Welcome to the Linux Foundation Forum!

Error with lab - Chapter 18 - Deploying a Route Service for Authentication

BethTran Posts: 4
edited November 2017 in LFD232 Class Forum

After entering marissa/koala and approve, I got the following error when browser is redirected to

error: Post https://beth-uaa-host.local.pcfdev.io/oauth/token: x509: certificate signed by unknown authority

redirected url: https://web-ui-superelaborate-epiphyte.local.pcfdev.io/auth/callback?code=vKeFM4SRw8&state=state


please advise




  • spgreenberg
    spgreenberg Posts: 86
    edited November 2017

    I am looking into this.  It will take a little time to recreate.  I suspect this is an issue with the self signed certificates used by PCF Dev.  I will get back to you soon.

  • BethTran
    BethTran Posts: 4
    edited November 2017

    @Spgreenberg - any info you can share? Thanks

  • @BethTran,

    My apologies.  I wasn't notified by your @ mention to me and I am finding sometimes my posts do not work.  I will investigate that...

    Anyway, it looks like in your manifest.yml for UAA you are using https for the UAA and LOGIN_URL properties.  If you use http, it should work on PCF dev.

  • BethTran
    BethTran Posts: 4
    edited December 2017

    @spgreenberg - I followed the instructions for this lab (ie manifest.yml with http NOT https - pls see below); however, after authentication, the redirect URL is https.  Here's my manifest.yml

    - name: uaa
    memory: 1G
    instances: 1
    random-route: false
    path: uaa.war
    host: beth-uaa-host
    UAA_URL: http://beth-uaa-host.local.pcfdev.io
    LOGIN_URL: http://beth-uaa-host.local.pcfdev.io




  • spgreenberg

  • @BethTran

    can you please share how you managed to successfully complete the lab?

    I found several issues with it.

    First I found that if deploying the uaa.war from the class artificats after logging in at UAA I receive an error page with http 500 return code.

    This seems to be caused by a known bug in older UAA versions that causes problems when the java-buildpack packages Tomcat 8.5 (and potentially with newer version, too) with the app.

    I resolved this by deploying UAA with an older version of the java-buildpack.

    Did you have to do this, too?

    After that first issue I still did not manage to finish the lab with the expected result.

    When accessing web-ui I do get redirected to UAA's login page where I can log in, authorize access and get redirected back to web-ui, but it still displays that I am not logged in even though log output from UAA and UAA proxy show that the login was successful.

    Therefore the call to web-ui's /secure resource is still replied to with http 401.

    I recreated the setup 3 times now, following the lab instructions and tested while looking at log output and yet I can't spot what's wrong.

    So I'm wondering what you did to successfully complete the lab and would very much appreciate if you could share how you got it done.

    Thanks in advance!

  • CarmeloScollo
    CarmeloScollo Posts: 2
    edited February 2018

    Ok nevermind, I found out why it did not work for me.

    TL;DR: UAA URL in uaa-tokens UPSI needs to be set with http instead of https in case of self signed certificates.

    The reason for this is that the OAuth2 library used in the Ruby web-ui app by default verifies that the SSL connection is verified and valid when sending a POST to /check_token, which is not possible in the PCF environment I'm using because of the self-signed certificate.

    Now finally chapter 18 lab is working fine =)


Upcoming Training