Closed lgayatri closed 6 years ago
@lgayatri this looks like a dup of #483 ?
Could you check the headers of the response?
root@Ubuntu-VIc:/home/vmlib/VIC/VIC_13141/vic# curl -kv https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Sv5yH3yXqG2jtQPW4MEy0wLEWs5BjMisEFucYRlaxw8J7q%2FqzwD02zQsucOw3O3lG91iW49GVd0SptHtXF8%2B8gUxRKhkHE6XxJzwkyQlBwlCIcKUjrcLB3SkMqMzhs901v4T3MgLhNlhDwffD6wfdNVmMQsOXRnqDWLrjAk3iEtA4jo6KgG%2BADETTYAuHJy1DtItUWILreXeApmI3qNuDag3NaL0zjaBwU5huGvR0cRqgfOYmx%2BPWTgypW3BP6DXFyFxN63Xmvf%2Fstu8zvL2Y1pJciHFkV13SA873uW0%2FhX1kLWefZsK9cr3yTY2WLpy7jEPkxXOS%2FZ%2B9qwYwmqRFQ%3D%3D [1] 30973 [2] 30974 [3] 30975 root@Ubuntu-VIc:/home/vmlib/VIC/VIC_13141/vic# * Trying 10.197.37.191...
GET /websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D HTTP/1.1 Host: vic-st-h2-191.eng.vmware.com User-Agent: curl/7.43.0 Accept: /
< HTTP/1.1 200 < Cache-Control: no-store < Pragma: no-cache < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1417 < Date: Mon, 14 Aug 2017 09:27:43 GMT <
Seeing the same issue with https://storage.googleapis.com/vic-product-ova-builds/vic-44dd1d94-dev.ova
After registration at 9443, I accessed 8282 which takes forever to open.
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [369][I][2017-08-16T10:45:28.989Z][445][SamlRequestSender][getRequestUrl][SP alias for the login request is 10.197.37.132:8282]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [370][I][2017-08-16T10:45:28.989Z][445][SsoRequestSender][getRequestUrl][Producing redirect url]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [371][W][2017-08-16T10:45:28.990Z][445][SiteAffinity][getAffinitiedDC][Failed to init CdcSession. likely due to missing vmafd jar. Message: com/vmware/identity/cdc/CdcFactory]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [372][I][2017-08-16T10:45:28.990Z][445][SsoRequestSender][createRenewable][Added Renewable condition]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [373][I][2017-08-16T10:45:28.990Z][445][SsoRequestSender][createDelegable][Added Delegable condition]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [374][I][2017-08-16T10:45:28.990Z][445][SsoRequestSender][getRequestUrl][Destination URL: https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local]
Aug 16 10:45:28 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: [375][I][2017-08-16T10:45:28.997Z][445][SsoRequestSender][createRequestString][Relay State value is: SessionId]
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: Exception in thread "pool-2-thread-5" java.lang.NullPointerException
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.saml.sso.authentication.HttpServletRequestImpl.setParameter(HttpServletRequestImpl.java:56)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.processAcquiredSamlToken(PscAuthenticationService.java:525)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.lambda$processAcquiredToken$17(PscAuthenticationService.java:438)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at com.vmware.admiral.auth.idm.psc.util.PscUtils.lambda$execute$1(PscUtils.java:51)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Aug 16 10:45:29 vic-st-h2-132.eng.vmware.com start_admiral.sh[809]: at java.lang.Thread.run(Thread.java:748)
curl -kv https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb5swFP4ryO9gIBeIFVJlzapFalfWsGnay%2BTASWIJbObjQPrvZ0iyRN1U5XGv%2BJzvfDcxvTtUpdOARqFkQgLPJw7IXBVCbhPyNXtwY3I3myKvyprN92YnX%2BDXHtA4dk8i6x8SsteSKY4CmeQVIDM5W82fHlno%2BazWyqhclcRZ2D0huelP7YypkVHaiNxF4%2B5CN5gEHsit11Qt1%2BDlqqItrBEV7bBCulo90wbrHdjHUuXcIj4onUNPKyEbXiIQZ7lIyM9xEQ3Hk2i0iTfReF3AKI9i7q%2FjiBdBNBwFdgxTjigauCwi7mEp0XBpEhL6QeT6sRuMs8BnwxELY28ST34QJz3p%2BSDk0aX3xK%2BPQ8g%2BZVnqps%2BrrAdoRAH6s522lvteMIm8QeQFg5DFYRwS59s5DwtBzu73%2FPTtvlt5oDuvyezs9d%2B3aAd0trkCwwtu%2BJReXzzeD2vW8V0uUlWK%2FPWKRnhz%2FvOyVO29Bm6sbqP30AdYcfM%2BQPdFFO6mH2V15w0akIY4q7Tj9GXPS7ERoC%2BlulEooSdx7F7ZnDqz8FrZzQa%2FRTmBNHblSKor%2BqXWmO%2Bg4ki5MdrtgantW0j9If14sNK68JGcQA4o%2FmC0beu1A0%2FprV3wA%2Fr96XHVY7miL25uLbXzzLzW1uLuPHsBCS1fl5DZb%2F8Q%2FB9RXUAJ22uq9G04s3M1r39Fs98%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=R%2BtcnZ%2FnhuRnTHC2OYhlP4%2FlWf%2Fzqlmkz2%2Bl1%2FyJfe03KlqmnCQHHm5ae0atW2c5ADiy40DOvIpmeiXpxwG1gTIatLCoHXmohHHUx059V3eAQwQzTNzG4eIyEoA53lIr3flGNZC%2F4X38Eg4%2B%2FVjdi2IxOF2RvcUhmDWrAUnUU8bwCqhbA8zkwO0ZgDSZgXf5ugsWwDZx6Y23LScAlSYq2XNELbxG4anLt16inW%2F5m1xCum48eEgdCchyanRGJfJrZ4S6ruu9Jlykmn%2BLjADAjiUoWwFfSOb9ma1uvJBh7s3LeBCAJSQuNdnwjUFsu%2FzcPrIj7oc5gE6KO0PblVX8Zg%3D%3D
[1] 24411
[2] 24412
[3] 24413
[2]- Done RelayState=SessionId
root@Ubuntu-VIc:/home/vmlib/VIC/VIC_13141/vic# * Trying 10.197.37.191...
* Connected to vic-st-h2-191.eng.vmware.com (10.197.37.191) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: vic-st-h2-191.eng.vmware.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=vic-st-h2-191.eng.vmware.com,C=US
* start date: Sat, 22 Jul 2017 12:48:34 GMT
* expire date: Sat, 17 Jul 2027 12:48:34 GMT
* issuer: CN=CA,DC=vsphere,DC=local,C=US,ST=California,O=vic-st-h2-191.eng.vmware.com,OU=VMware Engineering
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb5swFP4ryO9gIBeIFVJlzapFalfWsGnay%2BTASWIJbObjQPrvZ0iyRN1U5XGv%2BJzvfDcxvTtUpdOARqFkQgLPJw7IXBVCbhPyNXtwY3I3myKvyprN92YnX%2BDXHtA4dk8i6x8SsteSKY4CmeQVIDM5W82fHlno%2BazWyqhclcRZ2D0huelP7YypkVHaiNxF4%2B5CN5gEHsit11Qt1%2BDlqqItrBEV7bBCulo90wbrHdjHUuXcIj4onUNPKyEbXiIQZ7lIyM9xEQ3Hk2i0iTfReF3AKI9i7q%2FjiBdBNBwFdgxTjigauCwi7mEp0XBpEhL6QeT6sRuMs8BnwxELY28ST34QJz3p%2BSDk0aX3xK%2BPQ8g%2BZVnqps%2BrrAdoRAH6s522lvteMIm8QeQFg5DFYRwS59s5DwtBzu73%2FPTtvlt5oDuvyezs9d%2B3aAd0trkCwwtu%2BJReXzzeD2vW8V0uUlWK%2FPWKRnhz%2FvOyVO29Bm6sbqP30AdYcfM%2BQPdFFO6mH2V15w0akIY4q7Tj9GXPS7ERoC%2BlulEooSdx7F7ZnDqz8FrZzQa%2FRTmBNHblSKor%2BqXWmO%2Bg4ki5MdrtgantW0j9If14sNK68JGcQA4o%2FmC0beu1A0%2FprV3wA%2Fr96XHVY7miL25uLbXzzLzW1uLuPHsBCS1fl5DZb%2F8Q%2FB9RXUAJ22uq9G04s3M1r39Fs98%3D HTTP/1.1
> Host: vic-st-h2-191.eng.vmware.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1417
< Date: Wed, 16 Aug 2017 10:49:24 GMT
<
<html> <head> <script language="JavaScript" type="text/javascript">function load(){ document.getElementById('SamlPostForm').submit(); }</script> </head> <body onload="load()"><form method="post" action="https://10.197.37.132:8282/auth/psc/callback/token" id="SamlPostForm"> <input type="hidden" name="SAMLResponse" value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly8xMC4xOTcuMzcuMTMyOjgyODIvYXV0aC9wc2MvY2FsbGJhY2svdG9rZW4iIElEPSJfMmI4NGM1OWExZjlmMzcwNzAyMzFjNjkxY2IxNmZhMDAiIEluUmVzcG9uc2VUbz0iXzZkNzQ2OTc1ZjhmNzZiZGU1Yzc4YTBiODdhZDE3NDUxIiBJc3N1ZUluc3RhbnQ9IjIwMTctMDgtMTZUMTA6NDk6MjQuMDMzWiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3ZpYy1zdC1oMi0xOTEuZW5nLnZtd2FyZS5jb20vd2Vic3NvL1NBTUwyL01ldGFkYXRhL3ZzcGhlcmUubG9jYWw8L3NhbWwyOklzc3Vlcj48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6UmVzcG9uZGVyIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6UmVxdWVzdERlbmllZCIvPjwvc2FtbDJwOlN0YXR1c0NvZGU+PHNhbWwycDpTdGF0dXNNZXNzYWdlPkludmFsaWQgUmVxdWVzdCBTaWduYXR1cmU8L3NhbWwycDpTdGF0dXNNZXNzYWdlPjwvc2FtbDJwOlN0YXR1cz48L3NhbWwycDpSZXNwb25zZT4=" /><input type="submit" value="Submit" style="display:none;" /> </form></body></html>
* Connection #0 to host vic-st-h2-191.eng.vmware.com left intact
@sergiosagu @gmuleshkov could you take a look at this issue? Thanks.
@sergiosagu @gmuleshkov I have live environment @10.197.37.132 -root/Admin!23 VCSA used : 10.197.37.191 - administrator@vsphere.local/Admin!23
See the same issue with build: vic-73d10421-dev.ova
Curled this URL:
curl -kv --url "https://sc2-rdops-vm03-dhcp-106-152.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T2%2BEai1CxsmqV2pWVbJr2MplwAEuJnfmYhP77OQFW1E0Vj3uNz%2FnOd1MmN4eyCGqwqIxOCY8YCUDnZq30NiVfs7twTG6mE5RlUYnZ3u30M%2FzaA7rA72kU3UNK9lYLI1Gh0LIEFC4Xy9njg4gjJiprnMlNQYK531Nauu7UzrkKBaWYx6FdmwrDumS9cL3Lq5CzYcgHcQR6G9VlIy1EuSlpAytEQ1vkmC6XT7TGagf%2BsTC59Ph3xubQkUzJRhYIJLifp%2BRnwlk%2FHsc8GcajpJ%2BMN4NBP8kHo9GQbxLg3I%2FhQiKqGl4XEfdwr9FJ7VISMz4K2Tjko4wNBesL1osGnP0gweKk7oPSR8%2Fes2J1HELxKcsW4eJpmXUAtVqD%2FeynfQAs4kkcDYYR74mxJ02Cb%2BdwPAI5R9HRs9eH4NWBbY0n07Pxf52iLc7Z5BKcXEsnJ%2FTy4PF8XImW7f18YQqVv1ywiK%2FuwqwoTHNrQTqv2tk9dPGV0r0P0H5R63DTjYqqtQYdaEeC5aLl9GUvC7VRYF8Ldp1OQk%2FaxK3xIbVW4aWwq%2B19i3ICqf3KkZOndNFpzHdQSqTSORt2wNSXLaasTz8evLI2eiQnkAOqPxhN00RNLzJ26xcYp98fH5YdVqi61ubeUT8v3EvlHW7Pi2fQ0MhVAZn%2F9g%2FB%2FxHVORSwvaRK34YzPTfz8q80%2FQ0%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=o4HDcoWkKjEBZPNvIdrxlBLEyIMyDAqjdVtRuRVZe9KMlHue5kZoWIKIsGZo6Lo0DpEBPPDvSnunLP0sHG%2BrArHjMCR2YLYDhGMq6tuD0mQKCmrEbJJu7zamQqC06vA48u8rUzP3xXMKBCwx7uw%2BvY0l%2BtrFIjjvOkTnD5%2FSKU1cpwunBFFEUcloWvKhq8gM8T5l3nc2pNeMqKxpzucAj7XD10iWvIL0hfVbVuukNDgbG%2BDpWI88H2O7M4ANnJIJSDQH%2FE8akMmOLtsErGi1DnUX2wNHGWN1YVXSwZrkmLzpIlcrga4WRTx1ZslPJ2i6inrxC3RoFn3fZLLgR7n9EQ%3D%3D"
.....
< HTTP/1.1 200 OK
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< Cache-Control: no-store
< Pragma: no-cache
< CastleError: SW52YWxpZCBSZXF1ZXN0IFNpZ25hdHVyZQ==
< Content-Length: 0
< Date: Thu, 17 Aug 2017 06:10:14 GMT
<
Note there's the same "CastleError" in header, similar as what I met in #483
According to https://github.com/vmware/vic-product/issues/483#issuecomment-322792081, registering with PSC multiple times could cause a problem. However, I checked @lgayatri's setup and the logs of the getting started page (journalctl -u fileserver
) show that the PSC register
command ran only once for each service.
@sergiosagu In the admiral code, do we check for vmafd.jar?
Aug 18 07:10:46 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [333][S][2017-08-18T07:10:46.925Z][10][8282/][exceptionCaught][Listener channel exception: io.netty.handler.ssl.NotSslRecordExcep
tion: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a207669632d73742d68322d3138322e656e672e766d776172652e636f6d3a383238320d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436163
68652d436f6e74726f6c3a206d61782d6167653d300d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c2a2f2
a3b713d302e380d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e303b20574f57363429204170706c655765624b69742f
3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f34392e302e323632332e313132205361666172692f3533372e33360d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c207364636
80d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e380d0a0d0a]
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.admiral.auth.idm.psc.saml.sso.authentication.SamlRequestSender
- SP alias for the login request is 10.197.37.182:8282
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Producing re
direct url
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] WARN com.vmware.identity.websso.client.SiteAffinity - Failed to init CdcSession
. likely due to missing vmafd jar. Message: com/vmware/identity/cdc/CdcFactory
If my target VCSA is 6.5U1 GA, then I see:
Aug 18 06:43:04 vic-st-h2-132.eng.vmware.com start_admiral.sh[837]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Destination URL: https://sc-rdops-vm01-dhcp-29-66.eng.vmware.com/websso/SAML2/SSO/vsphere.local
Aug 18 06:43:04 vic-st-h2-132.eng.vmware.com start_admiral.sh[837]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Relay State value is: SessionId
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: device vethb980814 entered promiscuous mode
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: IPv6: ADDRCONF(NETDEV_UP): vethb980814: link is not ready
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered disabled state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com systemd-udevd[3240]: Could not generate persistent MAC address for vethb980814: No such file or directory
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com systemd-udevd[3239]: Could not generate persistent MAC address for veth1b220c6: No such file or directory
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com docker[397]: time="2017-08-18T06:43:05Z" level=info msg="Firewalld running: false"
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com systemd-networkd[306]: vethb980814: Gained carrier
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: eth0: renamed from veth1b220c6
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethb980814: link becomes ready
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
Aug 18 06:43:05 vic-st-h2-132.eng.vmware.com kernel: br-b5335c8c3d2b: port 5(vethb980814) entered forwarding state
If my target is 6.6.1, then I see
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: [https://172.17.0.2:8282/ForkJoinPool-1-worker-0] INFO com.vmware.identity.websso.client.endpoint.SsoRequestSender - Relay State value is: SessionId
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: Exception in thread "pool-2-thread-11" java.lang.NullPointerException
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.saml.sso.authentication.HttpServletRequestImpl.setParameter(HttpServletRequestImpl.java:56)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.processAcquiredSamlToken(PscAuthenticationService.java:525)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.service.PscAuthenticationService.lambda$processAcquiredToken$17(PscAuthenticationService.java:438)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at com.vmware.admiral.auth.idm.psc.util.PscUtils.lambda$execute$1(PscUtils.java:51)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Aug 18 07:10:58 vic-st-h2-182.eng.vmware.com start_admiral.sh[851]: at java.lang.Thread.run(Thread.java:748)
@lgayatri - The NPE that you saw using the 6.6.1 instance should be gone in the latest OVA, but still it doesn't seem to work with 6.6.1 (at least in my local env it doesn't work). I'll keep investigating... cc @lcastellano
@reasonerjt - You mentioned that you see the same issue, can you confirm what VCSA/PSC version you are using? 6.0.x GA? 6.5.x GA? 6.6.1?
@sergiosagu I used latest build: https://storage.googleapis.com/vic-product-ova-builds/vic-73d10421-dev.ova
@lgayatri - that's from 2017-08-16, 2 days ago, so probably doesn't contain the update I did yesterday which I mentioned before.
@sergiosagu - Is this build: vic-42ddaaa6.ova good?
@lgayatri That build is based off https://github.com/vmware/vic-product/commit/42ddaaa6cf86df669d1fb334e099b2164d3e1ff5 and should be good, but since it wasn't announced on the Slack channels I can't say for sure.
@sergiosagu Is the fix in the PSC jar or Admiral's vic_dev
image? Is there a way to check whether the fix is present (build number/commit)?
@anchal-agrawal - It's in vic_dev
image. You should check the jar and so on, the lib is built separately (and in a different repo) and has no particular build number.
Dont have live environment any more, but can say that with PSC 6.6.1, Admiral wont show up.
@lgayatri Is this only in 6.6.x?
@andrewtchin , Yes.
@lgayatri Thanks, could you verify if this has been fixed with the next build that comes out (probably 1.2-rc1)? If it's not fixed, we'll have Admiral team investigate further
@andrewtchin Ok, will the build be ready by tomorrow morning?
Admiral team is waiting on PSC team to rev the PSC integration libs. After that we will see if it works with 6.6.x
@lgayatri Have you seen this in recent builds?
@andrewtchin Got VIC 1.3 build recently, I will create new setup with the latest version of VCSA and update asap.
OK thanks 👍
Did not see this issue in the recent 1.3 RC builds. Closing
Deployed - chin-vic-c2506807-dev-upgrade.OVA Post power on and registration at 9443 port, tried to access :8282 port on which harbor runs. The web page is loading for ever. Request from Admiral is - https://vic-st-h2-191.eng.vmware.com/websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Sv5yH3yXqG2jtQPW4MEy0wLEWs5BjMisEFucYRlaxw8J7q%2FqzwD02zQsucOw3O3lG91iW49GVd0SptHtXF8%2B8gUxRKhkHE6XxJzwkyQlBwlCIcKUjrcLB3SkMqMzhs901v4T3MgLhNlhDwffD6wfdNVmMQsOXRnqDWLrjAk3iEtA4jo6KgG%2BADETTYAuHJy1DtItUWILreXeApmI3qNuDag3NaL0zjaBwU5huGvR0cRqgfOYmx%2BPWTgypW3BP6DXFyFxN63Xmvf%2Fstu8zvL2Y1pJciHFkV13SA873uW0%2FhX1kLWefZsK9cr3yTY2WLpy7jEPkxXOS%2FZ%2B9qwYwmqRFQ%3D%3D
My VCSA is : vic-st-h2-191.eng.vmware.com- root/Admin!23 and administrator@vsphere.local/Admin!23 Version 6.6.1.5100 OVA - vic-st-h2-132.eng.vmware.com - root/Admin!23 Snippet of localhost_access_log..2017-08-14.txt log at /var/log/vmware/sso on VCSA -
127.0.0.1 - - [14/Aug/2017:05:54:46 +0000] "GET /websso/SAML2/SSO/vsphere.local?SAMLRequest=zVRbb9owFP4rkd8T50JIsICKlVVDatesZNO0l8mEA1hK7MzHJPTfzwkwUDdVPO41Puc7300Z3x2q0mlAo1ByQgLPJw7IQq2F3E7I1%2FzBTcnddIy8Kms225udfIFfe0Dj2D2JrH%2BYkL2WTHEUyCSvAJkp2HL29MhCz2e1VkYVqiTO3O4JyU1%2FamdMjYzSRhQuGncXusEo8EBuvaZquQavUBVtYYWoaIcV0uXymTZY78A%2BlqrgFvFB6QJ6WhOy4SUCcRbzCfk5KOKUx0E8hCSN%2FTgZDtNoM4J0lay5Hw02dgwzjigauCwi7mEh0XBpJiT0g8T1UzcY5H7M4oTFvpdE%2Fg%2FiZCc9H4Q8uvSe%2BNVxCNmnPM%2Fc7HmZ9wCNWIP%2BbKet5b4XjBIvSrwgClkapiFxvp3zsBDk7H7PT9%2Fuu5UHuvOaTM9e%2F32LdkBnmyswfM0NH9Pri8f7Yc06vot5pkpRvF7RCG%2FOf1aWqr3XwI3VbfQe%2BgArbt4H6L6ItbvpR1ndeYMGpCHOMus4fdnzUmwE6EupbhRK6Ekcu1c2p84svFZ2s8FvUU4gjV05kuqKfqk1FjuoOFJujHZ7YGr7FlJ%2FQD8erLQufCQnkAOKPxht23pt5Cm9tQt%2BQL8%2FPS57LFf0xS2spXaemdfaWtydZy8goeWrEnL77R%2BC%2FyOqcyhhe02Vvg1neq7m9a9o%2Bhs%3D&RelayState=SessionId&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Sv5yH3yXqG2jtQPW4MEy0wLEWs5BjMisEFucYRlaxw8J7q%2FqzwD02zQsucOw3O3lG91iW49GVd0SptHtXF8%2B8gUxRKhkHE6XxJzwkyQlBwlCIcKUjrcLB3SkMqMzhs901v4T3MgLhNlhDwffD6wfdNVmMQsOXRnqDWLrjAk3iEtA4jo6KgG%2BADETTYAuHJy1DtItUWILreXeApmI3qNuDag3NaL0zjaBwU5huGvR0cRqgfOYmx%2BPWTgypW3BP6DXFyFxN63Xmvf%2Fstu8zvL2Y1pJciHFkV13SA873uW0%2FhX1kLWefZsK9cr3yTY2WLpy7jEPkxXOS%2FZ%2B9qwYwmqRFQ%3D%3D HTTP/1.1" 200 11585 127.0.0.1 - - [14/Aug/2017:05:54:46 +0000] "POST /lookupservice/sdk HTTP/1.1" 200 14364 127.0.0.1 - - [14/Aug/2017:05:54:47 +0000] "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 200 2182 127.0.0.1 - - [14/Aug/2017:05:54:47 +0000] "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 200 500 127.0.0.1 - - [14/Aug/2017:05:54:47 +0000] "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 200 1745
SAML request can be matched from that of UI screenshot and log snip.