client is not authorized to request a token using this method."
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n\n<br><br>\n<a href=\""
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "request"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\">Request another token</a>\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: [[Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0] 66.187.233.202:47060]

Comment 1 Mo 2017-09-13 08:41:09 EDT

https://github.com/openshift/origin/pull/16109

Comment 2 Mo 2017-09-13 08:47:18 EDT

The fix is already merged in 3.7 master.

Comment 3 Chuan Yu 2017-09-13 21:07:50 EDT

Verified, the token could be requested successfully from web console.
# openshift version
openshift v3.7.0-0.126.1
kubernetes v1.7.0+80709908fd
etcd 3.2.1

Comment 7 errata-xmlrpc 2017-11-28 17:10:32 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.