lgayatri
commented
7 years ago Closed lgayatri closed 6 years ago
lgayatri
commented
7 years ago 
reasonerjt
commented
7 years ago @lgayatri this looks like a dup of #483 ?
Could you check the headers of the response?
lgayatri
commented
7 years ago root@Ubuntu-VIc:/home/vmlib/VIC/VIC_13141/vic# curl -kv https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Sv5yH3yXqG2jtQPW4MEy0wLEWs5BjMisEFucYRlaxw8J7q%2FqzwD02zQsucOw3O3lG91iW49GVd0SptHtXF8%2B8gUxRKhkHE6XxJzwkyQlBwlCIcKUjrcLB3SkMqMzhs901v4T3MgLhNlhDwffD6wfdNVmMQsOXRnqDWLrjAk3iEtA4jo6KgG%2BADETTYAuHJy1DtItUWILreXeApmI3qNuDag3NaL0zjaBwU5huGvR0cRqgfOYmx%2BPWTgypW3BP6DXFyFxN63Xmvf%2Fstu8zvL2Y1pJciHFkV13SA873uW0%2FhX1kLWefZsK9cr3yTY2WLpy7jEPkxXOS%2FZ%2B9qwYwmqRFQ%3D%3D [1] 30973 [2] 30974 [3] 30975 root@Ubuntu-VIc:/home/vmlib/VIC/VIC_13141/vic# * Trying 10.197.37.191...
GET /websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D HTTP/1.1 Host: vic-st-h2-191.eng.vmware.com User-Agent: curl/7.43.0 Accept: /
< HTTP/1.1 200 < Cache-Control: no-store < Pragma: no-cache < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1417 < Date: Mon, 14 Aug 2017 09:27:43 GMT <
lgayatri
commented
7 years ago Seeing the same issue with https://storage.googleapis.com/vic-product-ova-builds/vic-44dd1d94-dev.ova
After registration at 9443, I accessed 8282 which takes forever to open.
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [369][I][2017-08-16T10:45:28.989Z][445][SamlRequestSender][getRequestUrl][SP alias for the login request is 10.197.37.132:8282]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [370][I][2017-08-16T10:45:28.989Z][445][SsoRequestSender][getRequestUrl][Producing redirect url]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [371][W][2017-08-16T10:45:28.990Z][445][SiteAffinity][getAffinitiedDC][Failed to init CdcSession. likely due to missing vmafd jar. Message: com/vmware/identity/cdc/CdcFactory]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [372][I][2017-08-16T10:45:28.990Z][445][SsoRequestSender][createRenewable][Added Renewable condition]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [373][I][2017-08-16T10:45:28.990Z][445][SsoRequestSender][createDelegable][Added Delegable condition]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [374][I][2017-08-16T10:45:28.990Z][445][SsoRequestSender][getRequestUrl][Destination URL: https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [375][I][2017-08-16T10:45:28.997Z][445][SsoRequestSender][createRequestString][Relay State value is: SessionId]
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: Exception in thread "pool-2-thread-5" java.lang.NullPointerException
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.saml.sso.authentication.HttpServletRequestImpl.setParameter(HttpServletRequestImpl.java:56)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.processAcquiredSamlToken(PscAuthenticationService.java:525)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.lambda$processAcquiredToken$17(PscAuthenticationService.java:438)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.util.PscUtils.lambda$execute$1(PscUtils.java:51)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.lang.Thread.run(Thread.java:748)curl -kv https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb5swFP4ryO9gIBeIFVJlzapFalfWsGnay%2BTASWIJbObjQPrvZ0iyRN1U5XGv%2BJzvfDcxvTtUpdOARqFkQgLPJw7IXBVCbhPyNXtwY3I3myKvyprN92YnX%2BDXHtA4dk8i6x8SsteSKY4CmeQVIDM5W82fHlno%2BazWyqhclcRZ2D0huelP7YypkVHaiNxF4%2B5CN5gEHsit11Qt1%2BDlqqItrBEV7bBCulo90wbrHdjHUuXcIj4onUNPKyEbXiIQZ7lIyM9xEQ3Hk2i0iTfReF3AKI9i7q%2FjiBdBNBwFdgxTjigauCwi7mEp0XBpEhL6QeT6sRuMs8BnwxELY28ST34QJz3p%2BSDk0aX3xK%2BPQ8g%2BZVnqps%2BrrAdoRAH6s522lvteMIm8QeQFg5DFYRwS59s5DwtBzu73%2FPTtvlt5oDuvyezs9d%2B3aAd0trkCwwtu%2BJReXzzeD2vW8V0uUlWK%2FPWKRnhz%2FvOyVO29Bm6sbqP30AdYcfM%2BQPdFFO6mH2V15w0akIY4q7Tj9GXPS7ERoC%2BlulEooSdx7F7ZnDqz8FrZzQa%2FRTmBNHblSKor%2BqXWmO%2Bg4ki5MdrtgantW0j9If14sNK68JGcQA4o%2FmC0beu1A0%2FprV3wA%2Fr96XHVY7miL25uLbXzzLzW1uLuPHsBCS1fl5DZb%2F8Q%2FB9RXUAJ22uq9G04s3M1r39Fs98%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=R%2BtcnZ%2FnhuRnTHC2OYhlP4%2FlWf%2Fzqlmkz2%2Bl1%2FyJfe03KlqmnCQHHm5ae0atW2c5ADiy40DOvIpmeiXpxwG1gTIatLCoHXmohHHUx059V3eAQwQzTNzG4eIyEoA53lIr3flGNZC%2F4X38Eg4%2B%2FVjdi2IxOF2RvcUhmDWrAUnUU8bwCqhbA8zkwO0ZgDSZgXf5ugsWwDZx6Y23LScAlSYq2XNELbxG4anLt16inW%2F5m1xCum48eEgdCchyanRGJfJrZ4S6ruu9Jlykmn%2BLjADAjiUoWwFfSOb9ma1uvJBh7s3LeBCAJSQuNdnwjUFsu%2FzcPrIj7oc5gE6KO0PblVX8Zg%3D%3D
[1] 24411
[2] 24412
[3] 24413
[2]- Done RelayState=SessionId
root@Ubuntu-VIc:/home/vmlib/VIC/VIC_13141/vic# * Trying 10.197.37.191...
* Connected to vic-st-h2-191.eng.vmware.com (10.197.37.191) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: vic-st-h2-191.eng.vmware.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=vic-st-h2-191.eng.vmware.com,C=US
* start date: Sat, 22 Jul 2017 12:48:34 GMT
* expire date: Sat, 17 Jul 2027 12:48:34 GMT
* issuer: CN=CA,DC=vsphere,DC=local,C=US,ST=California,O=vic-st-h2-191.eng.vmware.com,OU=VMware Engineering
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb5swFP4ryO9gIBeIFVJlzapFalfWsGnay%2BTASWIJbObjQPrvZ0iyRN1U5XGv%2BJzvfDcxvTtUpdOARqFkQgLPJw7IXBVCbhPyNXtwY3I3myKvyprN92YnX%2BDXHtA4dk8i6x8SsteSKY4CmeQVIDM5W82fHlno%2BazWyqhclcRZ2D0huelP7YypkVHaiNxF4%2B5CN5gEHsit11Qt1%2BDlqqItrBEV7bBCulo90wbrHdjHUuXcIj4onUNPKyEbXiIQZ7lIyM9xEQ3Hk2i0iTfReF3AKI9i7q%2FjiBdBNBwFdgxTjigauCwi7mEp0XBpEhL6QeT6sRuMs8BnwxELY28ST34QJz3p%2BSDk0aX3xK%2BPQ8g%2BZVnqps%2BrrAdoRAH6s522lvteMIm8QeQFg5DFYRwS59s5DwtBzu73%2FPTtvlt5oDuvyezs9d%2B3aAd0trkCwwtu%2BJReXzzeD2vW8V0uUlWK%2FPWKRnhz%2FvOyVO29Bm6sbqP30AdYcfM%2BQPdFFO6mH2V15w0akIY4q7Tj9GXPS7ERoC%2BlulEooSdx7F7ZnDqz8FrZzQa%2FRTmBNHblSKor%2BqXWmO%2Bg4ki5MdrtgantW0j9If14sNK68JGcQA4o%2FmC0beu1A0%2FprV3wA%2Fr96XHVY7miL25uLbXzzLzW1uLuPHsBCS1fl5DZb%2F8Q%2FB9RXUAJ22uq9G04s3M1r39Fs98%3D HTTP/1.1
> Host: vic-st-h2-191.eng.vmware.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1417
< Date: Wed, 16 Aug 2017 10:49:24 GMT
<
<html> <head> <script language="JavaScript" type="text/javascript">function load(){ document.getElementById('SamlPostForm').submit(); }</script> </head> <body onload="load()"><form method="post" action="https://10.197.37.132:8282/auth/psc/callback/token" id="SamlPostForm"> <input type="hidden" name="SAMLResponse" value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly8xMC4xOTcuMzcuMTMyOjgyODIvYXV0aC9wc2MvY2FsbGJhY2svdG9rZW4iIElEPSJfMmI4NGM1OWExZjlmMzcwNzAyMzFjNjkxY2IxNmZhMDAiIEluUmVzcG9uc2VUbz0iXzZkNzQ2OTc1ZjhmNzZiZGU1Yzc4YTBiODdhZDE3NDUxIiBJc3N1ZUluc3RhbnQ9IjIwMTctMDgtMTZUMTA6NDk6MjQuMDMzWiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3ZpYy1zdC1oMi0xOTEuZW5nLnZtd2FyZS5jb20vd2Vic3NvL1NBTUwyL01ldGFkYXRhL3ZzcGhlcmUubG9jYWw8L3NhbWwyOklzc3Vlcj48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6UmVzcG9uZGVyIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6UmVxdWVzdERlbmllZCIvPjwvc2FtbDJwOlN0YXR1c0NvZGU+PHNhbWwycDpTdGF0dXNNZXNzYWdlPkludmFsaWQgUmVxdWVzdCBTaWduYXR1cmU8L3NhbWwycDpTdGF0dXNNZXNzYWdlPjwvc2FtbDJwOlN0YXR1cz48L3NhbWwycDpSZXNwb25zZT4=" /><input type="submit" value="Submit" style="display:none;" /> </form></body></html>
* Connection #0 to host vic-st-h2-191.eng.vmware.com left intact
anchal-agrawal
commented
7 years ago @sergiosagu @gmuleshkov could you take a look at this issue? Thanks.
lgayatri
commented
7 years ago @sergiosagu @gmuleshkov I have live environment @10.197.37.132 -root/Admin!23 VCSA used : 10.197.37.191 - administrator@vsphere.local/Admin!23
reasonerjt
commented
7 years ago See the same issue with build: vic-73d10421-dev.ova
Curled this URL:
curl -kv --url "https://sc2-rdops-vm03-dhcp-106-152.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T2%2BEai1CxsmqV2pWVbJr2MplwAEuJnfmYhP77OQFW1E0Vj3uNz%2FnOd1MmN4eyCGqwqIxOCY8YCUDnZq30NiVfs7twTG6mE5RlUYnZ3u30M%2FzaA7rA72kU3UNK9lYLI1Gh0LIEFC4Xy9njg4gjJiprnMlNQYK531Nauu7UzrkKBaWYx6FdmwrDumS9cL3Lq5CzYcgHcQR6G9VlIy1EuSlpAytEQ1vkmC6XT7TGagf%2BsTC59Ph3xubQkUzJRhYIJLifp%2BRnwlk%2FHsc8GcajpJ%2BMN4NBP8kHo9GQbxLg3I%2FhQiKqGl4XEfdwr9FJ7VISMz4K2Tjko4wNBesL1osGnP0gweKk7oPSR8%2Fes2J1HELxKcsW4eJpmXUAtVqD%2FeynfQAs4kkcDYYR74mxJ02Cb%2BdwPAI5R9HRs9eH4NWBbY0n07Pxf52iLc7Z5BKcXEsnJ%2FTy4PF8XImW7f18YQqVv1ywiK%2FuwqwoTHNrQTqv2tk9dPGV0r0P0H5R63DTjYqqtQYdaEeC5aLl9GUvC7VRYF8Ldp1OQk%2FaxK3xIbVW4aWwq%2B19i3ICqf3KkZOndNFpzHdQSqTSORt2wNSXLaasTz8evLI2eiQnkAOqPxhN00RNLzJ26xcYp98fH5YdVqi61ubeUT8v3EvlHW7Pi2fQ0MhVAZn%2F9g%2FB%2FxHVORSwvaRK34YzPTfz8q80%2FQ0%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=o4HDcoWkKjEBZPNvIdrxlBLEyIMyDAqjdVtRuRVZe9KMlHue5kZoWIKIsGZo6Lo0DpEBPPDvSnunLP0sHG%2BrArHjMCR2YLYDhGMq6tuD0mQKCmrEbJJu7zamQqC06vA48u8rUzP3xXMKBCwx7uw%2BvY0l%2BtrFIjjvOkTnD5%2FSKU1cpwunBFFEUcloWvKhq8gM8T5l3nc2pNeMqKxpzucAj7XD10iWvIL0hfVbVuukNDgbG%2BDpWI88H2O7M4ANnJIJSDQH%2FE8akMmOLtsErGi1DnUX2wNHGWN1YVXSwZrkmLzpIlcrga4WRTx1ZslPJ2i6inrxC3RoFn3fZLLgR7n9EQ%3D%3D"
.....
< HTTP/1.1 200 OK
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< Cache-Control: no-store
< Pragma: no-cache
< CastleError: SW52YWxpZCBSZXF1ZXN0IFNpZ25hdHVyZQ==
< Content-Length: 0
< Date: Thu, 17 Aug 2017 06:10:14 GMT
<Note there's the same "CastleError" in header, similar as what I met in #483
anchal-agrawal
commented
7 years ago According to https://github.com/vmware/vic-product/issues/483#issuecomment-322792081, registering with PSC multiple times could cause a problem. However, I checked @lgayatri's setup and the logs of the getting started page (journalctl -u fileserver) show that the PSC register command ran only once for each service.
lgayatri
commented
7 years ago @sergiosagu In the admiral code, do we check for vmafd.jar?
Aug 18 07:10:46 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [333][S][2017-08-18T07:10:46.925Z][10][8282/][exceptionCaught][Listener channel exception: io.netty.handler.ssl.NotSslRecordExcep
tion: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a207669632d73742d68322d3138322e656e672e766d776172652e636f6d3a383238320d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436163
68652d436f6e74726f6c3a206d61782d6167653d300d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c2a2f2
a3b713d302e380d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e303b20574f57363429204170706c655765624b69742f
3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c207364636
80d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e380d0a0d0a]
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.admiral.auth.idm.psc.saml.sso.authentication.SamlRequestSender
- SP alias for the login request is 10.197.37.182:8282
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Producing re
direct url
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] WARN com.vmware.identity.websso.client.SiteAffinity - Failed to init CdcSession
. likely due to missing vmafd jar. Message: com/vmware/identity/cdc/CdcFactoryIf my target VCSA is 6.5U1 GA, then I see:
Aug 18 06:43:04 vic-st-h2-132.eng.vmware.com start_admiral.sh[837]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Destination URL: https://sc-rdops-vm01-dhcp-29-66.eng.vmware.com/websso/SAML2/SSO/vsphere.local
Aug 18 06:43:04 vic-st-h2-132.eng.vmware.com start_admiral.sh[837]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Relay State value is: SessionId
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: device vethb980814 entered promiscuous mode
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: IPv6: ADDRCONF(NETDEV_UP): vethb980814: link is not ready
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered disabled state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com systemd-udevd[3240]: Could not generate persistent MAC address for vethb980814: No such file or directory
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com systemd-udevd[3239]: Could not generate persistent MAC address for veth1b220c6: No such file or directory
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com docker[397]: time="2017-08-18T06:43:05Z" level=info msg="Firewalld running: false"
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com systemd-networkd[306]: vethb980814: Gained carrier
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: eth0: renamed from veth1b220c6
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethb980814: link becomes ready
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
If my target is 6.6.1, then I see
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Relay State value is: SessionId
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: Exception in thread "pool-2-thread-11" java.lang.NullPointerException
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.saml.sso.authentication.HttpServletRequestImpl.setParameter(HttpServletRequestImpl.java:56)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.processAcquiredSamlToken(PscAuthenticationService.java:525)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.lambda$processAcquiredToken$17(PscAuthenticationService.java:438)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.util.PscUtils.lambda$execute$1(PscUtils.java:51)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.lang.Thread.run(Thread.java:748)
sergiosagu
commented
7 years ago @lgayatri - The NPE that you saw using the 6.6.1 instance should be gone in the latest OVA, but still it doesn't seem to work with 6.6.1 (at least in my local env it doesn't work). I'll keep investigating... cc @lcastellano
@reasonerjt - You mentioned that you see the same issue, can you confirm what VCSA/PSC version you are using? 6.0.x GA? 6.5.x GA? 6.6.1?
lgayatri
commented
7 years ago @sergiosagu I used latest build: https://storage.googleapis.com/vic-product-ova-builds/vic-73d10421-dev.ova
sergiosagu
commented
7 years ago @lgayatri - that's from 2017-08-16, 2 days ago, so probably doesn't contain the update I did yesterday which I mentioned before.
lgayatri
commented
7 years ago @sergiosagu - Is this build: vic-42ddaaa6.ova good?
anchal-agrawal
commented
7 years ago @lgayatri That build is based off https://github.com/vmware/vic-product/commit/42ddaaa6cf86df669d1fb334e099b2164d3e1ff5 and should be good, but since it wasn't announced on the Slack channels I can't say for sure.
anchal-agrawal
commented
7 years ago @sergiosagu Is the fix in the PSC jar or Admiral's vic_dev image? Is there a way to check whether the fix is present (build number/commit)?
sergiosagu
commented
7 years ago @anchal-agrawal - It's in vic_dev image. You should check the jar and so on, the lib is built separately (and in a different repo) and has no particular build number.
lgayatri
commented
7 years ago Dont have live environment any more, but can say that with PSC 6.6.1, Admiral wont show up.
andrewtchin
commented
7 years ago @lgayatri Is this only in 6.6.x?
lgayatri
commented
7 years ago @andrewtchin , Yes.
andrewtchin
commented
7 years ago @lgayatri Thanks, could you verify if this has been fixed with the next build that comes out (probably 1.2-rc1)? If it's not fixed, we'll have Admiral team investigate further
lgayatri
commented
7 years ago @andrewtchin Ok, will the build be ready by tomorrow morning?
andrewtchin
commented
7 years ago Admiral team is waiting on PSC team to rev the PSC integration libs. After that we will see if it works with 6.6.x
andrewtchin
commented
7 years ago @lgayatri Have you seen this in recent builds?
lgayatri
commented
6 years ago @andrewtchin Got VIC 1.3 build recently, I will create new setup with the latest version of VCSA and update asap.
andrewtchin
commented
6 years ago OK thanks 👍
lgayatri
commented
6 years ago Did not see this issue in the recent 1.3 RC builds. Closing
Deployed - chin-vic-c2506807-dev-upgrade.OVA Post power on and registration at 9443 port, tried to access :8282 port on which harbor runs. The web page is loading for ever. Request from Admiral is - https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Sv5yH3yXqG2jtQPW4MEy0wLEWs5BjMisEFucYRlaxw8J7q%2FqzwD02zQsucOw3O3lG91iW49GVd0SptHtXF8%2B8gUxRKhkHE6XxJzwkyQlBwlCIcKUjrcLB3SkMqMzhs901v4T3MgLhNlhDwffD6wfdNVmMQsOXRnqDWLrjAk3iEtA4jo6KgG%2BADETTYAuHJy1DtItUWILreXeApmI3qNuDag3NaL0zjaBwU5huGvR0cRqgfOYmx%2BPWTgypW3BP6DXFyFxN63Xmvf%2Fstu8zvL2Y1pJciHFkV13SA873uW0%2FhX1kLWefZsK9cr3yTY2WLpy7jEPkxXOS%2FZ%2B9qwYwmqRFQ%3D%3D
127.0.0.1 - - [14/Aug/2017:05:54:46 +0000] "GET /websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Sv5yH3yXqG2jtQPW4MEy0wLEWs5BjMisEFucYRlaxw8J7q%2FqzwD02zQsucOw3O3lG91iW49GVd0SptHtXF8%2B8gUxRKhkHE6XxJzwkyQlBwlCIcKUjrcLB3SkMqMzhs901v4T3MgLhNlhDwffD6wfdNVmMQsOXRnqDWLrjAk3iEtA4jo6KgG%2BADETTYAuHJy1DtItUWILreXeApmI3qNuDag3NaL0zjaBwU5huGvR0cRqgfOYmx%2BPWTgypW3BP6DXFyFxN63Xmvf%2Fstu8zvL2Y1pJciHFkV13SA873uW0%2FhX1kLWefZsK9cr3yTY2WLpy7jEPkxXOS%2FZ%2B9qwYwmqRFQ%3D%3D HTTP/1.1" 200 11585 127.0.0.1 - - [14/Aug/2017:05:54:46 +0000] "POST /lookupservice/sdk HTTP/1.1" 200 14364 127.0.0.1 - - [14/Aug/2017:05:54:47 +0000] "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 200 2182 127.0.0.1 - - [14/Aug/2017:05:54:47 +0000] "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 200 500 127.0.0.1 - - [14/Aug/2017:05:54:47 +0000] "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 200 1745
SAML request can be matched from that of UI screenshot and log snip.