Looking at the error message again it says 'Unsupported command', Can you please share your properties files? I think that you have misconfugred it, I guess you use for example AuthzExtension instead of AuthnExtension or vice versa, maybe misconfigured mapping.
On Fri, Feb 10, 2017 at 6:28 PM, Slava Bendersky <volga...@networklab.ca> wrote: > Hello Ondra, > I tried increase logging and command fail > > "outcome" => "failed", > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"subsystem\" => \"logging\"), > (\"logger\" => \"org.ovirt.engine.core.sso\") > ]' not found", > "rolled-back" => true > } > > > Slava, > > ________________________________ > From: "Ondra Machacek" <omach...@redhat.com> > To: "Slava Bendersky" <volga...@networklab.ca> > Cc: "users" <users@ovirt.org> > Sent: Thursday, February 9, 2017 2:31:16 PM > > Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 > > Can you please enable DEBUG log of the SSO package and try login and > then share the logs, please? > > You can enable the debug log as following (use admin@internal password): > > /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh > --controller=127.0.0.1:8706 --connect --user=admin@internal > "/subsystem=logging/logger=org.ovirt.engine.core.sso:add" && > /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh > --controller=127.0.0.1:8706 --connect --user=admin@internal > "/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)" > > After tests you can disable it later as follows: > > $ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh > --controller=127.0.0.1:8706 --connect --user=admin@internal > "/subsystem=logging/logger=org.ovirt.engine.core.sso:remove" > > On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga...@networklab.ca> > wrote: >> Hello Everyone, >> Anything else possible to check ? >> >> Slava. >> >> ________________________________ >> From: "Slava Bendersky" <volga...@networklab.ca> >> To: "Ondra Machacek" <omach...@redhat.com> >> Cc: "users" <users@ovirt.org> >> Sent: Saturday, February 4, 2017 2:27:31 PM >> >> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 >> >> Hello Ondra, >> Log is empty >> >> [root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log >> -rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log >> >> Slava. >> >> ________________________________ >> From: "Ondra Machacek" <omach...@redhat.com> >> To: "Slava Bendersky" <volga...@networklab.ca> >> Cc: "users" <users@ovirt.org>, "Ravi" <rn...@redhat.com> >> Sent: Saturday, February 4, 2017 10:35:31 AM >> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 >> >> >> >> On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga...@networklab.ca> wrote: >> >> Hello Everyone, >> Having trouble implement FreeIPA authentication with GSSAPI SSO and >> ovirt >> 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I >> log to web admin with internal user and added FeeIPA user as SuperUser >> role. >> Also I added under System FreeIPA group authorized to login on any attempt >> to login with FreeIPA credentials getting message >> >> >> 2017-02-04 00:03:08,464Z ERROR >> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default >> task-6) >> [] Internal Server Error: Unsupported command >> 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] >> (default task-6) [] Unsupported command >> 2017-02-04 00:03:08,659Z ERROR >> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) >> [] >> server_error: Unsupported command >> >> >> Ravi, do you know what this can cause? >> >> >> >> Also when in extensions.d directory contain the following files. If I >> remove >> mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up >> in drop down list. Any http don't have influence on this. >> >> >> That is correct behavior, we dont show profiles, which uses http for >> authn. >> >> >> [root@vhe00 extensions.d]# pwd >> /etc/ovirt-engine/extensions.d >> >> [root@vhe00 extensions.d]# ls >> mydomain.lan-authn.properties mydomain.lan-http-authn.properties >> mydomain.lan.properties internal-authz.properties >> mydomain.lan-authz.properties mydomain.lan-http-mapping.properties >> internal-authn.properties >> [root@vhe00 extensions.d]# >> >> >> If possible clarify how it should be and what is possible issue. >> >> >> Can you please take a look to /var/log/httpd/ssl_error_log if any errors >> there? >> >> >> >> >> Slava. >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users