Can you please enable DEBUG log of the SSO package and try login and then share the logs, please?
You can enable the debug log as following (use admin@internal password): /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh --controller=127.0.0.1:8706 --connect --user=admin@internal "/subsystem=logging/logger=org.ovirt.engine.core.sso:add" && /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh --controller=127.0.0.1:8706 --connect --user=admin@internal "/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)" After tests you can disable it later as follows: $ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh --controller=127.0.0.1:8706 --connect --user=admin@internal "/subsystem=logging/logger=org.ovirt.engine.core.sso:remove" On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <[email protected]> wrote: > Hello Everyone, > Anything else possible to check ? > > Slava. > > ________________________________ > From: "Slava Bendersky" <[email protected]> > To: "Ondra Machacek" <[email protected]> > Cc: "users" <[email protected]> > Sent: Saturday, February 4, 2017 2:27:31 PM > > Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 > > Hello Ondra, > Log is empty > > [root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log > -rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log > > Slava. > > ________________________________ > From: "Ondra Machacek" <[email protected]> > To: "Slava Bendersky" <[email protected]> > Cc: "users" <[email protected]>, "Ravi" <[email protected]> > Sent: Saturday, February 4, 2017 10:35:31 AM > Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 > > > > On Feb 4, 2017 1:21 AM, "Slava Bendersky" <[email protected]> wrote: > > Hello Everyone, > Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt > 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I > log to web admin with internal user and added FeeIPA user as SuperUser role. > Also I added under System FreeIPA group authorized to login on any attempt > to login with FreeIPA credentials getting message > > > 2017-02-04 00:03:08,464Z ERROR > [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6) > [] Internal Server Error: Unsupported command > 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] > (default task-6) [] Unsupported command > 2017-02-04 00:03:08,659Z ERROR > [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] > server_error: Unsupported command > > > Ravi, do you know what this can cause? > > > > Also when in extensions.d directory contain the following files. If I remove > mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up > in drop down list. Any http don't have influence on this. > > > That is correct behavior, we dont show profiles, which uses http for authn. > > > [root@vhe00 extensions.d]# pwd > /etc/ovirt-engine/extensions.d > > [root@vhe00 extensions.d]# ls > mydomain.lan-authn.properties mydomain.lan-http-authn.properties > mydomain.lan.properties internal-authz.properties > mydomain.lan-authz.properties mydomain.lan-http-mapping.properties > internal-authn.properties > [root@vhe00 extensions.d]# > > > If possible clarify how it should be and what is possible issue. > > > Can you please take a look to /var/log/httpd/ssl_error_log if any errors > there? > > > > > Slava. > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
