Welcome to the new Linux Foundation Forum!

Error with lab - Chapter 18 - Deploying a Route Service for Authentication

BethTranBethTran Posts: 4
edited November 2017 in LFD232 Class Forum



After entering marissa/koala and approve, I got the following error when browser is redirected to

error: Post https://beth-uaa-host.local.pcfdev.io/oauth/token: x509: certificate signed by unknown authority

redirected url: https://web-ui-superelaborate-epiphyte.local.pcfdev.io/auth/callback?code=vKeFM4SRw8&state=state

 

please advise

 

Thanks

Comments

  • spgreenbergspgreenberg Posts: 39
    edited November 2017

    I am looking into this.  It will take a little time to recreate.  I suspect this is an issue with the self signed certificates used by PCF Dev.  I will get back to you soon.

  • BethTranBethTran Posts: 4
    edited November 2017

    @Spgreenberg - any info you can share? Thanks

  • @BethTran,

    My apologies.  I wasn't notified by your @ mention to me and I am finding sometimes my posts do not work.  I will investigate that...

    Anyway, it looks like in your manifest.yml for UAA you are using https for the UAA and LOGIN_URL properties.  If you use http, it should work on PCF dev.

  • BethTranBethTran Posts: 4
    edited December 2017

    @spgreenberg - I followed the instructions for this lab (ie manifest.yml with http NOT https - pls see below); however, after authentication, the redirect URL is https.  Here's my manifest.yml


    applications:
    - name: uaa
    memory: 1G
    instances: 1
    random-route: false
    path: uaa.war
    host: beth-uaa-host
    env:
    UAA_URL: http://beth-uaa-host.local.pcfdev.io
    LOGIN_URL: http://beth-uaa-host.local.pcfdev.io
    JBP_CONFIG_SPRING_AUTO_RECONFIGURATION: '{enabled: false}'

     

    Thanks

    Beth

  • This is a non issue now.  Thanks for your comment @spgreenberg

  • @BethTran

    can you please share how you managed to successfully complete the lab?

    I found several issues with it.

    First I found that if deploying the uaa.war from the class artificats after logging in at UAA I receive an error page with http 500 return code.

    This seems to be caused by a known bug in older UAA versions that causes problems when the java-buildpack packages Tomcat 8.5 (and potentially with newer version, too) with the app.

    I resolved this by deploying UAA with an older version of the java-buildpack.

    Did you have to do this, too?

    After that first issue I still did not manage to finish the lab with the expected result.

    When accessing web-ui I do get redirected to UAA's login page where I can log in, authorize access and get redirected back to web-ui, but it still displays that I am not logged in even though log output from UAA and UAA proxy show that the login was successful.

    Therefore the call to web-ui's /secure resource is still replied to with http 401.

    I recreated the setup 3 times now, following the lab instructions and tested while looking at log output and yet I can't spot what's wrong.

    So I'm wondering what you did to successfully complete the lab and would very much appreciate if you could share how you got it done.

    Thanks in advance!

  • CarmeloScolloCarmeloScollo Posts: 2
    edited February 2018

    Ok nevermind, I found out why it did not work for me.

    TL;DR: UAA URL in uaa-tokens UPSI needs to be set with http instead of https in case of self signed certificates.



    The reason for this is that the OAuth2 library used in the Ruby web-ui app by default verifies that the SSL connection is verified and valid when sending a POST to /check_token, which is not possible in the PCF environment I'm using because of the self-signed certificate.

    Now finally chapter 18 lab is working fine =)

Sign In or Register to comment.