By: William Ardoin user 05 Nov 2018 at 8:38 p.m. CST

7 Responses

Main Domain: https://rouing.me/identity | http://rouing.me/identity Docker Version: 18.06.1-ce build e68fc7a Kernel: Linux 4.19.0-1.el7.elrepo.x86_64 x86_64 Rancher Version: v1.6.23 Kong Version: v0.14.1 (Konga UI) What I have done: I have picked apart the Docker Compose, and built it for use in Rancher v1.6 with Cattle + Rancher vxlan First, I run the first run config generator and have it dump into consul. This all goes fine and everyone accepts the config and can communicate. Besides the fact that the compose file for the project is incomplete, I managed to get it working. oxTrust is running 3.1.5-SNAPSHOT since 3.1.4_Dev is Broken due to the Password Reset issue that was patched in 3.1.5 https://paste.rouing.me/bibicunuyu.yml < Here is the Docker Compose I use Kong in place of the Nginx Reverse Proxy. I have converted its rules into the following: https://i.rouing.me/0y9f5fjvtr.png https://i.rouing.me/gd3fdl8mul.png Even the ip_hash directive in the config is setup: https://i.rouing.me/gwyrbebheh.png https://i.rouing.me/hl5cnxfm7s.png https://i.rouing.me/uf2j6t7ub1.png It does all the redirects and upstreams fine. On first login, I get this issue (https://rouing.me/identity): `11/4/2018 11:42:22 PM2018-11-05 05:42:22,377 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:43:52 PM2018-11-05 05:43:52,493 ERROR [qtp1514322932-24] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:47:14 PM2018-11-05 05:47:14,774 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:47:42 PM2018-11-05 05:47:42,798 ERROR [qtp1514322932-24] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:47:46 PM2018-11-05 05:47:46,145 ERROR [qtp1514322932-26] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:48:13 PM2018-11-05 05:48:13,908 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:51:16 PM2018-11-05 05:51:16,196 ERROR [qtp1514322932-28] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 12:46:57 PM2018-11-05 18:46:57,795 ERROR [qtp1514322932-27] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 12:51:16 PM2018-11-05 18:51:16,657 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 12:53:09 PM2018-11-05 18:53:09,073 ERROR [qtp1514322932-25] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 1:09:43 PM2018-11-05 19:09:43,518 ERROR [qtp1514322932-22] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 1:12:36 PM2018-11-05 19:12:36,881 ERROR [qtp1514322932-27] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session` oxauth log: https://paste.rouing.me/kejuweveju.scala oxtrust log: https://paste.rouing.me/hinacukifa.scala

CentOS 7.0

closed

By William Ardoin user 05 Nov 2018 at 8:39 p.m. CST

Copy

I realize this is not a standard install, but I would like to make a public rancher compose setup, so some help would be appreciated.

By Chris Blanton user 06 Nov 2018 at 5:27 a.m. CST

Copy

Hey William, I'm traveling today but will try to look into this asap.

By William Ardoin user 06 Nov 2018 at 12:21 p.m. CST

Copy

Thank you very much @Chris.Blanton

By William Ardoin user 11 Nov 2018 at 10:38 p.m. CST

Copy

@Chris.Blanton Any word on this or are you still out travelling? Dont want to be a bother but I got an entire Orchestration Community down my back on this one.

By Chris Blanton user 12 Nov 2018 at 1:08 p.m. CST

Copy

Hey William, > oxTrust is running 3.1.5-SNAPSHOT since 3.1.4_Dev is Broken due to the Password Reset issue that was patched in 3.1.5 3.1.4_Dev isn't broken, this is a minor issue that will be patched in 3.1.5 to not show up. I would highly recommend not running the 3.1.5 snapshot as it's not a final version and hasn't gone through any final QA yet. > Even the ip_hash directive in the config is setup: From the images it looks like you're adding session persistence to the shibboleth endpoint and not `/identity`. This would explain your failure to get session in oxTrust/Identity when you attempt to access that endpoint.

By Chris Blanton user 12 Nov 2018 at 2:30 p.m. CST

Copy

Also note the latest functioning images are tagged as `3.1.4_01`. Using `latest` is causing complications with our CI/CD flow as older versions of Gluu server are not compatible because of the different requirements for data and using `:latest` means someone who has a template with `:latest` using 3.1.3 LDAP and config data will inadvertently cause conflicts in their build, so we are sticking to a more precise versioning strategy.

By Chris Blanton user 18 Nov 2018 at 12:10 p.m. CST

Copy

Any updates on this?

You need to Login in order to post an answer

Installation on Rancher/Docker | First Login Failure

By: William Ardoin user 05 Nov 2018 at 8:38 p.m. CST

Answers

By William Ardoin user 05 Nov 2018 at 8:39 p.m. CST

By Chris Blanton user 06 Nov 2018 at 5:27 a.m. CST

By William Ardoin user 06 Nov 2018 at 12:21 p.m. CST

By William Ardoin user 11 Nov 2018 at 10:38 p.m. CST

By Chris Blanton user 12 Nov 2018 at 1:08 p.m. CST

By Chris Blanton user 12 Nov 2018 at 2:30 p.m. CST

By Chris Blanton user 18 Nov 2018 at 12:10 p.m. CST

Post an answer