Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2055137

Summary: [GSS][RGW] Custom 'Credentials Provider' fails when dealing with JWT tokens above certain size
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Karun Josy <kjosy>
Component: RGWAssignee: Pritha Srivastava <prsrivas>
Status: CLOSED ERRATA QA Contact: Madhavi Kasturi <mkasturi>
Severity: medium Docs Contact: Akash Raj <akraj>
Priority: unspecified    
Version: 4.2CC: akraj, cbodley, ceph-eng-bugs, fkellehe, gjose, jpollard, kbader, kkeithle, matt, mbenjamin, mhackett, mkasturi, mmuench, prsrivas, sbaldwin, tserlin, vereddy
Target Milestone: ---Flags: vivk: needinfo-
Target Release: 5.3   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-16.2.10-6.el8cp Doc Type: Bug Fix
Doc Text:
.Internal handling of tokens is fixed Previously, internal handling of tokens in the refresh path of Java-based client authentication provider jar for AWS SDK for Java and Hadoop S3A Connector, would not deal correctly with the large tokens, resulting in improper processing of some tokens and preventing the renewal of client tokens. With this fix, the internal token handling is fixed and it works as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-11 17:39:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2126049    

Description Karun Josy 2022-02-16 10:53:41 UTC 
* Description of problem:

- Users in the customer environment, are accessing Ceph using OIDC provider RH-SSO (keycloak) from RedHat from Hadoop env. Hadoop contains RH custom made credential provider, for handling refreshing of OIDC tokens
- For some user accounts, using hadoop hdfs command with JWT refresh_token produce an error:
----------------
com.amazonaws.AmazonClientException: No AWS Credentials provided by HadoopAssumeRoleWebIdentityCredentialsProvider : com.amazonaws.AmazonClientException: java.lang.NullPointerException: No AWS Credentials provided by HadoopAssumeRoleWebIdentityCredentialsProvider : com.amazonaws.AmazonClientException: java.lang.NullPointerException
----------------

* Version-Release number of selected component (if applicable):
RHCS 4.2

* How reproducible:
Always in the customer environment
Comment 4 Jamie Pollard 2022-02-16 12:33:45 UTC 
This issue is blocking the customer team from taking their environment into production. Please prioritise accordingly.
Comment 44 errata-xmlrpc 2023-01-11 17:39:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.3 security update and Bug Fix), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0076
Comment 45 Red Hat Bugzilla 2023-09-18 04:32:07 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days