Project

General

Profile

Task #7913

Story #7912: Correct issues with CN Portal

Update myproxy libraries used by Portal

Added by Dave Vieglais over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
d1_portal_servlet
Target version:
Start date:
2016-10-17
Due date:
% Done:

100%

Estimated time:
0.00 h
Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

Logging in using CILogon is currently broken:

Uh, oh...
There was a problem getting the certificate. Check the server logs...
The stacktrace received was:
java.lang.NoClassDefFoundError: sun/security/pkcs/PKCS10

Cause: sun/security/pkcs/PKCS10

Message: sun/security/pkcs/PKCS10

This appears to be due to use of a (very) old version of the myproxy client (1.0.7).

The current release is 3.3. The portal and related items need to be updated to regain functionality.

Associated revisions

Revision 18329
Added by Rob Nahf over 5 years ago

fixes #7913: updated oa4mp dependencies to current.

Revision 18329
Added by Rob Nahf over 5 years ago

fixes #7913: updated oa4mp dependencies to current.

Revision 18330
Added by Rob Nahf over 5 years ago

fixes #7913: fixed problem with missing constants from oa4mp client api in the new versions. declared oa4mp-client-api as a dependency.

Revision 18330
Added by Rob Nahf over 5 years ago

fixes #7913: fixed problem with missing constants from oa4mp client api in the new versions. declared oa4mp-client-api as a dependency.

Revision 18334
Added by Rob Nahf over 5 years ago

refs: #7913: need to upgrade the postgres table with two new columns to avoid migration issues.

Revision 18334
Added by Rob Nahf over 5 years ago

refs: #7913: need to upgrade the postgres table with two new columns to avoid migration issues.

Revision 18335
Added by Rob Nahf over 5 years ago

refs: #7913. merging the postgres fix in trunk into the 2.2 branch.

Revision 18335
Added by Rob Nahf over 5 years ago

refs: #7913. merging the postgres fix in trunk into the 2.2 branch.

Revision 18336
Added by Rob Nahf over 5 years ago

refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk into the 2.2 branch.

Revision 18336
Added by Rob Nahf over 5 years ago

refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk into the 2.2 branch.

Revision 18337
Added by Rob Nahf over 5 years ago

refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk to the 2.2 branch.

Revision 18337
Added by Rob Nahf over 5 years ago

refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk to the 2.2 branch.

Revision 18339
Added by Rob Nahf over 5 years ago

refs: #7913. bumping the version of portal components (to 2.2.1) to go with the recent oa4mp changes.

Revision 18339
Added by Rob Nahf over 5 years ago

refs: #7913. bumping the version of portal components (to 2.2.1) to go with the recent oa4mp changes.

Revision 18341
Added by Rob Nahf over 5 years ago

refs: #7913. updating stable build control to name the new portal tag (2.2.1) and the CCI release will be 2.2.3. (there were two earlier patch releases).

Revision 18341
Added by Rob Nahf over 5 years ago

refs: #7913. updating stable build control to name the new portal tag (2.2.1) and the CCI release will be 2.2.3. (there were two earlier patch releases).

Revision 18342
Added by Rob Nahf over 5 years ago

refs: #7913. updating stable build control to name the new portal tag (2.2.1)

Revision 18342
Added by Rob Nahf over 5 years ago

refs: #7913. updating stable build control to name the new portal tag (2.2.1)

Revision 18358
Added by Rob Nahf over 5 years ago

refs: #7913. bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file.

Revision 18358
Added by Rob Nahf over 5 years ago

refs: #7913. bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file.

Revision 18362
Added by Rob Nahf over 5 years ago

refs: #7913. re-bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file, to fix some mistaken elements added to client.xml.

Revision 18362
Added by Rob Nahf over 5 years ago

refs: #7913. re-bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file, to fix some mistaken elements added to client.xml.

History

#1 Updated by Rob Nahf over 5 years ago

  • translation missing: en.field_remaining_hours set to 0.0
  • % Done changed from 0 to 100
  • Status changed from New to Closed

I updated the 2 oa4mp dependencies in d1_portal from 1.0.7 to 3.3.

Notes:
- I had to change the type of the -oath1 dependency to war
- I had to add an extra dependency oa4mp-client-loader-oath1 to get the EnvironmentUtil (or similar) class definition to be found. - It must have migrated to the new package since 1.0.7.
- this package jumped from 1.x to 3.x in the maven repositories (there were no 2.x releases)

#2 Updated by Rob Nahf over 5 years ago

  • Estimated time set to 0.00

ClientServlet got rid of these constants, so I had to declare them in the subclass "SuccessServlet" in d1_portal_servlet. (Are these really test classes?)

// these used to be constants in ClientServlet, but were refactored
// out between 1.0.7 and 1.1 (no hint of where they might be now, or
// if they are still ok to use...)
public static final String TOKEN_KEY = "oauth_token";
public static final String VERIFIER_KEY = "oauth_verifier";

#3 Updated by Dave Vieglais over 5 years ago

  • % Done changed from 100 to 30
  • Status changed from Closed to In Progress

Reopening this issue after examining installation on cn-sandbox-2.

Might need to get Ben involved as this appears to go deeper than just the lib update.

attempting to logon using CILogon now results in an error message:

Uh, oh...
There was a problem getting the certificate. Check the server logs...
The stacktrace received was:
org.postgresql.util.PSQLException: ERROR: column "cert_req" of relation "assets" does not exist
Position: 26

Cause: ERROR: column "cert_req" of relation "assets" does not exist Position: 26

Message: ERROR: column "cert_req" of relation "assets" does not exist Position: 26

#4 Updated by Ben Leinfelder over 5 years ago

Jumping up versions probably means the postgres DB needs to be modified to match the newer library.
http://grid.ncsa.illinois.edu/myproxy/oauth/common/configuration/postgres-store.xhtml

I'm looking to see if there is a drop-in replacement for:
https://repository.dataone.org/software/cicore/trunk/cn-buildout/dataone-cn-portal/usr/share/portal/debian/portal-tables.sql

If not, we can email CILogon (Jeff Gaynor, likely) for guidance.

#5 Updated by Ben Leinfelder over 5 years ago

It's one of the two links on that page.

OA4MP client install script
http://svn.code.sf.net/p/cilogon/code/tags/latest/client/postgres.sql

OA4MP OAuth2 client install script
http://svn.code.sf.net/p/cilogon/code/tags/latest/client/oauth2-postgres.sql

If you update this in cn-buildout, the install process should drop and recreate the DB with the newer schema.

#6 Updated by Dave Vieglais over 5 years ago

Moved to CCI-2.2.1 release

#7 Updated by Rob Nahf over 5 years ago

a direct way to the problem:

https://cn-dev-2.test.dataone.org/portal/startRequest?target=/portal/account.jsp

portal logs to:

/var/log/tomcat7/portal.log.0

#8 Updated by Rob Nahf over 5 years ago

merged turnk changes in d1_portal, d1_portal_servlet, and cn-buildout/dataone-cn-portal into their respective 2.2 branch projects. All three corresponding jenkins-1 jobs ran successfully, so there should be a new debian package that can be picked up for STAGE or SANDBOX deployments (CNs pulling from ubuntu-beta debian channel)

#9 Updated by Rob Nahf over 5 years ago

deployed the new dataone-cn-portal to SANDBOX, and

https://cn-sandbox.test.dataone.org/portal/startRequest?target=/portal/account.jsp

now works.

Interesting that the first call after restart shows a significant delay in giving a response. Second call is much, much more prompt in returning. Maybe there's some lazy initialization going on?

#10 Updated by Rob Nahf over 5 years ago

problems occurred in production deployment due to oa4mp using the (same) default keystore password we use in test environments. When deployed to production, we lost access to the java keystore, and errors were thrown.

The solution is to add a keystore configuration to the client.xml file in d1_portal_servlet.

this explains how:
http://grid.ncsa.illinois.edu/myproxy/oauth/client/manuals/storage.xhtml

in WEB-INF/client.xml:

...

#11 Updated by Dave Vieglais over 5 years ago

  • % Done changed from 30 to 100
  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)