Created attachment 752175 [details] logs Description of problem: SSO doesnt work - when I open a report via webadmin I gget login page. I have cleaned the Browser cache before using it, Version-Release number of selected component (if applicable): 3.2/sf17.1 How reproducible: always Steps to Reproduce: 1.install rhevm+dwh+reports 2.create entities 3.Open any report via webadmin Actual results: 1. Reaches login page in Reports Portal, 2. After I login manully, when setup is less than 2H the Report gives exception. Expected results: should autologin to report, an no exceptions Additional info: logs
Created attachment 752176 [details] br9-exception
The error is: --------------------------------------------------------------------------------- The server has encountered an error. Please excuse the inconvenience. Error Message java.lang.IllegalArgumentException: An id is required to lookup a FlowDefinition Error Trace --------------------------------------------------------------------------------- Which doesn't say anything about an authentication issue... iirc this kind of errors are "logical" and not related to that. Yaniv - am I right? David - can you attach complete jasper + ovirt logs, rather than just an error? T
This error happened after he logged in with rhevm-admin instead of sso, so this error is not really related. Yaniv
Created attachment 752205 [details] jasp-local
Created attachment 752206 [details] jasp-remote
The session validation is done using a servlet, posting the session ID of the engine. From doing some tests using wget, I see that when I do http GET to the servlet, passing the sessionID in the URL, it works well. However, when using http POST (using wget -X POST), and passing the data in the body, it fails with error 500. The component we use in the reports server to call the session validation is also using HTTP POST. That's weird, as it worked well in the past. We can workaround it by using HTTP GET when calling the session validation (assuming that it would work in the code like it works using wget), or further investigate in order to understand why it suddenly stopped working (as it did work in the past, and no were made for months now to the SSO mechanism).
My mistake. Used wget instead of curl by accident. Continue investigating.
- the JSESSISOID "root" cookie was introduced with the docs redirection servlet (see bug 885823) - it was used in order to save a preference-per-session on the server side. - problem is that if there are two cookies with the same name under the same domain, the "root" one takes precedence. - solution would be to save that DocsServlet's preference-per-session on a client-side session-cookie, eliminating the DocsServlet's need for a root JSESSIONID cookie.
See upstream patch commit message for details on the root cause of this issue.
Added one more u/s & d/s patch to make sure relevant cookies are explicitly scoped to "/" (root) context URL.
Fixed, 3.2/sf17.3 Webadmin Dashboards, and reports portal via webadmin (SSO) works correct, Fixed, 3.2/sf17.3
3.2 has been released