Thanks for the help Oved, you are my savior. Regards ly pan
2013/1/4 Oved Ourfalli <[email protected]>: > Hey, > > First of all, you forgot to add the EngineSimplePreAuthFilter to the filter > chain (you just added the bean). Indeed this is what is causing the problem... Now I can browse the reports using 'show report' feature, thanks a lot :) However when I browse to dashboard, it shows 'Specified page not found', I think this is not related to this sso topic now, I'll look into this later. > See http://gerrit.ovirt.org/#/c/3355/: > > * Adding the EngineSimplePreAuthFilter filter to the filter chain for /**: > > /**=httpSessionContextIntegrationFilter,multipartRequestWrapperFilter,webAppSecurityFilter,jsCsrfGuardFilter,${bean.loggingFilter},${bean.userPreferencesFilter},${bean.authenticationProcessingFilter},${bean.userPreferencesFilter},${bean.basicProcessingFilter},EngineSimplePreAuthFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter,iPadSupportFilter > > You basically defined the pre authentication filter, but it wasn't used in > your filter chain. > > As for http / https for the jasper server, not sure they should be equal > (i.e., both http or both https). I think it should work well even if one is > secured while the other isn't. > First try to add the the Filter to the filter chain, and let's see what > happens. > > Also, you can set the following options in the EngineSimplePreAuthFilter bean > in case of ssl issues (in case you want to skip validation just to see that > it works, without the need to troubleshoot exactly what's the problem): > sslIgnoreCertErrors > sslIgnoreHostVerification > > You set them by adding the lines > <property name="sslIgnoreCertErrors" value="true"/> > <property name="sslIgnoreHostVerification" value="true"/> > to the bean definition (in addition to all the other options you used): > > So, in your resulting file you should have: > > /**=httpSessionContextIntegrationFilter,multipartRequestWrapperFilter,webAppSecurityFilter,jsCsrfGuardFilter,${bean.loggingFilter},${bean.userPreferencesFilter},${bean.authenticationProcessingFilter},${bean.userPreferencesFilter},${bean.basicProcessingFilter},EngineSimplePreAuthFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter,iPadSupportFilter > > and also have (if you choose to change the ssl definitions to be more > permissive): > > <bean id="EngineSimplePreAuthFilter" > class="org.ovirt.authentication.EngineSimplePreAuthFilter"> > <property name="authenticationManager"> > <ref bean="authenticationManager"></ref> > </property> > <property name="servletURL" > value="http://localhost/OvirtEngineWeb/ValidateSession";></property> > <property name="pollingTimeout" value="60"></property> > <property name="trustStorePath" > value="/etc/pki/ovirt-engine/.truststore"></property> > <property name="trustStorePassword" value=""></property> > <property name="sslIgnoreCertErrors" value="true"/> > <property name="sslIgnoreHostVerification" value="true"/> > </bean> > > Also, try looking out for the jasper server log in case of problems. > > btw, does the report server work well for you when working with it not > through the webadmin? Make sure it does before you bother to troubleshoot the > SSO. > > Hope it helps, > Oved > > > ----- Original Message ----- >> From: "ly pan" <[email protected]> >> To: "Oved Ourfalli" <[email protected]> >> Cc: [email protected] >> Sent: Thursday, January 3, 2013 5:43:25 PM >> Subject: Re: [Engine-devel] Problem in ovirt-reports sso >> >> Thanks for the help, Oved >> >> I want to add some info: >> 1. my environment is fc17, my browser is firefox. >> 2. I access admin portal using https (rpm has done that for me) while >> my jasper configuration is http >> in db's RedirectServletReportsPage and >> applicationContext-security-web.xml, every time I browse to >> dashboard the browser prompt me with the message about >> unencrypted >> connection in encrypted page. >> Should I use https for jasper as well? >> If this is the case, what configuration shoud be added? >> >> Thanks! >> >> ly pan >> >> >> 2013/1/3 Oved Ourfalli <[email protected]>: >> > See comments/questions inline. >> > >> > Oved >> > >> > ----- Original Message ----- >> >> From: "ly pan" <[email protected]> >> >> To: [email protected] >> >> Sent: Thursday, January 3, 2013 5:23:32 AM >> >> Subject: [Engine-devel] Problem in ovirt-reports sso >> >> >> >> Hello, I have a reports problem which has got me for many days >> >> now. >> >> The reports sso feature is not functioning in my invironment. >> >> I followed the steps from the wiki page: >> >> http://www.ovirt.org/How_to_setup_a_oVirt_Reports_development_environment >> >> http://www.ovirt.org/Features/Design/Reports_Dashboard >> >> and the patch related to sso: >> >> http://gerrit.ovirt.org/#change,3355 >> >> >> >> here is my steps: >> >> 1. install jasperreports 4.7.0 using the bundled tomcat and the >> >> existing DB >> >> 2. modify the db password in ovirt.xml >> >> 3. import the reports using js-import.sh >> >> 4. add the EngineSimplePreAuthFilter in >> >> applicationContext-security-web.xml >> > Can you share that file with us? (obviously remove sensitive data >> > from it, such as keystore password). >> Of course, see the attached files. >> > >> >> 5. add Reports.xml to the wenadmin folder and change >> >> RedirectServletReportsPage in db >> >> 6. generate a keystore using keytool and update >> >> EngineSimplePreAuthFilter in applicationContext-security-web.xml >> > You're supposed to create a trust store, that trusts the >> > certificate of the oVirt engine. Did you do that? >> I didn't add the certificate to truststore,my bad. But I changed the >> trustStore file to the existing /etc/pki/ovirt-engine/.truststore >> in applicationContext-security-web.xml, nothing changed at all. >> > >> >> 7. install the ovirt-dwh rpm package made from source and run >> >> ovirt-engine-dwh-setup >> >> 8. start the ovirt-engine service and the tomcat >> >> >> >> And all the projects, ovirt-dwh, ovirt-reports, ovirt-engine, is >> >> build >> >> from the latest source. >> >> >> >> When I browse to the dashboard in webadmin portal,it just shows a >> >> jasper login page, >> >> so the sso is not functioning, right? >> > Can you please attach the jboss logs? (engine.log and server.log). >> these two logs have no new messages when I browse to the dashboard,I >> think it is not necesssary...but I'll attach it anyhow, >> and please skip the earlier log messages about wrong db password. >> > >> >> I can login and browse jasper reports in a browser page normally. >> >> So I try to login in dashboard using reports user, tomcat gives me >> >> a >> >> Exception: >> >> >> >> "java.lang.IllegalArgumentException: An id is required to lookup a >> >> FlowDefinition" >> >> >> > Not sure if that error is related or not, but hopefully the logs >> > will point us to the problem. >> the full stack trace is in the attach file catalina.out from tomcat >> logs. >> >> > >> >> What might be the problem? Am I missing anything? >> >> Any help would be appriciated, thanks. >> >> _______________________________________________ >> >> Engine-devel mailing list >> >> [email protected] >> >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> >> >> _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
