Bug 1801913 - Authentication "500 Internal Error" when accessing RHPAM (Business Automation) operator application
Summary: Authentication "500 Internal Error" when accessing RHPAM (Business Automation...
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.4
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.5.0
Assignee: Adam Kaplan
QA Contact: wewang
URL:
Whiteboard:
Depends On:
Blocks: 1803143
TreeView+ depends on / blocked
 
Reported: 2020-02-11 22:20 UTC by Keith Fryklund
Modified: 2023-10-06 19:10 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1803143 (view as bug list)
Environment:
Last Closed: 2020-02-24 19:52:24 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHPAM-2750 0 Major Verified Authentication "500 Internal Error" when accessing RHPAM (Business Automation) operator application 2020-08-17 13:02:24 UTC

Description Keith Fryklund 2020-02-11 22:20:35 UTC
Description of problem:
I installed the latest Openshift 4.3 version, and I used a custom ingress cert following the documentation here [1].
The proxy sidecar from the console-cr-form appear to not be receiving the custom trust bundle.  This issue looks to be very similar to what we saw here [2]

[1] https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html 
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1766181

Version-Release number of selected component (if applicable):
OCP4.3
Business Automation Operator is 1.3.0

How reproducible:
100% of time when using a custom ingress certificate

Steps to Reproduce:
1. Follow steps here to replace the default ingress certificate: https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html
2. Try to authenticate to https://console-cr-form-newcastle-devel.apps.paas.dev.psi.redhat.com

Actual results:
Browser error "500 Internal Error"

# oauth-proxy container error
oc logs console-cr-form -c oauth-proxy
...

2020/02/10 15:19:28 oauthproxy.go:649: error redeeming code (client:172.129.4.1:40568): Post https://oauth-openshift.apps.ocp.prod.psi.redhat.com/oauth/token: x509: certificate signed by unknown authority
2020/02/10 15:19:28 oauthproxy.go:439: ErrorPage 500 Internal Error Internal Error


Expected results:
No 500 error after login

# oauth-proxy container success example
oc logs console-cr-form -c oauth-proxy
...
2020/02/11 21:53:42 oauthproxy.go:679: 10.131.0.1:51390 authentication complete Session{kube:admin token:true}

Additional info:

Comment 4 Adam Kaplan 2020-02-24 19:52:24 UTC
Moving to https://issues.redhat.com/browse/RHPAM-2750


Note You need to log in before you can comment on or make changes to this bug.