By: William Ardoin user 05 Nov 2018 at 8:38 p.m. CST

7 Responses
William Ardoin gravatar
Main Domain: https://rouing.me/identity | http://rouing.me/identity Docker Version: 18.06.1-ce build e68fc7a Kernel: Linux 4.19.0-1.el7.elrepo.x86_64 x86_64 Rancher Version: v1.6.23 Kong Version: v0.14.1 (Konga UI) What I have done: I have picked apart the Docker Compose, and built it for use in Rancher v1.6 with Cattle + Rancher vxlan First, I run the first run config generator and have it dump into consul. This all goes fine and everyone accepts the config and can communicate. Besides the fact that the compose file for the project is incomplete, I managed to get it working. oxTrust is running 3.1.5-SNAPSHOT since 3.1.4_Dev is Broken due to the Password Reset issue that was patched in 3.1.5 https://paste.rouing.me/bibicunuyu.yml < Here is the Docker Compose I use Kong in place of the Nginx Reverse Proxy. I have converted its rules into the following: https://i.rouing.me/0y9f5fjvtr.png https://i.rouing.me/gd3fdl8mul.png Even the ip_hash directive in the config is setup: https://i.rouing.me/gwyrbebheh.png https://i.rouing.me/hl5cnxfm7s.png https://i.rouing.me/uf2j6t7ub1.png It does all the redirects and upstreams fine. On first login, I get this issue (https://rouing.me/identity): `11/4/2018 11:42:22 PM2018-11-05 05:42:22,377 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:43:52 PM2018-11-05 05:43:52,493 ERROR [qtp1514322932-24] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:47:14 PM2018-11-05 05:47:14,774 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:47:42 PM2018-11-05 05:47:42,798 ERROR [qtp1514322932-24] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:47:46 PM2018-11-05 05:47:46,145 ERROR [qtp1514322932-26] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:48:13 PM2018-11-05 05:48:13,908 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/4/2018 11:51:16 PM2018-11-05 05:51:16,196 ERROR [qtp1514322932-28] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 12:46:57 PM2018-11-05 18:46:57,795 ERROR [qtp1514322932-27] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 12:51:16 PM2018-11-05 18:51:16,657 ERROR [qtp1514322932-29] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 12:53:09 PM2018-11-05 18:53:09,073 ERROR [qtp1514322932-25] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 1:09:43 PM2018-11-05 19:09:43,518 ERROR [qtp1514322932-22] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session 11/5/2018 1:12:36 PM2018-11-05 19:12:36,881 ERROR [qtp1514322932-27] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:542) - Failed to get attributes from session` oxauth log: https://paste.rouing.me/kejuweveju.scala oxtrust log: https://paste.rouing.me/hinacukifa.scala

By William Ardoin user 05 Nov 2018 at 8:39 p.m. CST

William Ardoin gravatar
I realize this is not a standard install, but I would like to make a public rancher compose setup, so some help would be appreciated.

By Chris Blanton staff 06 Nov 2018 at 5:27 a.m. CST

Chris Blanton gravatar
Hey William, I'm traveling today but will try to look into this asap.

By William Ardoin user 06 Nov 2018 at 12:21 p.m. CST

William Ardoin gravatar
Thank you very much @Chris.Blanton

By William Ardoin user 11 Nov 2018 at 10:38 p.m. CST

William Ardoin gravatar
@Chris.Blanton Any word on this or are you still out travelling? Dont want to be a bother but I got an entire Orchestration Community down my back on this one.

By Chris Blanton staff 12 Nov 2018 at 1:08 p.m. CST

Chris Blanton gravatar
Hey William, > oxTrust is running 3.1.5-SNAPSHOT since 3.1.4_Dev is Broken due to the Password Reset issue that was patched in 3.1.5 3.1.4_Dev isn't broken, this is a minor issue that will be patched in 3.1.5 to not show up. I would highly recommend not running the 3.1.5 snapshot as it's not a final version and hasn't gone through any final QA yet. > Even the ip_hash directive in the config is setup: From the images it looks like you're adding session persistence to the shibboleth endpoint and not `/identity`. This would explain your failure to get session in oxTrust/Identity when you attempt to access that endpoint.

By Chris Blanton staff 12 Nov 2018 at 2:30 p.m. CST

Chris Blanton gravatar
Also note the latest functioning images are tagged as `3.1.4_01`. Using `latest` is causing complications with our CI/CD flow as older versions of Gluu server are not compatible because of the different requirements for data and using `:latest` means someone who has a template with `:latest` using 3.1.3 LDAP and config data will inadvertently cause conflicts in their build, so we are sticking to a more precise versioning strategy.

By Chris Blanton staff 18 Nov 2018 at 12:10 p.m. CST

Chris Blanton gravatar
Any updates on this?