Re: [onap-discuss] AAF Authentication Error #aai [403-Access Denied]

[Brian Freeman]

Certificate unknown seems to imply that the certificate patch didn’t result in 
the right certificate being in the java configuration on the aai pod so that 
now the https to AAF for authentication is failing the certificate check.

If you log into the aai-resource pod what certificate does it see and does that 
cert chain match the cert presented by  
https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.service:2.1

Brian



From: velugubantla.prav...@ltts.com <velugubantla.prav...@ltts.com>
Sent: Saturday, April 18, 2020 10:41 AM
To: onap-discuss@lists.onap.org; hariharan...@wipro.com; FRANEY, JOHN J 
<jf2...@att.com>; FREEMAN, BRIAN D <bf1...@att.com>; FORSYTH, JAMES 
<jf2...@att.com>; Vivekanandan Muthukrishnan 
<vmuthukrish...@aarnanetworks.com>; jgo...@stl.gathman.org; 
morgan.richo...@orange.com; 陈庄洋 <chenzhuangy...@chinamobile.com>
Cc: JOMY JOSE <jomy.j...@ltts.com>; Devangam Manjunatha 
<devangam.manjuna...@ltts.com>; Sudarshan K.S <sudarshan...@ltts.com>
Subject: Re: [onap-discuss] AAF Authentication Error #aai [403-Access Denied]


Hi Team,

We had deployed the ONAP-Elalto with the latest certificate patches of AAI, 
DMAAP & DCAE few days back, from then onwards we are unable perform the robot 
demo init & not able to perform the network preload (it's showing as ACCESS 
DENIED 403). Even i posted that issue in community also. After going through 
the Hari mail, i checked the aai-resource pod then we had also having same 
issue. I had attached the error log please help us in coming out of this issue.



Regards,

________________________________________________________

Velugubantla Praveen

Engineer - CTO-Common

L&T TECHNOLOGY SERVICES LIMITED

L3 Building, Manyata Embassy Business Park,
Nagawara Hobli, Bengaluru-560045

________________________________________________________

Mobile: +91 9154111420



www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ltts.com_&d=DwMFoQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=v88QSga50-ZvQRfGZOaMjqm_g_AK4ktLcJkJ_iNp3X0&s=weDebBZ0WtBhqj2sOBlkyZhGxUyDYoRYGAPgUXvlZEI&e=>

[cid:image001.jpg@01D616F5.559B5490]

________________________________
From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on behalf of 
FRANEY, JOHN J via lists.onap.org 
<jf257r=att....@lists.onap.org<mailto:jf257r=att....@lists.onap.org>>
Sent: Saturday, April 18, 2020 4:47 AM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>; 
hariharan...@wipro.com<mailto:hariharan...@wipro.com> 
<hariharan...@wipro.com<mailto:hariharan...@wipro.com>>
Subject: Re: [onap-discuss] AAF Authentication Error #aai

The error means the server side TLS certificate is not trusted by your client.

Trust is established from the truststore.  The truststore must contain the root 
ca certificate that signed the server side certificate.

This is a configuration error.  Maybe you missed a step during installation.  
Your jvm may not be pointing to the right truststore.


John


-------- Original message --------
From: "hariharan.38 via lists.onap.org" 
<hariharan.38=wipro....@lists.onap.org<mailto:hariharan.38=wipro....@lists.onap.org>>
Date: 4/17/20 7:03 PM (GMT-05:00)
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: [onap-discuss] AAF Authentication Error #aai

Hi All,
Currently when I am trying to give the curl request to AAI,it fails with 403 
forbidden error.When I checked the console logs of the aai-resources pod I am 
getting the  logs as seen in the attached jpg below.Even though my AAF pods are 
running fine the request fails with 403.I am currently using the Dublin release 
.Can anyone please help me out with this issue.

Regards,
Hari


L&T Technology Services Ltd

www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.LTTS.com&d=DwQFoQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=v88QSga50-ZvQRfGZOaMjqm_g_AK4ktLcJkJ_iNp3X0&s=p2jvnylMFI0nc0g4JOezYLXgSle0Aap9_gnCTa-AYMU&e=>

L&T Technology Services Limited (LTTS) is committed to safeguard your data 
privacy. For more information to view our commitment towards data privacy under 
GDPR, please visit the privacy policy on our website 
www.Ltts.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.Ltts.com&d=DwQFoQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=v88QSga50-ZvQRfGZOaMjqm_g_AK4ktLcJkJ_iNp3X0&s=uEpSX0WrsRpMsDCG6Vx8xWw9nL_8ZOYgd3YstNfgESU&e=>.
 This Email may contain confidential or privileged information for the intended 
recipient (s). If you are not the intended recipient, please do not use or 
disseminate the information, notify the sender and delete it from your system.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#20756): https://lists.onap.org/g/onap-discuss/message/20756
Mute This Topic: https://lists.onap.org/mt/73108068/21656
Mute #aai: https://lists.onap.org/mk?hashtag=aai&subid=2740164
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-