Error with lab - Chapter 18 - Deploying a Route Service for Authentication

BethTran

After entering marissa/koala and approve, I got the following error when browser is redirected to

error: Post https://beth-uaa-host.local.pcfdev.io/oauth/token: x509: certificate signed by unknown authority

redirected url: https://web-ui-superelaborate-epiphyte.local.pcfdev.io/auth/callback?code=vKeFM4SRw8&state=state

 

please advise

 

Thanks

spgreenberg

I am looking into this.  It will take a little time to recreate.  I suspect this is an issue with the self signed certificates used by PCF Dev.  I will get back to you soon.

BethTran

@Spgreenberg - any info you can share? Thanks

spgreenberg

@BethTran,

My apologies.  I wasn't notified by your @ mention to me and I am finding sometimes my posts do not work.  I will investigate that...

Anyway, it looks like in your manifest.yml for UAA you are using https for the UAA and LOGIN_URL properties.  If you use http, it should work on PCF dev.

BethTran

@spgreenberg - I followed the instructions for this lab (ie manifest.yml with http NOT https - pls see below); however, after authentication, the redirect URL is https.  Here's my manifest.yml

applications:
- name: uaa
  memory: 1G
  instances: 1
  random-route: false
  path: uaa.war
  host: beth-uaa-host
  env:
    UAA_URL: http://beth-uaa-host.local.pcfdev.io
    LOGIN_URL: http://beth-uaa-host.local.pcfdev.io
    JBP_CONFIG_SPRING_AUTO_RECONFIGURATION: '{enabled: false}'

 

Thanks

Beth

BethTran

spgreenberg

CarmeloScollo

@BethTran

can you please share how you managed to successfully complete the lab?

I found several issues with it.

First I found that if deploying the uaa.war from the class artificats after logging in at UAA I receive an error page with http 500 return code.

This seems to be caused by a known bug in older UAA versions that causes problems when the java-buildpack packages Tomcat 8.5 (and potentially with newer version, too) with the app.

I resolved this by deploying UAA with an older version of the java-buildpack.

Did you have to do this, too?

After that first issue I still did not manage to finish the lab with the expected result.

When accessing web-ui I do get redirected to UAA's login page where I can log in, authorize access and get redirected back to web-ui, but it still displays that I am not logged in even though log output from UAA and UAA proxy show that the login was successful.

Therefore the call to web-ui's /secure resource is still replied to with http 401.

I recreated the setup 3 times now, following the lab instructions and tested while looking at log output and yet I can't spot what's wrong.

So I'm wondering what you did to successfully complete the lab and would very much appreciate if you could share how you got it done.

Thanks in advance!

CarmeloScollo

Ok nevermind, I found out why it did not work for me.

TL;DR: UAA URL in uaa-tokens UPSI needs to be set with http instead of https in case of self signed certificates.



The reason for this is that the OAuth2 library used in the Ruby web-ui app by default verifies that the SSL connection is verified and valid when sending a POST to /check_token, which is not possible in the PCF environment I'm using because of the self-signed certificate.

Now finally chapter 18 lab is working fine