Created attachment 747026 [details] Stuck on signo page Description of problem: Nightly build of Katello fails to log me in with the following error: Relay party https://<SERVER> not trusted, consult SSO configuration Trying to change the url of the browser to go to /katello always brought me back to /signo and the screen claimed I was logged: Logged in as admin, logout Your session will expire at 2013-05-13 10:08:01 UTC. Version-Release number of selected component (if applicable): * apr-util-ldap-1.3.9-3.el6_0.1.x86_64 * candlepin-0.8.7-1.el6.noarch * candlepin-cert-consumer-sun-x4440-01.rhts.eng.bos.redhat.com-1.0-1.noarch * candlepin-selinux-0.8.7-1.el6.noarch * candlepin-tomcat6-0.8.7-1.el6.noarch * elasticsearch-0.19.9-7.el6.noarch * katello-1.4.2-1.git.313.0d31cdb.el6.noarch * katello-all-1.4.2-1.git.313.0d31cdb.el6.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.4.2-1.el6.noarch * katello-cli-1.4.2-1.git.47.c7ac869.el6.noarch * katello-cli-common-1.4.2-1.git.47.c7ac869.el6.noarch * katello-common-1.4.2-1.git.313.0d31cdb.el6.noarch * katello-configure-1.4.3-1.git.12.bc3684c.el6.noarch * katello-glue-candlepin-1.4.2-1.git.313.0d31cdb.el6.noarch * katello-glue-elasticsearch-1.4.2-1.git.313.0d31cdb.el6.noarch * katello-glue-pulp-1.4.2-1.git.313.0d31cdb.el6.noarch * Katello-Katello-Installation-RegisterRHNClassic-1.1-3.noarch * Katello-Katello-Sanity-ImportKeys-1.2-1.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-repos-1.4.2-1.el6.noarch * katello-selinux-1.4.3-1.git.3.ce8227b.el6.noarch * openldap-2.4.23-31.el6.x86_64 * openldap-devel-2.4.23-31.el6.x86_64 * pulp-rpm-plugins-2.1.1-0.10.beta.el6.noarch * pulp-selinux-2.1.1-0.10.beta.el6.noarch * pulp-server-2.1.1-0.10.beta.el6.noarch * python-ldap-2.3.10-1.el6.x86_64 * ruby193-rubygem-ldap_fluff-0.1.3-4.el6.noarch * ruby193-rubygem-net-ldap-0.2.2-6.el6.noarch How reproducible: Steps to Reproduce: 1. Login to Katello 2. 3. Actual results: UI gives you an error Expected results: Additional info: WARNING: making https request to https://<SERVER>/signo/user/admin without verifying server certificate; no CA path was specified. Generated checkid_setup request to https://WARNING: making https request to https://sun-x4440-01.rhts.eng.bos.redhat.com/signo/user/admin without verifying server certificate; no CA path was specified. Generated checkid_setup request to https://sun-x4440-01.rhts.eng.bos.redhat.com/signo/provider with assocication {HMAC-SHA1}{518f1b9e}{cUGmhQ==} /signo/provider with assocication {HMAC-SHA1}{518f1b9e}{cUGmhQ==}
Could you try to restart signo and login again? Maybe it didn't reload config file that was changed by katello-configure.
My theory on this is that it is a race condition in katello-configure (of which we have had many). The very same rpms, installed to the very same vm image, sometimes have this error after installation, and sometimes they don't.
I'll make sure signo is restarted whenever sso.yml file is changed. Please assign to me when this bug gets all acks needed.
Merged in https://github.com/Katello/katello-installer/pull/15
FWIW I tested with the recent nightly from an hour back: 1. Worked fine in ldap active directory settings 2. Failed in ldap free ipa settings
You experienced the same "Relay party not trusted"? How did you configure free ipa settings? This should probably be opened as a new bug anyway.
(In reply to comment #6) > You experienced the same "Relay party not trusted"? How did you configure > free ipa settings? This should probably be opened as a new bug anyway. @Marek: https://bugzilla.redhat.com/show_bug.cgi?id=963272 is now created
Moving to ON_QA for drop 2.
Verified * apr-util-ldap-1.3.9-3.el6_0.1.x86_64 * candlepin-0.8.9-1.el6_4.noarch * candlepin-scl-1-5.el6_4.noarch * candlepin-scl-quartz-2.1.5-5.el6_4.noarch * candlepin-scl-rhino-1.7R3-1.el6_4.noarch * candlepin-scl-runtime-1-5.el6_4.noarch * candlepin-selinux-0.8.9-1.el6_4.noarch * candlepin-tomcat6-0.8.9-1.el6_4.noarch * elasticsearch-0.19.9-8.el6sat.noarch * foreman-1.1.10002-40.noarch * foreman-installer-puppet-concat-0-2.d776701.el6sat.noarch * foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch * foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch * foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch * foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch * foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch * foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch * foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch * foreman-postgresql-1.1.10002-40.noarch * foreman-proxy-1.1.10001-1.el6sat.noarch * foreman-proxy-installer-1.0.1-7.f5ae2cd.el6sat.noarch * katello-1.4.2-7.el6sat.noarch * katello-all-1.4.2-7.el6sat.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.4.2-2.el6sat.noarch * katello-cli-1.4.2-6.el6sat.noarch * katello-cli-common-1.4.2-6.el6sat.noarch * katello-common-1.4.2-7.el6sat.noarch * katello-configure-1.4.3-10.el6sat.noarch * katello-configure-foreman-1.4.3-10.el6sat.noarch * katello-foreman-all-1.4.2-7.el6sat.noarch * katello-glue-candlepin-1.4.2-7.el6sat.noarch * katello-glue-elasticsearch-1.4.2-7.el6sat.noarch * katello-glue-pulp-1.4.2-7.el6sat.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-1.4.3-3.el6sat.noarch * openldap-2.4.23-31.el6.x86_64 * pulp-rpm-plugins-2.1.1-1.el6sat.noarch * pulp-selinux-2.1.1-1.el6sat.noarch * pulp-server-2.1.1-1.el6sat.noarch * python-ldap-2.3.10-1.el6.x86_64 * ruby193-rubygem-ldap_fluff-0.1.7-3.el6sat.noarch * ruby193-rubygem-net-ldap-0.2.2-7.el6_4.noarch * signo-0.0.12-1.el6sat.noarch * signo-katello-0.0.12-1.el6sat.noarch
mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.