Bug 1491193 - Error getting when request token from web console
Summary: Error getting when request token from web console
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 3.7.0
Hardware: All
OS: All
high
high
Target Milestone: ---
: 3.7.0
Assignee: Simo Sorce
QA Contact: Chuan Yu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-13 09:31 UTC by Chuan Yu
Modified: 2017-11-28 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The secret for the private browser OAuth client was not correctly initialized. Consequence: The request token endpoint did not work. Fix: Correctly initialize the browser OAuth client on server start. Result: The request endpoint can be used to request tokens.
Clone Of:
Environment:
Last Closed: 2017-11-28 22:10:32 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 16078 0 None None None 2017-09-13 12:39:19 UTC
Origin (Github) 16109 0 None None None 2017-09-13 12:39:47 UTC
Origin (Github) 16146 0 None None None 2017-09-13 12:40:12 UTC
Red Hat Product Errata RHSA-2017:3188 0 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-29 02:34:54 UTC

Description Chuan Yu 2017-09-13 09:31:47 UTC
Description of problem:
Error getting when request token from web console

Version-Release number of selected component (if applicable):
openshift v3.7.0-0.125.0
kubernetes v1.7.0+695f48a16f
etcd 3.2.1

How reproducible:
always

Steps to Reproduce:
1.Request token from web console:

  https://master_url:8443/oauth/token/request

  input the username/password
2.
3.

Actual results:
Error getting token: The client is not authorized to request a token using this method

Expected results:
Token reqeust successfully.

Additional info:
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n<style>\n\tbody     { font-family: sans-serif; font-size: 14px; margin: 2em 2%; background-color: #F9F9F9; }\n\th2       { font-size: 1.4em;}\n\th3       { font-size: 1em; margin: 1.5em 0 0; }\n\tcode,pre { font-family: Menlo, Monaco, Consolas, monospace; }\n\tcode     { font-weight: 300; font-size: 1.5em; margin-bottom: 1em; display: inline-block;  color: #646464;  }\n\tpre      { padding-left: 1em; border-radius: 5px; color: #003d6e; background-color: #EAEDF0; padding: 1.5em 0 1.5em 4.5em; white-space: normal; text-indent: -2em; }\n\ta        { color: #00f; text-decoration: none; }\n\ta:hover  { text-decoration: underline; }\n\t@media (min-width: 768px) {\n\t\t.nowrap { white-space: nowrap; }\n\t}\n</style>\n\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n  "
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "Error getting token: The client is not authorized to request a token using this method."
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n\n<br><br>\n<a href=\""
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "request"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\">Request another token</a>\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: [[Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0] 66.187.233.202:47060]

Comment 2 Mo 2017-09-13 12:47:18 UTC
The fix is already merged in 3.7 master.

Comment 3 Chuan Yu 2017-09-14 01:07:50 UTC
Verified, the token could be requested successfully from web console.
# openshift version
openshift v3.7.0-0.126.1
kubernetes v1.7.0+80709908fd
etcd 3.2.1

Comment 7 errata-xmlrpc 2017-11-28 22:10:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188


Note You need to log in before you can comment on or make changes to this bug.