On Thu, 2014-08-07 at 17:49 +0200, Luca Tartarini wrote: > Hi, > > thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when > I try to login with 'admin' account ('admin' user created previously during > the installation of ipa-server) I can't see the Administration tab. > Basically this condition (in /usr/share/ipsilon/templates/index.html) is > not satisfied: > > {% if user.is_admin %} > <a href="{{ basepath }}/admin" id="admin">Administration</a> | > {% endif %} > > For ipsilon-server installation I run: > > ipsilon-server-install --secure=no --ipa=yes --krb=yes > > because I read that 'admin' is default. > When I login with 'admin' in IPA Identity Management it is all ok (I login > as administrator), with IPSILON I can login but not as administrator.
Is this using kerberos authentication ? Or username/password ? If Kerberos SSO then do you have KrbLocalUserMapping On in the <Location /idp/login/krb/negotiate> section in the file /etc/httpd/conf.g/ipsilon-idp.conf ? If not then the user will be seen as admin@REALM and not considered the same as the user "admin" by ipsilon. Simo. > I used the last version of jinja2 (jinja2 2.7.2). > > Log of ipsilon-server-install: > > [2014-08-07 17:48:11,242] Intallation arguments: > [2014-08-07 17:48:11,242] admin_user: admin > [2014-08-07 17:48:11,242] config_profile: None > [2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch > [2014-08-07 17:48:11,242] instance: idp > [2014-08-07 17:48:11,242] ipa: yes > [2014-08-07 17:48:11,243] krb: yes > [2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab > [2014-08-07 17:48:11,243] krb_realms: None > [2014-08-07 17:48:11,243] lm_order: ['krb'] > [2014-08-07 17:48:11,243] pam: no > [2014-08-07 17:48:11,243] pam_service: remote > [2014-08-07 17:48:11,243] saml2: yes > [2014-08-07 17:48:11,243] secure: no > [2014-08-07 17:48:11,243] server_debugging: False > [2014-08-07 17:48:11,244] system_user: ipsilon > [2014-08-07 17:48:11,244] testauth: no > [2014-08-07 17:48:11,244] uninstall: False > [2014-08-07 17:48:11,244] Installation initiated > [2014-08-07 17:48:11,244] Installing default config files > [2014-08-07 17:48:11,461] Configuring environment helpers > Searching for keytab in: /etc/httpd/conf/http.keytab ... Found! > Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found! > [2014-08-07 17:48:11,486] Configuring login managers > Cannot set persistent booleans without managed policy. > [2014-08-07 17:48:12,126] Configuring Authentication Providers > Generating a 2048 bit RSA private key > .............+++ > ..............+++ > writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key' > ----- > Installation complete. > Please restart HTTPD to enable the IdP instance. > > > Thanks in advance. > > Luca Tartarini > > > 2014-08-06 17:37 GMT+02:00 Simo Sorce <sso...@redhat.com>: > > > On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote: > > > Hi, > > > > > > Thanks for the replies. I updated the line with: > > > > > > plugins_by_name = dict((p.name, p) for p in > > self._site[FACILITY]['enabled']) > > > > > > and it works (the installation is completed succesfully). > > > > > > But now when I try to connect to: > > > > > > https://myidp.example.com/idp > > > > > > or I try to configure ipsilon-client (ipsilon-client-install ...) I got > > > HTTP 500 Internal Error (with ipsilon background). I put "debug = True" > > > in /etc/ipsilon/idp/ipsilon.conf and I got this (in > > > /var/log/httpd/error_log): > > > > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available > > > providers: ['saml2'] > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > storage path: /var/lib/ipsilon/idp/saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > metadata file: metadata.xml > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > storage path: /var/lib/ipsilon/idp/saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > key > > > file: /var/lib/ipsilon/idp/saml2/idp.key > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > storage path: /var/lib/ipsilon/idp/saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider > > > registered: saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > > enabled: > > > 1 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider > > > enabled: saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login > > > plugin: krb > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login > > > plugin: pam > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username > > > text: Username > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password > > > text: Password > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service > > > name: remote > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help > > text: > > > Insert your Username and Password and then submit. > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login > > > plugin: testauth > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] > > > username text: Username > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] > > > password text: Password > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] > > help > > > text: Insert your Username and Password and then submit. > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin provider > > > plugin: saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > > default > > > allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509'] > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > metadata file: metadata.xml > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > > default > > > email domain: example.com > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] allow > > > self registration: True > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > key > > > file: /var/lib/ipsilon/idp/saml2/idp.key > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp > > > storage path: /var/lib/ipsilon/idp/saml2 > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] > > default > > > nameid: persistent > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Traceback > > (most > > > recent call last): > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > > line 104, in run > > > [Wed Aug 06 16:22:09 2014] [error] hook() > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > > line 63, in __call__ > > > [Wed Aug 06 16:22:09 2014] [error] return > > self.callback(**self.kwargs) > > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/ipsilon/util/page.py", line 37, in > > protect > > > [Wed Aug 06 16:22:09 2014] [error] UserSession().remote_login() > > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 103, in > > > __init__ > > > [Wed Aug 06 16:22:09 2014] [error] self.user = self.get_data('user', > > > 'name') > > > [Wed Aug 06 16:22:09 2014] [error] File > > > "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 147, in > > > get_data > > > [Wed Aug 06 16:22:09 2014] [error] if facility not in > > cherrypy.session: > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py", > > > line 258, in __contains__ > > > [Wed Aug 06 16:22:09 2014] [error] return key in child > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py", > > > line 335, in __contains__ > > > [Wed Aug 06 16:22:09 2014] [error] self.load() > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py", > > > line 268, in load > > > [Wed Aug 06 16:22:09 2014] [error] data = self._load() > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py", > > > line 497, in _load > > > [Wed Aug 06 16:22:09 2014] [error] assert self.locked, ("The session > > > load without being locked. " > > > [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load > > without > > > being locked. Check your tools' priority levels. > > > [Wed Aug 06 16:22:09 2014] [error] > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP > > > [Wed Aug 06 16:22:09 2014] [error] Request Headers: > > > [Wed Aug 06 16:22:09 2014] [error] COOKIE: > > > __utma=203412483.1716219377.1393273532.1393273532.1398882487.2; > > > > > __utmz=203412483.1398882487.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); > > > _ga=GA1.2.1716219377.1393273532; > > > session_id=0942ebacef3fbcf8f9b21605013b5dfa1454bc93 > > > [Wed Aug 06 16:22:09 2014] [error] ACCEPT-LANGUAGE: > > > it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2 > > > [Wed Aug 06 16:22:09 2014] [error] USER-AGENT: Mozilla/5.0 (X11; Linux > > > x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.132 > > > Safari/537.36 > > > [Wed Aug 06 16:22:09 2014] [error] CONNECTION: keep-alive > > > [Wed Aug 06 16:22:09 2014] [error] Remote-Addr: 128.141.28.32 > > > [Wed Aug 06 16:22:09 2014] [error] HOST: ltartari3.cern.ch > > > [Wed Aug 06 16:22:09 2014] [error] CACHE-CONTROL: max-age=0 > > > [Wed Aug 06 16:22:09 2014] [error] ACCEPT: > > > > > text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 > > > [Wed Aug 06 16:22:09 2014] [error] ACCEPT-ENCODING: gzip,deflate,sdch > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] HTTP Traceback > > > (most recent call last): > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > > line 667, in respond > > > [Wed Aug 06 16:22:09 2014] [error] self.hooks.run('before_handler') > > > [Wed Aug 06 16:22:09 2014] [error] File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > > line 114, in run > > > [Wed Aug 06 16:22:09 2014] [error] raise exc > > > [Wed Aug 06 16:22:09 2014] [error] AssertionError: The session load > > without > > > being locked. Check your tools' priority levels. > > > [Wed Aug 06 16:22:09 2014] [error] > > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] ['500 Internal > > > Server Error', 'The server encountered an unexpected condition which > > > prevented it from fulfilling the request.', 'Traceback (most recent call > > > last):\\n File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > > line 667, in respond\\n self.hooks.run(\\'before_handler\\')\\n File > > > > > "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py", > > > line 114, in run\\n raise exc\\nAssertionError: The session load > > without > > > being locked. Check your tools\\' priority levels.\\n', '3.5.0'] > > > > > > and obviously "GET /idp/ HTTP/1.1" 500 1054 in /var/log/httpd/access_log > > > > > > Cherrypy bug? > > > > > > Thanks. > > > > I've never seen this but I am using Cherrypy 3.2.2 on F20. > > > > Simo. > > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project