Description of problem: When I try to login to Admin Portal via an IPA domain, the user seems to logged in but there's WFLYEJB0442: Unexpected Error and I do not see or can use admin portal - ie. I'm stucked in 'Welcome' page. 2018-01-31 12:48:39,707+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-20) [1be49bbc] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User SYSTEM connecting from 'UNKNOWN' failed to log in. 2018-01-31 12:48:39,709+01 DEBUG [org.ovirt.engine.core.common.di.interceptor.DebugLoggingInterceptor] (default task-20) [1be49bbc] m ethod: runAction, params: [CreateUserSession, CreateUserSessionParameters:{commandId='c53883a1-38e1-4e49-b490-9d0cc77ad647', user='nu ll', commandType='Unknown'}], timeElapsed: 32ms 2018-01-31 12:48:39,735+01 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-20) [] WFLYEJB0442: Unexpected Error 2018-01-31 12:48:39,736+01 DEBUG [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-20) [] User login failure: jav ax.ejb.EJBException: WFLYEJB0442: Unexpected Error at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:211) [wildfly-ejb3-7.1.0.GA-redhat-11.ja r:7.1.0.GA-redhat-11] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:266) [wildfly-ejb3-7.1.0.GA-redhat-11.jar:7.1.0.G A-redhat-11] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:379) [wildfly-ejb3-7.1.0.GA-redhat-11.jar:7.1.0.GA-re dhat-11] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:244) [wildfly-ejb3-7.1.0.GA-redhat-11.jar:7. 1.0.GA-redhat-11] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509) at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor. java:73) [weld-core-impl.jar:2.4.3.Final-redhat-1] Version-Release number of selected component (if applicable): ovirt-engine-4.2.1.3-0.1.el7.noarch How reproducible: ??? Steps to Reproduce: 1. login via ipa domain (try our brq-setup env) 2. 3. Actual results: WFLYEJB0442: Unexpected Error Expected results: should work Additional info:
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
I was unable to reproduce this on my local env where I had copied all extensions from the brq-setup. On inspection of the engine and server logs on brq-setup the core problem seems to be StackOverflowError during org.ovirt.engine.api.extensions.ExtMap.toString. Caused by: java.lang.StackOverflowError at java.util.regex.Pattern$Curly.match(Pattern.java:4229) [rt.jar:1.8.0_161] at java.util.regex.Pattern$GroupHead.match(Pattern.java:4660) [rt.jar:1.8.0_161] at java.util.regex.Pattern$Branch.match(Pattern.java:4606) [rt.jar:1.8.0_161] at java.util.regex.Pattern$BranchConn.match(Pattern.java:4570) [rt.jar:1.8.0_161] at java.util.regex.Pattern$GroupTail.match(Pattern.java:4719) [rt.jar:1.8.0_161] at java.util.regex.Pattern$Curly.match0(Pattern.java:4281) [rt.jar:1.8.0_161] at java.util.regex.Pattern$Curly.match(Pattern.java:4236) [rt.jar:1.8.0_161] at java.util.regex.Pattern$GroupHead.match(Pattern.java:4660) [rt.jar:1.8.0_161] at java.util.regex.Pattern$Branch.match(Pattern.java:4606) [rt.jar:1.8.0_161] at java.util.regex.Pattern$Branch.match(Pattern.java:4604) [rt.jar:1.8.0_161] at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3800) [rt.jar:1.8.0_161] at java.util.regex.Pattern$Start.match(Pattern.java:3463) [rt.jar:1.8.0_161] at java.util.regex.Matcher.search(Matcher.java:1248) [rt.jar:1.8.0_161] at java.util.regex.Matcher.find(Matcher.java:664) [rt.jar:1.8.0_161] at java.util.Formatter.parse(Formatter.java:2549) [rt.jar:1.8.0_161] at java.util.Formatter.format(Formatter.java:2501) [rt.jar:1.8.0_161] at java.util.Formatter.format(Formatter.java:2455) [rt.jar:1.8.0_161] at java.lang.String.format(String.java:2940) [rt.jar:1.8.0_161] at org.ovirt.engine.api.extensions.ExtUUID.toString(ExtUUID.java:72) [ovirt-engine-extensions-api.jar:] at java.util.Formatter$FormatSpecifier.printString(Formatter.java:2886) [rt.jar:1.8.0_161] at java.util.Formatter$FormatSpecifier.print(Formatter.java:2763) [rt.jar:1.8.0_161] at java.util.Formatter.format(Formatter.java:2520) [rt.jar:1.8.0_161] at java.util.Formatter.format(Formatter.java:2455) [rt.jar:1.8.0_161] at java.lang.String.format(String.java:2940) [rt.jar:1.8.0_161] at org.ovirt.engine.api.extensions.ExtKey.toString(ExtKey.java:120) [ovirt-engine-extensions-api.jar:] at java.lang.String.valueOf(String.java:2994) [rt.jar:1.8.0_161] at java.lang.StringBuilder.append(StringBuilder.java:131) [rt.jar:1.8.0_161] at org.ovirt.engine.api.extensions.ExtMap.toString(ExtMap.java:76) [ovirt-engine-extensions-api.jar:] at java.lang.String.valueOf(String.java:2994) [rt.jar:1.8.0_161] at java.lang.StringBuilder.append(StringBuilder.java:131) [rt.jar:1.8.0_161] at java.util.AbstractCollection.toString(AbstractCollection.java:462) [rt.jar:1.8.0_161] at java.lang.String.valueOf(String.java:2994) [rt.jar:1.8.0_161] at java.lang.StringBuilder.append(StringBuilder.java:131) [rt.jar:1.8.0_161] at org.ovirt.engine.api.extensions.ExtMap.toString(ExtMap.java:83) [ovirt-engine-extensions-api.jar:] at java.lang.String.valueOf(String.java:2994) [rt.jar:1.8.0_161] at java.lang.StringBuilder.append(StringBuilder.java:131) [rt.jar:1.8.0_161] at java.util.AbstractCollection.toString(AbstractCollection.java:462) [rt.jar:1.8.0_161] at java.lang.String.valueOf(String.java:2994) [rt.jar:1.8.0_161] at java.lang.StringBuilder.append(StringBuilder.java:131) [rt.jar:1.8.0_161] at org.ovirt.engine.api.extensions.ExtMap.toString(ExtMap.java:83) [ovirt-engine-extensions-api.jar:]
Verified on ovirt-engine-4.2.2-0.1.el7.noarch User from ipa domain can login without problems to webadmin.
I can still reproduce this using a user from IPA domain that has recursion in it's groups. For example: User A is in group B which is part of group C which is part of group D which is part of group B.
(In reply to Petr Matyáš from comment #5) > I can still reproduce this using a user from IPA domain that has recursion > in it's groups. > For example: > User A is in group B which is part of group C which is part of group D which > is part of group B. Sounds like a buggy LDAP configuration - so I'm removing the blocker flag. Since I know the bot will return it because it's a regression, I'm removing the regression keyword...
INFO: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason: [Tag 'ovirt-engine-4.2.3' doesn't contain patch 'https://gerrit.ovirt.org/87616'] gitweb: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs/tags/ovirt-engine-4.2.3 For more info please contact: infra
(In reply to RHV Bugzilla Automation and Verification Bot from comment #7) > INFO: Bug status wasn't changed from MODIFIED to ON_QA due to the following > reason: > > [Tag 'ovirt-engine-4.2.3' doesn't contain patch > 'https://gerrit.ovirt.org/87616'] > gitweb: > https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs/tags/ > ovirt-engine-4.2.3 > > For more info please contact: infra Wrong, https://gerrit.ovirt.org/87616 has been merged to ovirt-engine-4.2 branch on Feb 14th 2018
Verified on ovirt-engine-4.2.3-0.1.el7.noarch
This bugzilla is included in oVirt 4.2.3 release, published on May 4th 2018. Since the problem described in this bug report should be resolved in oVirt 4.2.3 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.