Hi, thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when I try to login with 'admin' account ('admin' user created previously during the installation of ipa-server) I can't see the Administration tab. Basically this condition (in /usr/share/ipsilon/templates/index.html) is not satisfied:
{% if user.is_admin %} <a href="{{ basepath }}/admin" id="admin">Administration</a> | {% endif %} For ipsilon-server installation I run: ipsilon-server-install --secure=no --ipa=yes --krb=yes because I read that 'admin' is default. When I login with 'admin' in IPA Identity Management it is all ok (I login as administrator), with IPSILON I can login but not as administrator. I used the last version of jinja2 (jinja2 2.7.2). Log of ipsilon-server-install: [2014-08-07 17:48:11,242] Intallation arguments: [2014-08-07 17:48:11,242] admin_user: admin [2014-08-07 17:48:11,242] config_profile: None [2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch [2014-08-07 17:48:11,242] instance: idp [2014-08-07 17:48:11,242] ipa: yes [2014-08-07 17:48:11,243] krb: yes [2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab [2014-08-07 17:48:11,243] krb_realms: None [2014-08-07 17:48:11,243] lm_order: ['krb'] [2014-08-07 17:48:11,243] pam: no [2014-08-07 17:48:11,243] pam_service: remote [2014-08-07 17:48:11,243] saml2: yes [2014-08-07 17:48:11,243] secure: no [2014-08-07 17:48:11,243] server_debugging: False [2014-08-07 17:48:11,244] system_user: ipsilon [2014-08-07 17:48:11,244] testauth: no [2014-08-07 17:48:11,244] uninstall: False [2014-08-07 17:48:11,244] Installation initiated [2014-08-07 17:48:11,244] Installing default config files [2014-08-07 17:48:11,461] Configuring environment helpers Searching for keytab in: /etc/httpd/conf/http.keytab ... Found! Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found! [2014-08-07 17:48:11,486] Configuring login managers Cannot set persistent booleans without managed policy. [2014-08-07 17:48:12,126] Configuring Authentication Providers Generating a 2048 bit RSA private key .............+++ ..............+++ writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key' ----- Installation complete. Please restart HTTPD to enable the IdP instance. Thanks in advance. Luca Tartarini 2014-08-06 17:37 GMT+02:00 Simo Sorce <sso...@redhat.com>: > On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote: > > Hi, > > > > Thanks for the replies. I updated the line with: > > > > plugins_by_name = dict((p.name, p) for p in > self._site[FACILITY]['enabled']) > > > > and it works (the installation is completed succesfully). > > > > But now when I try to connect to: > > > > https://myidp.example.com/idp > > > > or I try to configure ipsilon-client (ipsilon-client-install ...) I got > > HTTP 500 Internal Error (with ipsilon background). I put "debug = True" > > in /etc/ipsilon/idp/ipsilon.conf and I got this (in > > /var/log/httpd/error_log): > > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available > > providers: ['saml2'] > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > storage path: /var/lib/ipsilon/idp/saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > metadata file: metadata.xml > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > storage path: /var/lib/ipsilon/idp/saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > key > > file: /var/lib/ipsilon/idp/saml2/idp.key > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > storage path: /var/lib/ipsilon/idp/saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider > > registered: saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > enabled: > > 1 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider > > enabled: saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login > > plugin: krb > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login > > plugin: pam > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username > > text: Username > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password > > text: Password > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service > > name: remote > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help > text: > > Insert your Username and Password and then submit. > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login > > plugin: testauth > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] > > username text: Username > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] > > password text: Password > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] > help > > text: Insert your Username and Password and then submit. > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin provider > > plugin: saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > default > > allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509'] > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > metadata file: metadata.xml > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > default > > email domain: example.com > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] allow > > self registration: True > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > key > > file: /var/lib/ipsilon/idp/saml2/idp.key > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > storage path: /var/lib/ipsilon/idp/saml2 > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > default > > nameid: persistent > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Traceback > (most > > recent call last): > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > line 104, in run > > [Wed Aug 06 16:22:09 2014] [error] hook() > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > line 63, in __call__ > > [Wed Aug 06 16:22:09 2014] [error] return > self.callback(**self.kwargs) > > [Wed Aug 06 16:22:09 2014] [error] File > > "/usr/lib/python2.6/site-packages/ipsilon/util/page.py", line 37, in > protect > > [Wed Aug 06 16:22:09 2014] [error] UserSession().remote_login() > > [Wed Aug 06 16:22:09 2014] [error] File > > "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 103, in > > __init__ > > [Wed Aug 06 16:22:09 2014] [error] self.user = self.get_data('user', > > 'name') > > [Wed Aug 06 16:22:09 2014] [error] File > > "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 147, in > > get_data > > [Wed Aug 06 16:22:09 2014] [error] if facility not in > cherrypy.session: > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py", > > line 258, in __contains__ > > [Wed Aug 06 16:22:09 2014] [error] return key in child > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py", > > line 335, in __contains__ > > [Wed Aug 06 16:22:09 2014] [error] self.load() > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py", > > line 268, in load > > [Wed Aug 06 16:22:09 2014] [error] data = self._load() > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py", > > line 497, in _load > > [Wed Aug 06 16:22:09 2014] [error] assert self.locked, ("The session > > load without being locked. " > > [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load > without > > being locked. Check your tools' priority levels. > > [Wed Aug 06 16:22:09 2014] [error] > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP > > [Wed Aug 06 16:22:09 2014] [error] Request Headers: > > [Wed Aug 06 16:22:09 2014] [error] COOKIE: > > __utma=203412483.1716219377.1393273532.1393273532.1398882487.2; > > > __utmz=203412483.1398882487.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); > > _ga=GA1.2.1716219377.1393273532; > > session_id=0942ebacef3fbcf8f9b21605013b5dfa1454bc93 > > [Wed Aug 06 16:22:09 2014] [error] ACCEPT-LANGUAGE: > > it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2 > > [Wed Aug 06 16:22:09 2014] [error] USER-AGENT: Mozilla/5.0 (X11; Linux > > x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.132 > > Safari/537.36 > > [Wed Aug 06 16:22:09 2014] [error] CONNECTION: keep-alive > > [Wed Aug 06 16:22:09 2014] [error] Remote-Addr: 128.141.28.32 > > [Wed Aug 06 16:22:09 2014] [error] HOST: ltartari3.cern.ch > > [Wed Aug 06 16:22:09 2014] [error] CACHE-CONTROL: max-age=0 > > [Wed Aug 06 16:22:09 2014] [error] ACCEPT: > > > text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 > > [Wed Aug 06 16:22:09 2014] [error] ACCEPT-ENCODING: gzip,deflate,sdch > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP Traceback > > (most recent call last): > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > line 667, in respond > > [Wed Aug 06 16:22:09 2014] [error] self.hooks.run('before_handler') > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > line 114, in run > > [Wed Aug 06 16:22:09 2014] [error] raise exc > > [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load > without > > being locked. Check your tools' priority levels. > > [Wed Aug 06 16:22:09 2014] [error] > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] ['500 Internal > > Server Error', 'The server encountered an unexpected condition which > > prevented it from fulfilling the request.', 'Traceback (most recent call > > last):\\n File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > line 667, in respond\\n self.hooks.run(\\'before_handler\\')\\n File > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > line 114, in run\\n raise exc\\nAssertionError: The session load > without > > being locked. Check your tools\\' priority levels.\\n', '3.5.0'] > > > > and obviously "GET /idp/ HTTP/1.1" 500 1054 in /var/log/httpd/access_log > > > > Cherrypy bug? > > > > Thanks. > > I've never seen this but I am using Cherrypy 3.2.2 on F20. > > Simo. > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project