[Freeipa-users] FreeIPA + Ipsilon

Wed Aug 6 15:37:00 UTC 2014

On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
> Hi,
> 
> Thanks for the replies. I updated the line with:
> 
> plugins_by_name = dict((p.name, p) for p in self._site[FACILITY]['enabled'])
> 
> and it works (the installation is completed succesfully).
> 
> But now when I try to connect to:
> 
>  https://myidp.example.com/idp
> 
> or I try to configure ipsilon-client (ipsilon-client-install ...) I got
> HTTP 500 Internal Error (with ipsilon background). I put "debug = True"
> in /etc/ipsilon/idp/ipsilon.conf and I got this (in
> /var/log/httpd/error_log):
> 
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Available
> providers: ['saml2']
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> metadata file: metadata.xml
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp key
> file: /var/lib/ipsilon/idp/saml2/idp.key
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  IdP Provider
> registered: saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] enabled:
> 1
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  IdP Provider
> enabled: saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin login
> plugin: krb
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin login
> plugin: pam
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] username
> text: Username
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] password
> text: Password
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] service
> name: remote
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] help text:
> Insert your Username and Password and then submit.
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin login
> plugin: testauth
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [testauth]
> username text: Username
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [testauth]
> password text: Password
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [testauth] help
> text: Insert your Username and Password and then submit.
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin provider
> plugin: saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] default
> allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509']
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> metadata file: metadata.xml
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] default
> email domain: example.com
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] allow
> self registration: True
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp key
> file: /var/lib/ipsilon/idp/saml2/idp.key
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] default
> nameid: persistent
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Traceback (most
> recent call last):
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 104, in run
> [Wed Aug 06 16:22:09 2014] [error]     hook()
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 63, in __call__
> [Wed Aug 06 16:22:09 2014] [error]     return self.callback(**self.kwargs)
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/ipsilon/util/page.py", line 37, in protect
> [Wed Aug 06 16:22:09 2014] [error]     UserSession().remote_login()
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 103, in
> __init__
> [Wed Aug 06 16:22:09 2014] [error]     self.user = self.get_data('user',
> 'name')
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 147, in
> get_data
> [Wed Aug 06 16:22:09 2014] [error]     if facility not in cherrypy.session:
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py",
> line 258, in __contains__
> [Wed Aug 06 16:22:09 2014] [error]     return key in child
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
> line 335, in __contains__
> [Wed Aug 06 16:22:09 2014] [error]     self.load()
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
> line 268, in load
> [Wed Aug 06 16:22:09 2014] [error]     data = self._load()
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
> line 497, in _load
> [Wed Aug 06 16:22:09 2014] [error]     assert self.locked, ("The session
> load without being locked.  "
> [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load without
> being locked.  Check your tools' priority levels.
> [Wed Aug 06 16:22:09 2014] [error]
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP
> [Wed Aug 06 16:22:09 2014] [error] Request Headers:
> [Wed Aug 06 16:22:09 2014] [error]   COOKIE:
> __utma=203412483.1716219377.1393273532.1393273532.1398882487.2;
> __utmz=203412483.1398882487.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided);
> _ga=GA1.2.1716219377.1393273532;
> session_id=0942ebacef3fbcf8f9b21605013b5dfa1454bc93
> [Wed Aug 06 16:22:09 2014] [error]   ACCEPT-LANGUAGE:
> it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2
> [Wed Aug 06 16:22:09 2014] [error]   USER-AGENT: Mozilla/5.0 (X11; Linux
> x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.132
> Safari/537.36
> [Wed Aug 06 16:22:09 2014] [error]   CONNECTION: keep-alive
> [Wed Aug 06 16:22:09 2014] [error]   Remote-Addr: 128.141.28.32
> [Wed Aug 06 16:22:09 2014] [error]   HOST: ltartari3.cern.ch
> [Wed Aug 06 16:22:09 2014] [error]   CACHE-CONTROL: max-age=0
> [Wed Aug 06 16:22:09 2014] [error]   ACCEPT:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> [Wed Aug 06 16:22:09 2014] [error]   ACCEPT-ENCODING: gzip,deflate,sdch
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP Traceback
> (most recent call last):
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 667, in respond
> [Wed Aug 06 16:22:09 2014] [error]     self.hooks.run('before_handler')
> [Wed Aug 06 16:22:09 2014] [error]   File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 114, in run
> [Wed Aug 06 16:22:09 2014] [error]     raise exc
> [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load without
> being locked.  Check your tools' priority levels.
> [Wed Aug 06 16:22:09 2014] [error]
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  ['500 Internal
> Server Error', 'The server encountered an unexpected condition which
> prevented it from fulfilling the request.', 'Traceback (most recent call
> last):\\n  File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 667, in respond\\n    self.hooks.run(\\'before_handler\\')\\n  File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 114, in run\\n    raise exc\\nAssertionError: The session load without
> being locked.  Check your tools\\' priority levels.\\n', '3.5.0']
> 
> and obviously "GET /idp/ HTTP/1.1" 500 1054 in /var/log/httpd/access_log
> 
> Cherrypy bug?
> 
> Thanks.

I've never seen this but I am using Cherrypy 3.2.2 on F20.

Simo.