[Freeipa-users] FreeIPA + Ipsilon

Luca Tartarini ltartarini90 at gmail.com
Thu Aug 7 15:49:51 UTC 2014 

Hi,

thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when
I try to login with 'admin' account ('admin' user created previously during
the installation of ipa-server) I can't see the Administration tab.
Basically this condition (in /usr/share/ipsilon/templates/index.html) is
not satisfied:

{% if user.is_admin %}
          <a href="{{ basepath }}/admin" id="admin">Administration</a> |
{% endif %}

For ipsilon-server installation I run:

ipsilon-server-install --secure=no --ipa=yes --krb=yes

because I read that 'admin' is default.
When I login with 'admin' in IPA Identity Management it is all ok (I login
as administrator), with IPSILON I can login but not as administrator.

I used the last version of jinja2 (jinja2 2.7.2).

Log of ipsilon-server-install:

[2014-08-07 17:48:11,242] Intallation arguments:
[2014-08-07 17:48:11,242] admin_user: admin
[2014-08-07 17:48:11,242] config_profile: None
[2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch
[2014-08-07 17:48:11,242] instance: idp
[2014-08-07 17:48:11,242] ipa: yes
[2014-08-07 17:48:11,243] krb: yes
[2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab
[2014-08-07 17:48:11,243] krb_realms: None
[2014-08-07 17:48:11,243] lm_order: ['krb']
[2014-08-07 17:48:11,243] pam: no
[2014-08-07 17:48:11,243] pam_service: remote
[2014-08-07 17:48:11,243] saml2: yes
[2014-08-07 17:48:11,243] secure: no
[2014-08-07 17:48:11,243] server_debugging: False
[2014-08-07 17:48:11,244] system_user: ipsilon
[2014-08-07 17:48:11,244] testauth: no
[2014-08-07 17:48:11,244] uninstall: False
[2014-08-07 17:48:11,244] Installation initiated
[2014-08-07 17:48:11,244] Installing default config files
[2014-08-07 17:48:11,461] Configuring environment helpers
Searching for keytab in: /etc/httpd/conf/http.keytab ... Found!
Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found!
[2014-08-07 17:48:11,486] Configuring login managers
Cannot set persistent booleans without managed policy.
[2014-08-07 17:48:12,126] Configuring Authentication Providers
Generating a 2048 bit RSA private key
.............+++
..............+++
writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key'
-----
Installation complete.
Please restart HTTPD to enable the IdP instance.


Thanks in advance.

Luca Tartarini


2014-08-06 17:37 GMT+02:00 Simo Sorce <ssorce at redhat.com>:

> On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
> > Hi,
> >
> > Thanks for the replies. I updated the line with:
> >
> > plugins_by_name = dict((p.name, p) for p in
> self._site[FACILITY]['enabled'])
> >
> > and it works (the installation is completed succesfully).
> >
> > But now when I try to connect to:
> >
> >  https://myidp.example.com/idp
> >
> > or I try to configure ipsilon-client (ipsilon-client-install ...) I got
> > HTTP 500 Internal Error (with ipsilon background). I put "debug = True"
> > in /etc/ipsilon/idp/ipsilon.conf and I got this (in
> > /var/log/httpd/error_log):
> >
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Available
> > providers: ['saml2']
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > metadata file: metadata.xml
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> key
> > file: /var/lib/ipsilon/idp/saml2/idp.key
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  IdP Provider
> > registered: saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2]
> enabled:
> > 1
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  IdP Provider
> > enabled: saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin login
> > plugin: krb
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin login
> > plugin: pam
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] username
> > text: Username
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] password
> > text: Password
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] service
> > name: remote
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [pam] help
> text:
> > Insert your Username and Password and then submit.
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin login
> > plugin: testauth
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [testauth]
> > username text: Username
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [testauth]
> > password text: Password
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [testauth]
> help
> > text: Insert your Username and Password and then submit.
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Admin provider
> > plugin: saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2]
> default
> > allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509']
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > metadata file: metadata.xml
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2]
> default
> > email domain: example.com
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] allow
> > self registration: True
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> key
> > file: /var/lib/ipsilon/idp/saml2/idp.key
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  [saml2]
> default
> > nameid: persistent
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  Traceback
> (most
> > recent call last):
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> > line 104, in run
> > [Wed Aug 06 16:22:09 2014] [error]     hook()
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> > line 63, in __call__
> > [Wed Aug 06 16:22:09 2014] [error]     return
> self.callback(**self.kwargs)
> > [Wed Aug 06 16:22:09 2014] [error]   File
> > "/usr/lib/python2.6/site-packages/ipsilon/util/page.py", line 37, in
> protect
> > [Wed Aug 06 16:22:09 2014] [error]     UserSession().remote_login()
> > [Wed Aug 06 16:22:09 2014] [error]   File
> > "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 103, in
> > __init__
> > [Wed Aug 06 16:22:09 2014] [error]     self.user = self.get_data('user',
> > 'name')
> > [Wed Aug 06 16:22:09 2014] [error]   File
> > "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 147, in
> > get_data
> > [Wed Aug 06 16:22:09 2014] [error]     if facility not in
> cherrypy.session:
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py",
> > line 258, in __contains__
> > [Wed Aug 06 16:22:09 2014] [error]     return key in child
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
> > line 335, in __contains__
> > [Wed Aug 06 16:22:09 2014] [error]     self.load()
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
> > line 268, in load
> > [Wed Aug 06 16:22:09 2014] [error]     data = self._load()
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
> > line 497, in _load
> > [Wed Aug 06 16:22:09 2014] [error]     assert self.locked, ("The session
> > load without being locked.  "
> > [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load
> without
> > being locked.  Check your tools' priority levels.
> > [Wed Aug 06 16:22:09 2014] [error]
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP
> > [Wed Aug 06 16:22:09 2014] [error] Request Headers:
> > [Wed Aug 06 16:22:09 2014] [error]   COOKIE:
> > __utma=203412483.1716219377.1393273532.1393273532.1398882487.2;
> >
> __utmz=203412483.1398882487.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided);
> > _ga=GA1.2.1716219377.1393273532;
> > session_id=0942ebacef3fbcf8f9b21605013b5dfa1454bc93
> > [Wed Aug 06 16:22:09 2014] [error]   ACCEPT-LANGUAGE:
> > it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2
> > [Wed Aug 06 16:22:09 2014] [error]   USER-AGENT: Mozilla/5.0 (X11; Linux
> > x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.132
> > Safari/537.36
> > [Wed Aug 06 16:22:09 2014] [error]   CONNECTION: keep-alive
> > [Wed Aug 06 16:22:09 2014] [error]   Remote-Addr: 128.141.28.32
> > [Wed Aug 06 16:22:09 2014] [error]   HOST: ltartari3.cern.ch
> > [Wed Aug 06 16:22:09 2014] [error]   CACHE-CONTROL: max-age=0
> > [Wed Aug 06 16:22:09 2014] [error]   ACCEPT:
> >
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> > [Wed Aug 06 16:22:09 2014] [error]   ACCEPT-ENCODING: gzip,deflate,sdch
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP Traceback
> > (most recent call last):
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> > line 667, in respond
> > [Wed Aug 06 16:22:09 2014] [error]     self.hooks.run('before_handler')
> > [Wed Aug 06 16:22:09 2014] [error]   File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> > line 114, in run
> > [Wed Aug 06 16:22:09 2014] [error]     raise exc
> > [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load
> without
> > being locked.  Check your tools' priority levels.
> > [Wed Aug 06 16:22:09 2014] [error]
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]  ['500 Internal
> > Server Error', 'The server encountered an unexpected condition which
> > prevented it from fulfilling the request.', 'Traceback (most recent call
> > last):\\n  File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> > line 667, in respond\\n    self.hooks.run(\\'before_handler\\')\\n  File
> >
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> > line 114, in run\\n    raise exc\\nAssertionError: The session load
> without
> > being locked.  Check your tools\\' priority levels.\\n', '3.5.0']
> >
> > and obviously "GET /idp/ HTTP/1.1" 500 1054 in /var/log/httpd/access_log
> >
> > Cherrypy bug?
> >
> > Thanks.
>
> I've never seen this but I am using Cherrypy 3.2.2 on F20.
>
> Simo.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140807/da354e2e/attachment.htm>

More information about the Freeipa-users mailing list