Task #7913
Story #7912: Correct issues with CN Portal
Update myproxy libraries used by Portal
100%
Description
Logging in using CILogon is currently broken:
Uh, oh...
There was a problem getting the certificate. Check the server logs...
The stacktrace received was:
java.lang.NoClassDefFoundError: sun/security/pkcs/PKCS10
Cause: sun/security/pkcs/PKCS10
Message: sun/security/pkcs/PKCS10
This appears to be due to use of a (very) old version of the myproxy client (1.0.7).
The current release is 3.3. The portal and related items need to be updated to regain functionality.
Associated revisions
fixes #7913: updated oa4mp dependencies to current.
fixes #7913: updated oa4mp dependencies to current.
fixes #7913: fixed problem with missing constants from oa4mp client api in the new versions. declared oa4mp-client-api as a dependency.
fixes #7913: fixed problem with missing constants from oa4mp client api in the new versions. declared oa4mp-client-api as a dependency.
refs: #7913: need to upgrade the postgres table with two new columns to avoid migration issues.
refs: #7913: need to upgrade the postgres table with two new columns to avoid migration issues.
refs: #7913. merging the postgres fix in trunk into the 2.2 branch.
refs: #7913. merging the postgres fix in trunk into the 2.2 branch.
refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk into the 2.2 branch.
refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk into the 2.2 branch.
refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk to the 2.2 branch.
refs: #7913. merging oa4mp fix (3.x version of dependency) in trunk to the 2.2 branch.
refs: #7913. bumping the version of portal components (to 2.2.1) to go with the recent oa4mp changes.
refs: #7913. bumping the version of portal components (to 2.2.1) to go with the recent oa4mp changes.
refs: #7913. updating stable build control to name the new portal tag (2.2.1) and the CCI release will be 2.2.3. (there were two earlier patch releases).
refs: #7913. updating stable build control to name the new portal tag (2.2.1) and the CCI release will be 2.2.3. (there were two earlier patch releases).
refs: #7913. updating stable build control to name the new portal tag (2.2.1)
refs: #7913. updating stable build control to name the new portal tag (2.2.1)
refs: #7913. bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file.
refs: #7913. bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file.
refs: #7913. re-bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file, to fix some mistaken elements added to client.xml.
refs: #7913. re-bumped patch versions in dataone-cn-portal, d1_portal_servlet, and s1_stable_build_control properties file, to fix some mistaken elements added to client.xml.
History
#1 Updated by Rob Nahf over 7 years ago
- translation missing: en.field_remaining_hours set to 0.0
- % Done changed from 0 to 100
- Status changed from New to Closed
I updated the 2 oa4mp dependencies in d1_portal from 1.0.7 to 3.3.
Notes:
- I had to change the type of the -oath1 dependency to war
- I had to add an extra dependency oa4mp-client-loader-oath1 to get the EnvironmentUtil (or similar) class definition to be found. - It must have migrated to the new package since 1.0.7.
- this package jumped from 1.x to 3.x in the maven repositories (there were no 2.x releases)
#2 Updated by Rob Nahf over 7 years ago
- Estimated time set to 0.00
ClientServlet got rid of these constants, so I had to declare them in the subclass "SuccessServlet" in d1_portal_servlet. (Are these really test classes?)
// these used to be constants in ClientServlet, but were refactored // out between 1.0.7 and 1.1 (no hint of where they might be now, or // if they are still ok to use...) public static final String TOKEN_KEY = "oauth_token"; public static final String VERIFIER_KEY = "oauth_verifier";
#3 Updated by Dave Vieglais over 7 years ago
- % Done changed from 100 to 30
- Status changed from Closed to In Progress
Reopening this issue after examining installation on cn-sandbox-2.
Might need to get Ben involved as this appears to go deeper than just the lib update.
attempting to logon using CILogon now results in an error message:
Uh, oh...
There was a problem getting the certificate. Check the server logs...
The stacktrace received was:
org.postgresql.util.PSQLException: ERROR: column "cert_req" of relation "assets" does not exist
Position: 26
Cause: ERROR: column "cert_req" of relation "assets" does not exist Position: 26
Message: ERROR: column "cert_req" of relation "assets" does not exist Position: 26
#4 Updated by Ben Leinfelder over 7 years ago
Jumping up versions probably means the postgres DB needs to be modified to match the newer library.
http://grid.ncsa.illinois.edu/myproxy/oauth/common/configuration/postgres-store.xhtml
I'm looking to see if there is a drop-in replacement for:
https://repository.dataone.org/software/cicore/trunk/cn-buildout/dataone-cn-portal/usr/share/portal/debian/portal-tables.sql
If not, we can email CILogon (Jeff Gaynor, likely) for guidance.
#5 Updated by Ben Leinfelder over 7 years ago
It's one of the two links on that page.
OA4MP client install script
http://svn.code.sf.net/p/cilogon/code/tags/latest/client/postgres.sql
OA4MP OAuth2 client install script
http://svn.code.sf.net/p/cilogon/code/tags/latest/client/oauth2-postgres.sql
If you update this in cn-buildout, the install process should drop and recreate the DB with the newer schema.
#6 Updated by Dave Vieglais over 7 years ago
Moved to CCI-2.2.1 release
#7 Updated by Rob Nahf over 7 years ago
a direct way to the problem:
https://cn-dev-2.test.dataone.org/portal/startRequest?target=/portal/account.jsp
portal logs to:
/var/log/tomcat7/portal.log.0
#8 Updated by Rob Nahf over 7 years ago
merged turnk changes in d1_portal, d1_portal_servlet, and cn-buildout/dataone-cn-portal into their respective 2.2 branch projects. All three corresponding jenkins-1 jobs ran successfully, so there should be a new debian package that can be picked up for STAGE or SANDBOX deployments (CNs pulling from ubuntu-beta debian channel)
#9 Updated by Rob Nahf over 7 years ago
deployed the new dataone-cn-portal to SANDBOX, and
https://cn-sandbox.test.dataone.org/portal/startRequest?target=/portal/account.jsp
now works.
Interesting that the first call after restart shows a significant delay in giving a response. Second call is much, much more prompt in returning. Maybe there's some lazy initialization going on?
#10 Updated by Rob Nahf over 7 years ago
problems occurred in production deployment due to oa4mp using the (same) default keystore password we use in test environments. When deployed to production, we lost access to the java keystore, and errors were thrown.
The solution is to add a keystore configuration to the client.xml file in d1_portal_servlet.
this explains how:
http://grid.ncsa.illinois.edu/myproxy/oauth/client/manuals/storage.xhtml
in WEB-INF/client.xml:
...
#11 Updated by Dave Vieglais over 7 years ago
- % Done changed from 30 to 100
- Status changed from In Progress to Closed
