new gluu deployment works for a while then 403 forbidden

By: Thomas Maerz user 05 Jan 2016 at 1:20 p.m. CST

2 Responses
Thomas Maerz gravatar
Hi, I deployed Gluu and got into the administrative interface for a while, then performed some configuration and it will not let me log back in a second time. Steps to reproduce: 1. Install Gluu per http://www.gluu.org/docs/admin-guide/deployment/centos/ 2. service gluu-server24 start, login, etc 3. run setup.py as root 4. Log into gluu from web browser 5. Configure SMTP server, successful test 6. Replace httpd.crt and httpd.key as per http://www.gluu.org/docs/admin-guide/certificates/#apache 7. Restart TomCat 8. Log back into gluu webgui with fresh browser 9. Redirect loop seen in browser URL bar 10. Browser presents message: `Forbidden You don't have permission to access /identity/authentication/authcode on this server. Apache Server at gluu.brewerscience.com Port 443` Logs: http://pastebin.com/1bdpbebj - oxauth.log http://pastebin.com/7XZYFXpK - oxtrust.log http://pastebin.com/jSQ1H7TX - apache error_log
None
closed

Answers

By Mohib Zico Account Admin 05 Jan 2016 at 1:56 p.m. CST

Copy
Mohib Zico gravatar
>> Replace httpd.crt and httpd.key as per http://www.gluu.org/docs/admin-guide/certificates/#apache You need to import httpd.crt into java keystore ( cacerts ). Steps were missing in doc, just updated. - Convert httpd.crt to httpd.der, command: openssl x509 -outform der -in httpd.crt -out httpd.der - Import this DER into java keystore (cacerts), command: keytool -importcert -file httpd.der -keystore cacerts -alias <hostname_of_your_Gluu_Server> - restart LDAP server, apache2/httpd and tomcat.

By Thomas Maerz user 05 Jan 2016 at 3:08 p.m. CST

Copy
Thomas Maerz gravatar
That worked! Thanks for updating the documentation!

Post an answer