[Freeipa-users] blank user screen? (web UI)

Petr Vobornik pvoborni at redhat.com
Mon Jun 22 17:11:17 UTC 2015 

On 06/22/2015 06:39 PM, Janelle wrote:
> On 6/22/15 9:25 AM, Petr Vobornik wrote:
>> On 06/22/2015 04:15 PM, Janelle wrote:
>>> On 6/22/15 5:15 AM, Petr Vobornik wrote:
>>>> On 06/21/2015 08:35 AM, Janelle wrote:
>>>>> Hi,
>>>>>
>>>>> Sure. Just login as a normal user to the WEB UI. screen is blank:
>>>>>
>>>>> Of course, if you click on Actions - you will see those and you can
>>>>> click on
>>>>> them, but you can't do anything else. This is a vanilla server
>>>>> install, nothing
>>>>> fancy. Oh and there is no error message at all. Any browser = same
>>>>> results.
>>>>>
>>>>> Tried clearing cache, history, web data.. Everything. Many of my
>>>>> users report
>>>>> the same thing.  This is 7.1 with IPA 4.1.7
>>>>>
>>>>> Now the funny part - login as "admin" and everything works fine. But
>>>>> I certainly
>>>>> can't have everyone logging in as admin. :-)
>>>>>
>>>>> ~Janelle
>>>>
>>>> Do you see any error in browser console?
>>>>
>>>> Does this happen also to a user which doesn't have any RBAC role
>>>> assigned(either directly or indrectly)?
>>> AHA -- perhaps a clue:
>>>
>>> [Error] Failed to load resource: the server responded with a status of
>>> 401 (Unauthorized) (json, line 0)
>>> [Error] Failed to load resource: the server responded with a status of
>>> 401 (Unauthorized) (login_kerberos, line 0)
>>> [Error] Failed to load resource: the server responded with a status of
>>> 404 (Not Found) (jquery-2.0.3.min.map, line 0)
>>>
>>> ~J
>>
>> These errors are expected. First two happens when user is not yet
>> authenticated. Third line is just about file for jquery debugging
>> which is not shipped with ipa.
>>
>> Could you inspect other json request? Mainly the 3 which are executed
>> on navigating to user details page (or after clicking on "refresh"
>> button on the page). Does the first result of first request (of the
>> three) contain user data as in
>> <https://pvoborni.fedorapeople.org/images/user_response_data.png>
>>
>> I'm unable to reproduce the issue with
>> ipa-server-4.1.0-18.el7_1.3.x86_64.
>>
>> Do these users have some special permissions/roles/rights?
> The user I did the same from is a User Administrator, however, all the
> other users are NOT.  And if you watch closely, all the details do flash
> the screen, but then disappear. Refresh does nothing.  The one thing -
> it works flawlessly for "admin" account.
>
> versions (I believe in the newest -- perhaps a bad idea)
>
> freeipa-client-4.1.4-1.el7.centos.x86_64
> freeipa-server-4.1.4-1.el7.centos.x86_64
> freeipa-python-4.1.4-1.el7.centos.x86_64
>
>
> on a user screen after login -  :
>
> [Error] Failed to load resource: the server responded with a status of
> 401 (Unauthorized) (json, line 0)
> [Error] Failed to load resource: the server responded with a status of
> 401 (Unauthorized) (login_kerberos, line 0)
> [Error] Failed to load resource: the server responded with a status of
> 404 (Not Found) (jquery-2.0.3.min.map, line 0)
> [Error] Failed to load resource: the server responded with a status of
> 401 (Unauthorized) (json, line 0)
> [Error] Failed to load resource: the server responded with a status of
> 401 (Unauthorized) (login_kerberos, line 0)
> [Error] Failed to load resource: the server responded with a status of
> 404 (Not Found) (jquery-2.0.3.min.map, line 0)
> [Error] Failed to load resource: the server responded with a status of
> 404 (Not Found) (jquery-2.0.3.min.map, line 0)
>
> ~Janelle

If I understand it correctly, you get bunch of 401 Unauthorized errors 
after successful auth? This should not happen. I have seen something 
similar when clients were couple minutes in a future than the ipa server 
(assuming forms based auth is used, otherwise it would fail on obtaining 
TGT) because session expires immediately if clients are more than 20 
mins ahead. Or when krb ticket TTL was less than 5 minutes.

Are there any "200 Success" requests to "ipa/session/json" or 
ipa/session/login_password in the network tab as shown on image: 
https://pvoborni.fedorapeople.org/images/user_response_data.png after 
successful login?
-- 
Petr Vobornik

More information about the Freeipa-users mailing list