Cannot access the dashboard

[rcknyn]

Hello, I am getting the Application Not Authorized to use CAS error. I tried to look at other solutions and they did not work for me. I think i am missing something simple. I have vectr on a ubuntu 20.04 and all went well. Then i got the error are trying to log in. I can go to the site with the IP address but then get the CAS error. I did not start a server just fresh ubuntu instance. for example. if my my Ubuntu user name is jack and my computer name is den so would my login be https//:jack.den:8081 ? I seem to me misunderstanding the hostname and domain name without an actual domain. trying to edit the env file correctly. or do i need to run an apache server first. Thank you

[SRAPSpencer]

Note that Ubuntu 20.04 is not currently supported. It may work, we have not verified it. Given your issue I believe I can provide some assistance but there may be other issues.

CAS Requires the web page be accessed via hostname. You must configure one in the .env file and navigate to it accordingly. It does not matter what the user name or computer name is, they are not related.

I would recommend the following steps cd into vectr directory you installed to, in the documentation we suggest /opt/vectr sudo docker-compose down Then use the text editor of your choice to edit the .env file to set the hostname of your choice under "VECTR_HOSTNAME=". You can find details at the bottom of Getting Started. https://docs.vectr.io/Installation/ sudo docker-compose up -d (After file is edited and saved)

Once the hostname is set you need to navigate to it. If you're navigating to this server from the Ubuntu instance locally you can edit your hosts file to reflect that. Simply add a line

(Configured Hostname) 127.0.0.1

If you are accessing it from another computer on the network, simply edit the hosts file on that computer

(Configured Hostname) (Server IP Address)

[rcknyn]

Thank you very much for the fast response. I think it may be best to use a different version of ubuntu.

I had installed in the /opt/vectr location

I recalled my /etc/hosts file had

      127.0.0.1    localhost

And /etc/hostname file had:(example) jack

So in the env file i should just put VECTR_HOSTNAME=127.0.0.1:8081

or maybe VECTR_HOSTNAME=localhost:8081

since its local

Thank you

[SRAPSpencer]

IP Addresses will not work. It must be set to a name. Your hosts file can have multiple entries. Just add an additional line below. Do not include the port in the hostname line in the .env file.

[thebleucheese]

For reference:

/etc/hosts file:

127.0.0.1       localhost
127.0.0.1       sravectr.internal

/.env file: ``` ... VECTR_PORT=8081 VECTR_HOSTNAME=sravectr.internal ... ``` Using this setup once the docker network is up, I would access the site at https://sravectr.internal:8081

[rcknyn]

Thank you very much @thebleucheese for breaking it down. Along with Paul's explanation, I think it should work now. Will try again and update. I appreciate the both of your assistance.

On Mon, Jul 20, 2020, 2:12 AM thebleucheese notifications@github.com wrote:

For reference:

/etc/hosts file:

127.0.0.1 localhost 127.0.0.1 sravectr.internal

/.env file: ... VECTR_PORT=8081 VECTR_HOSTNAME=sravectr.internal ... Using this setup once the docker network is up, I would access the site at https://sravectr.internal:8081 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or unsubscribe .

[rcknyn]

I restarted with ubuntu 18.04 and was able to bypass the first error Application Not Authorized to use CAS error After signing in however i received this: Invalid service ticket. "It was either unrecognized or has expired." I think my internet connection is fine as i have no issues with latency. I looked at the other solution regarding this manner but was unable to execute.

I kept all the defaults and accessed by going here https://sravectr.internal:8081

Thank you

[carlvonderheid]

Just as a test, can you try to access in an incognito window?

[thebleucheese]

The incognito window is a good idea to try first just to see if there's a session problem.

There are a few things to check.

1. Make sure that the auth service is configured to listen at the correct url

execute the following command on the ubuntu host:

sudo docker exec -it sandbox1_tomcat_1 cat /etc/cas/services/vectrservice-1.json

and check the output. It should have a line exactly like this: "serviceId": "https://sravectr.internal:8081/sra-purpletools-webui/app\\?client_name=CasClient",

2. Verify that all of the data keys and passwords set in the .env file do not contain symbols or special characters.

This was a technical limitation that was partially fixed for the MongoDB password, but can still cause issues with some configurations. If your passwords have special characters the authentication layer can fail to communicate with the database and you may see a 404 error. Keeping them alphanumeric will make sure that's not causing the issue.

3. Verify that you did not change any data keys or passwords set in the .env file after bringing up the containers - even just once briefly

This is very common. If you bring the containers up once even for just a moment prior to changing some of the data key or password values in the .env, it can cause the containers to fail the next time they start up.

Once you start the VECTR docker containers, VECTR automatically creates data in the VECTR data directory (/var/data or /data). This data has a MongoDB password set to access it it with whatever was present in the MONGO_INITDB_ROOT_PASSWORD value from the .env on startup. If you realize you wanted to modify this, it must be done with a completely fresh VECTR install, no data can exist in the VECTR directory otherwise the application will fail to startup. Bringing the containers down and modifying that .env value without deleting the data directory will cause an authentication problem. This is a limitation of the MongoDB Docker container, unfortunately, so it's a good idea to delete the data directory when trying to diagnose container startup issues.

4. Check the docker logs for any ERROR or WARNING entries

sudo docker logs -it sandbox1_tomcat_1

and post anything relevant here so we can try to diagnose.

[rcknyn]

Hello,

I tried cognito but discovered the same issue. tried defferent browsers as well

1. Make sure that the auth service is configured to listen at the correct url

sudo docker exec -it sandbox1_tomcat_1 cat /etc/cas/services/vectrservice-1.json

seems correct, log below

Output: { "@class": "org.apereo.cas.services.RegexRegisteredService",

    "serviceId": "https://sravectr.internal:8081/sra-purpletools-webui/app\\?client_name=CasClient",

"name": "VECTR", "id": 8081, "theme": "sra-theme", "attributeReleasePolicy": { "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, "accessStrategy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled": true, "ssoEnabled": false, "delegatedAuthenticationPolicy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy", "allowedProviders": [ "java.util.ArrayList", [ "Microsoft", "Office365" ] ] } } }

2. Verify that all of the data keys and passwords set in the .env file do not contain symbols or special characters.

I noticed there were no symbols in the video, so had so symbols. does the key phrase length matter?, i think mine was a little long. I think i would have to do a new deployment to change it

3. Verify that you did not change any data keys or passwords set in the .env file after bringing up the containers - even just once briefly all the same

4. Check the docker logs for any ERROR or WARNING entries typed command > sudo docker logs -it sandbox1_tomcat_1 Error output> unknown shorthand flag: 'i' in -it See 'docker logs --help'.

typed command>$ sudo docker logs -t sandbox1

Ouput tis attached.

Please let me know if I can provide anything else. Thank you

[SRAPSpencer]

Sounds like it would be easiest at this point to discuss on a call. Email vectr@securityriskadvisors.com and we can set up a support call.

[rcknyn]

sent email. thank you

[rcknyn]

It is working now. I occasionally get the invalid error message . I may add a certificate or follow the offline instruction. However, I was able to connect and enter the dashboard successfully. I appreciate all of the assistance. Thank you.