1491193 – Error getting when request token from web console

Bug 1491193 - Error getting when request token from web console

Summary: Error getting when request token from web console

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	apiserver-auth
Sub Component:
Version:	3.7.0
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.7.0
Assignee:	Simo Sorce
QA Contact:	Chuan Yu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-13 09:31 UTC by Chuan Yu
Modified:	2017-11-28 22:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: The secret for the private browser OAuth client was not correctly initialized. Consequence: The request token endpoint did not work. Fix: Correctly initialize the browser OAuth client on server start. Result: The request endpoint can be used to request tokens.
Clone Of:
Environment:
Last Closed:	2017-11-28 22:10:32 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Origin (Github)	16078	None	None	None	2017-09-13 12:39:19 UTC
Origin (Github)	16109	None	None	None	2017-09-13 12:39:47 UTC
Origin (Github)	16146	None	None	None	2017-09-13 12:40:12 UTC
Red Hat Product Errata	RHSA-2017:3188	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-29 02:34:54 UTC

Description Chuan Yu 2017-09-13 09:31:47 UTC

Description of problem:
Error getting when request token from web console

Version-Release number of selected component (if applicable):
openshift v3.7.0-0.125.0
kubernetes v1.7.0+695f48a16f
etcd 3.2.1

How reproducible:
always

Steps to Reproduce:
1.Request token from web console:

  https://master_url:8443/oauth/token/request

  input the username/password
2.
3.

Actual results:
Error getting token: The client is not authorized to request a token using this method

Expected results:
Token reqeust successfully.

Additional info:
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n<style>\n\tbody     { font-family: sans-serif; font-size: 14px; margin: 2em 2%; background-color: #F9F9F9; }\n\th2       { font-size: 1.4em;}\n\th3       { font-size: 1em; margin: 1.5em 0 0; }\n\tcode,pre { font-family: Menlo, Monaco, Consolas, monospace; }\n\tcode     { font-weight: 300; font-size: 1.5em; margin-bottom: 1em; display: inline-block;  color: #646464;  }\n\tpre      { padding-left: 1em; border-radius: 5px; color: #003d6e; background-color: #EAEDF0; padding: 1.5em 0 1.5em 4.5em; white-space: normal; text-indent: -2em; }\n\ta        { color: #00f; text-decoration: none; }\n\ta:hover  { text-decoration: underline; }\n\t@media (min-width: 768px) {\n\t\t.nowrap { white-space: nowrap; }\n\t}\n</style>\n\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n  "
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "Error getting token: The client is not authorized to request a token using this method."
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\n\n<br><br>\n<a href=\""
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "request"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: logging error output: "\">Request another token</a>\n"
Sep 13 08:36:17 qe-37-saml-master-etcd-1 atomic-openshift-master-api[25190]: [[Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0] 66.187.233.202:47060]

Comment 1 Mo 2017-09-13 12:41:09 UTC

https://github.com/openshift/origin/pull/16109

Comment 2 Mo 2017-09-13 12:47:18 UTC

The fix is already merged in 3.7 master.

Comment 3 Chuan Yu 2017-09-14 01:07:50 UTC

Verified, the token could be requested successfully from web console.
# openshift version
openshift v3.7.0-0.126.1
kubernetes v1.7.0+80709908fd
etcd 3.2.1

Comment 7 errata-xmlrpc 2017-11-28 22:10:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.