search

personium / ansible

Ansible files to set up a Personium unit.
Apache License 2.0
12 stars 15 forks source link

Missing cacert.crt #23

Closed Yonezawa-T2 closed 6 years ago

Yonezawa-T2 commented 6 years ago

I got an error for token authentication (i.e. grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer) with default installation because /opt/x509/cacert.crt is missing.

Sample invocation:

$ curl -k -s https://sample-personium/sample-user-01/__token -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=$APP_USER_ACCESS_TOKEN"
{
  "error_description": "[PR400-AN-0009] - Token parse error.",
  "error": "invalid_grant"
}

/opt/tomcat/logs/catalina.log:

2018-05-09 14:26:02.949 [catalina-exec-5] [INFO ] PersoniumCoreLog [PL-AU-0001] - [io.personium.core.rs.cell.TokenEndPointResource#receiveSaml2:408] - Token parse error. Reason=/opt/x509/cacert.crt (no such file or directory)

personium-unit-config.properties.j2 have the following line:

io.personium.core.x509.root=/opt/x509/unit-self-sign.crt /opt/x509/cacert.crt

But with default installation, we don't have /opt/x509/cacert.crt while we have /opt/x509/unit-self-sign.crt. Changing the line to the following works, but I don't sure it is a correct way.

io.personium.core.x509.root=/opt/x509/unit-self-sign.crt

Maybe we should update the installation instructions to create cacert.crt, or delete /opt/x509/cacert.crt from personium-unit-config.properties.j2.

hiroaki-shibata commented 6 years ago

Thank you for your comment. we will check wheter cacert.crt file need or not, and fix as your suggestion.