Need help on creating a uaac client

[Akhilesh-Anb]

Hi,

I'm trying to create a uaac client and its asking for redirect URI. Please help me on this

ubuntu@ip-10-0-0-16:~/akhilesh/admin-ui$ uaac client add admin_ui_client \
>  --authorities clients.write,cloud_controller.admin,cloud_controller.read,cloud_controller.write,doppler.firehose,openid,scim.read,scim.write,sps.write \
>  --authorized_grant_types authorization_code,client_credentials,refresh_token \
>  --autoapprove true \
>  --scope admin_ui.admin,admin_ui.user,openid \
>  -s admin_ui_secret

error response:
{
  "error": "invalid_client",
  "error_description": "authorization_code grant type requires at least one redirect URL."
}
ubuntu@ip-10-0-0-16:~/akhilesh/admin-ui$

Our cloud foundry is installed on AWS.

[rboykin]

@Akhilesh-Anb

Given a fully-qualified DNS name or IP where your admin ui is going to be installed, add the following clause to the uaac client add. I am assuming the admin ui is being accessed with http, not https here. I am also assuming the admin ui is exposing itself through port 8070.

--redirect_uri http://\<admin ui host>:8070/login

I'll update the readme with this information.

[Akhilesh-Anb]

Thank you @rboykin for the quick reply on this. I'll create uaac client with the redirect_uri and i'll update here if i face any issues.

Regards, Akhilesh Appana

[rboykin]

Documented the addition of the redirect_uri to the README: https://github.com/cloudfoundry-incubator/admin-ui/commit/250137705504546cbb38706a105720c93a2a4dc4

[Akhilesh-Anb]

Hi @rboykin ,

i have created uaac client by providing the public DNS name in redirect_uri:

 scope: admin_ui.user openid admin_ui.admin
  client_id: admin_ui_client
  resource_ids: none
  authorized_grant_types: refresh_token client_credentials authorization_code
  redirect_uri: http://ec2-xx.xxx.xxx-x39.compute-1.amazonaws.com:8070/login
  autoapprove: true
  authorities: cloud_controller.read cloud_controller.write openid sps.write clients.write doppler.firehose scim.write
      scim.read cloud_controller.admin
  name: admin_ui_client
  required_user_groups:
  lastmodified: 1502088277000
  id: admin_ui_client

Now when i'm accessing the admin-UI using [http://ec2-xx.xxx.xxx-x39.compute-1.amazonaws.com:8070] in browser, I'm getting This site can’t be reached.

Attaching the log file. admin_ui.txt

Please help me on this.

Thanks, Akhilesh Appana

[rboykin]

@Akhilesh-Anb The latest admin ui has a non-privileged entry point to check on status. Try to hit http://ec2-xx.xxx.xxx-x39.compute-1.amazonaws.com:8070/health

If you cannot hit that, either your admin ui is not running or your DNS is not functioning appropriately.

I also see the fact that you are using mysql2 and within the log that is not working. Since I don't personally have a mysql2 environment in which to test, I have not recently upgraded the mysql2 ruby gem. It is possible that the mysql2 ruby gem needs updating.

Did your bundle install function without error?

Other than the errors hitting mysql2, I see no logged errors within the log you sent.

[rboykin]

@Akhilesh-Anb I got an email notification of your latest addition to this issue, but you have appeared to subsequently deleted it. Good you found the ccdb_uri was misconfigured and corrected it.

Given your deletion, are you now able to access the admin ui at your specific URL?

[Akhilesh-Anb]

@rboykin ,

Because of Internet problem, i'm not able to update with new comment. I apologize for that. Now i'm not getting any error regarding mysql after the changes.

I ran this command to run admin-ui,

ubuntu@ip-10-xx-xx-156:~/akhilesh/admin-ui$ ruby bin/admin -c config/default.yml &
[1] 19990
ubuntu@ip-10-xx-xx-156:~/akhilesh/admin-ui$

AdminUI...
  ruby           2.3.3-p222
  data:          data/data.json
  doppler data:  data/doppler_data.json
  log:           admin_ui.log
  stats:         sqlite://data/store.db

But i'm not able to access admin-ui in browser. http://ec2-xx.xxx.xxx-x39.compute-1.amazonaws.com:8070

and i accessed the health url and i didnt find any response.

Here is my uaac client:

admin_ui_client
    scope: admin_ui.user openid admin_ui.admin
    resource_ids: none
    authorized_grant_types: refresh_token client_credentials authorization_code
    redirect_uri: http://ec2-xx.xxx.xxx-x39.compute-1.amazonaws.com:8070/login
    autoapprove: true
    authorities: cloud_controller.read cloud_controller.write openid sps.write clients.write doppler.firehose scim.write
        scim.read cloud_controller.admin
    name: admin_ui_client
    lastmodified: 1502088277000

Please let me know if i have done any misconfiguration. If everything is fine,please let me know the way of accessing the admin-ui in browser.

Attching the log file.

admin_ui.txt

Appreciate your help.

[rboykin]

@Akhilesh-Anb I don't see any errors in your log.

Try a curl -v http://ec2-xx.xxx.xxx-x39.compute-1.amazonaws.com:8070/health. It should return a 200 if you could connect to the admin ui.

Also, you can check locally to see if running with curl -v http://localhost:8070/health

You could also run with bundle exec ruby bin/admin -c config/default.yml & to ensure you are getting all of the correct gems for the admin ui.

I cannot help if your hostname does not resolve. If you can connect with http://localhost:8070/health from where you are running the ruby bin/admin, the problem is in your DNS or network or something similar.

[Akhilesh-Anb]

Hello @rboykin ,

I see that i'm getting 200 status. I think there is a problem with DNS or network. I'll look into this. Thank you so much for your help and quick replies.

Regards, Akhilesh Appana