IDP 503 Service Unavailable

By: Monika Leung user 30 Mar 2021 at 10:25 a.m. CDT

7 Responses
Monika Leung gravatar
Hi, I tried to set up SAML for a service and encountered the following issue: When I go to `https://hostname/idp/shibboleth` (or any IDP URLs) I receive the following error: ``` 503. That's an error. The service you requested is not available at this time. Please try later again. ``` During the installation of Gluu Server, I did not check SAML for installation. Later I noticed that I need SAML, so I installed it using this command: ``` python3 /install/community-edition-setup/post-setup-add-components.py -addshib ``` The script finished successfully and I restarted the Gluu container. After the restart I checked the service status and noticed that the IDP service failed to start. According to the error messages the environment variables `JETTY_HOME` and `JAVA` were not set, so I edited `/opt/dist/scripts/idp` to assign the variables (did not change anything else): ``` JAVA=/opt/jre/bin/java JETTY_HOME=/opt/jetty ``` I restarted the Gluu container again and this time the IDP service started successfully, but `https://hostname/idp/shibboleth` shows the same error. I have also tried to stop and start the IDP service separately, same error message. Service status: ``` # systemctl status idp ● idp.service - Idp service Loaded: loaded (/lib/systemd/system/idp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-03-30 14:26:37 CEST; 2h 53min ago Process: 1883 ExecStart=/opt/dist/scripts/idp start (code=exited, status=0/SUCCESS) Main PID: 1908 (java) CGroup: /system.slice/idp.service └─1908 /opt/jre/bin/java -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty -Djava.io.tmpdir=/tmp -jar /opt/jett Mar 30 14:26:34 hostname idp[1883]: 2021-03-30 12:26:34.946:INFO:oejdp.ScanningAppProvider:main: Deployment monitor Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.199:INFO:oeja.AnnotationConfiguration:main: Scanning elapse Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.383:INFO:oejs.session:main: DefaultSessionIdManager workerN Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.383:INFO:oejs.session:main: No SessionScavenger set, using Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.384:INFO:oejs.session:main: node0 Scavenging every 660000ms Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.416:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppC Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.454:INFO:oejs.AbstractConnector:main: Started ServerConnect Mar 30 14:26:35 hostname idp[1883]: 2021-03-30 12:26:35.455:INFO:oejs.Server:main: Started @1654ms Mar 30 14:26:37 hostname idp[1883]: OK Tue Mar 30 14:26:37 CEST 2021 Mar 30 14:26:37 hostname systemd[1]: Started Idp service. ``` Process: ``` # ps -ef | grep idp jetty 1908 1 0 14:26 ? 00:00:31 /opt/jre/bin/java -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty -Djava.io.tmpdir=/tmp -jar /opt/jetty/start.jar jetty.state=/opt/jetty/idp.state jetty-started.xml ``` From the documentation I found the IDP log directory to be `/opt/shibboleth-idp/logs`, but it is empty. Could you please help me solve this issue? And which other logs could I check for troubleshooting?
Gluu 4.2.3 Debian 10.0
closed

Answers

By Mohib Zico Account Admin 30 Mar 2021 at 11:45 p.m. CDT

Copy
Mohib Zico gravatar
Well, you are on right track on how to post add any component ( i.e. Shibboleth in your case ) and how to troubleshoot such scenarios. It's interesting that you are not getting any log for shibboleth. Seems like I need to test this post addition procedure a bit. I'll do that and share info with you.

By Monika Leung user 06 Apr 2021 at 8:38 a.m. CDT

Copy
Monika Leung gravatar
Hi, I think I solved the issue. I noticed that the idp process was not running or not visible from outside the container and port 8086 was also not listening (though idp service was shown as running inside the container). So I checked the output of `bash /opt/dist/scripts/idp status` and compared it to `bash /opt/dist/scripts/identity status`. It seems the paths were not set correctly by the idp script, I received this as output: ``` Jetty NOT running JAVA = /opt/jre/bin/java JAVA_OPTIONS = -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty -Djava.io.tmpdir=/tmp JETTY_HOME = /opt/jetty JETTY_BASE = /opt/jetty START_D = /opt/jetty/start.d START_INI = /opt/jetty/start.ini JETTY_START = /opt/jetty/start.jar JETTY_CONF = /opt/jetty/etc/jetty.conf JETTY_ARGS = jetty.state=/opt/jetty/idp.state jetty-started.xml JETTY_RUN = /var/run/jetty JETTY_PID = /var/run/jetty/idp.pid JETTY_START_LOG = /var/run/jetty/idp-start.log JETTY_STATE = /opt/jetty/idp.state JETTY_START_TIMEOUT = 300 RUN_CMD = /opt/jre/bin/java -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty -Djava.io.tmpdir=/tmp -jar /opt/jetty/start.jar jetty.state=/opt/jetty/idp.state jetty-started.xml ``` And this output for identity: ``` Jetty NOT running JAVA = /opt/jre/bin/java JAVA_OPTIONS = -server -Xms128m -Xmx2804m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/identity -Dlog.base=/opt/gluu/jetty/identity -Dpython.home=/opt/jython -Dorg.eclipse.jetty.server.Request.maxFormContentSize=50000000 -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/identity -Djava.io.tmpdir=/opt/jetty-9.4/temp JETTY_HOME = /opt/jetty JETTY_BASE = /opt/gluu/jetty/identity START_D = /opt/gluu/jetty/identity/start.d START_INI = /opt/gluu/jetty/identity/start.ini JETTY_START = /opt/jetty/start.jar JETTY_CONF = /opt/jetty/etc/jetty.conf JETTY_ARGS = jetty.http.host=localhost jetty.http.port=8082 jetty.state=/opt/gluu/jetty/identity/identity.state jetty-started.xml JETTY_RUN = /var/run/jetty JETTY_PID = /var/run/jetty/identity.pid JETTY_START_LOG = /var/run/jetty/identity-start.log JETTY_STATE = /opt/gluu/jetty/identity/identity.state JETTY_START_TIMEOUT = 300 RUN_CMD = /opt/jre/bin/java -server -Xms128m -Xmx2804m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/identity -Dlog.base=/opt/gluu/jetty/identity -Dpython.home=/opt/jython -Dorg.eclipse.jetty.server.Request.maxFormContentSize=50000000 -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/identity -Djava.io.tmpdir=/opt/jetty-9.4/temp -jar /opt/jetty/start.jar jetty.http.host=localhost jetty.http.port=8082 jetty.state=/opt/gluu/jetty/identity/identity.state jetty-started.xml ``` So I edited the idp script to assign the variables to be similar to identity: ``` JAVA_OPTIONS="-server -Xms128m -Xmx2804m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/idp -Dlog.base=/opt/gluu/jetty/idp -Dpython.home=/opt/jython -Dorg.eclipse.jetty.server.Request.maxFormContentSize=50000000 -Djava.io.tmpdir=/opt/jetty-9.4/temp" JETTY_BASE=/opt/gluu/jetty/idp JETTY_ARGS="jetty.http.host=localhost jetty.http.port=8086" TMPDIR=/opt/jetty-9.4/temp # replaced: TMPDIR=${TMPDIR:-/tmp} ``` After restarting the container, the idp process was visible outside the container and port 8086 was also listening. I can now access `https://hostname/idp/shibboleth` and see logs in `/opt/shibboleth-idp/logs`. Could you please let me know if the java options I set for idp are fine or if other values should be set?

By Marlon Martínez user 15 Jul 2022 at 10:28 a.m. CDT

Copy
Marlon Martínez gravatar
Hi Monika, I have the same issue related to the idp service. The idp service is active and running but I can not enter to /idp/shibboleth. It throws a 503 response. Where can I find the idp script? I want to test the same configuration you did on the script. Thank you!

By Monika Leung user 15 Jul 2022 at 11:34 a.m. CDT

Copy
Monika Leung gravatar
Hi Marlon, the script is inside the container at `/opt/dist/scripts/idp`.

By Marlon Martínez user 15 Jul 2022 at 11:55 a.m. CDT

Copy
Marlon Martínez gravatar
Thank you, I'll try this and let you know if it works!

By Marlon Martínez user 15 Jul 2022 at 2:35 p.m. CDT

Copy
Marlon Martínez gravatar
Hi Monika, Sorry, I have a question. Once I modified the idp script and restarted the gluu container, the gluu service died. In fact, all the instance died but I don't know why is happening this. I can not login via ssh either. Do you have some advice about this? Thank you!

By Marlon Martínez user 18 Jul 2022 at 5:39 p.m. CDT

Copy
Marlon Martínez gravatar
Hi Monika, Sorry to bother you, just to let you know that I can now see the idp/shibboleth page. Thank you for your help!

Post an answer