Bug 962249 - Relay party not trusted error logging to katello
Relay party not trusted error logging to katello
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Management (Show other bugs)
Nightly
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Marek Hulan
Og Maciel
: Triaged
Depends On:
Blocks: 963272
  Show dependency treegraph
 
Reported: 2013-05-12 20:15 EDT by Og Maciel
Modified: 2013-07-18 17:18 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-18 17:18:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Stuck on signo page (76.35 KB, image/png)
2013-05-12 20:15 EDT, Og Maciel
no flags Details

  None (edit)
Description Og Maciel 2013-05-12 20:15:00 EDT
Created attachment 747026 [details]
Stuck on signo page

Description of problem:

Nightly build of Katello fails to log me in with the following error:

  Relay party https://<SERVER> not trusted, consult SSO configuration

Trying to change the url of the browser to go to /katello always brought me back to /signo and the screen claimed I was logged:

  Logged in as admin, logout
  Your session will expire at 2013-05-13 10:08:01 UTC.
 
Version-Release number of selected component (if applicable):

* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.7-1.el6.noarch
* candlepin-cert-consumer-sun-x4440-01.rhts.eng.bos.redhat.com-1.0-1.noarch
* candlepin-selinux-0.8.7-1.el6.noarch
* candlepin-tomcat6-0.8.7-1.el6.noarch
* elasticsearch-0.19.9-7.el6.noarch
* katello-1.4.2-1.git.313.0d31cdb.el6.noarch
* katello-all-1.4.2-1.git.313.0d31cdb.el6.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-1.el6.noarch
* katello-cli-1.4.2-1.git.47.c7ac869.el6.noarch
* katello-cli-common-1.4.2-1.git.47.c7ac869.el6.noarch
* katello-common-1.4.2-1.git.313.0d31cdb.el6.noarch
* katello-configure-1.4.3-1.git.12.bc3684c.el6.noarch
* katello-glue-candlepin-1.4.2-1.git.313.0d31cdb.el6.noarch
* katello-glue-elasticsearch-1.4.2-1.git.313.0d31cdb.el6.noarch
* katello-glue-pulp-1.4.2-1.git.313.0d31cdb.el6.noarch
* Katello-Katello-Installation-RegisterRHNClassic-1.1-3.noarch
* Katello-Katello-Sanity-ImportKeys-1.2-1.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-repos-1.4.2-1.el6.noarch
* katello-selinux-1.4.3-1.git.3.ce8227b.el6.noarch
* openldap-2.4.23-31.el6.x86_64
* openldap-devel-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.1-0.10.beta.el6.noarch
* pulp-selinux-2.1.1-0.10.beta.el6.noarch
* pulp-server-2.1.1-0.10.beta.el6.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.1.3-4.el6.noarch
* ruby193-rubygem-net-ldap-0.2.2-6.el6.noarch

How reproducible:


Steps to Reproduce:
1. Login to Katello
2.
3.
  
Actual results:

UI gives you an error

Expected results:


Additional info:

WARNING: making https request to https://<SERVER>/signo/user/admin without verifying server certificate; no CA path was specified.
Generated checkid_setup request to https://WARNING: making https request to https://sun-x4440-01.rhts.eng.bos.redhat.com/signo/user/admin without verifying server certificate; no CA path was specified.
Generated checkid_setup request to https://sun-x4440-01.rhts.eng.bos.redhat.com/signo/provider with assocication {HMAC-SHA1}{518f1b9e}{cUGmhQ==}
/signo/provider with assocication {HMAC-SHA1}{518f1b9e}{cUGmhQ==}
Comment 1 Marek Hulan 2013-05-13 03:56:08 EDT
Could you try to restart signo and login again? Maybe it didn't reload config file that was changed by katello-configure.
Comment 2 Jeff Weiss 2013-05-13 08:00:25 EDT
My theory on this is that it is a race condition in katello-configure (of which we have had many).  The very same rpms, installed to the very same vm image, sometimes have this error after installation, and sometimes they don't.
Comment 3 Marek Hulan 2013-05-13 11:54:54 EDT
I'll make sure signo is restarted whenever sso.yml file is changed. Please assign to me when this bug gets all acks needed.
Comment 4 Marek Hulan 2013-05-14 05:24:14 EDT
Merged in https://github.com/Katello/katello-installer/pull/15
Comment 5 sthirugn@redhat.com 2013-05-14 14:24:12 EDT
FWIW I tested with the recent nightly from an hour back:

1. Worked fine in ldap active directory settings
2. Failed in ldap free ipa settings
Comment 6 Marek Hulan 2013-05-15 02:17:44 EDT
You experienced the same "Relay party not trusted"? How did you configure free ipa settings? This should probably be opened as a new bug anyway.
Comment 7 sthirugn@redhat.com 2013-05-15 10:29:31 EDT
(In reply to comment #6)
> You experienced the same "Relay party not trusted"? How did you configure
> free ipa settings? This should probably be opened as a new bug anyway.

@Marek: https://bugzilla.redhat.com/show_bug.cgi?id=963272 is now created
Comment 9 Sam Kottler 2013-05-23 19:41:13 EDT
Moving to ON_QA for drop 2.
Comment 10 Og Maciel 2013-05-28 17:12:10 EDT
Verified
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10002-40.noarch
* foreman-installer-puppet-concat-0-2.d776701.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-postgresql-1.1.10002-40.noarch
* foreman-proxy-1.1.10001-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-7.f5ae2cd.el6sat.noarch
* katello-1.4.2-7.el6sat.noarch
* katello-all-1.4.2-7.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-6.el6sat.noarch
* katello-cli-common-1.4.2-6.el6sat.noarch
* katello-common-1.4.2-7.el6sat.noarch
* katello-configure-1.4.3-10.el6sat.noarch
* katello-configure-foreman-1.4.3-10.el6sat.noarch
* katello-foreman-all-1.4.2-7.el6sat.noarch
* katello-glue-candlepin-1.4.2-7.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-7.el6sat.noarch
* katello-glue-pulp-1.4.2-7.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.1-1.el6sat.noarch
* pulp-selinux-2.1.1-1.el6sat.noarch
* pulp-server-2.1.1-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.1.7-3.el6sat.noarch
* ruby193-rubygem-net-ldap-0.2.2-7.el6_4.noarch
* signo-0.0.12-1.el6sat.noarch
* signo-katello-0.0.12-1.el6sat.noarch
Comment 11 Mike McCune 2013-07-18 17:18:26 EDT
mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.

Note You need to log in before you can comment on or make changes to this bug.