By: Raghu Mupparthi user 28 Jul 2022 at 5:51 a.m. CDT

3 Responses
Raghu Mupparthi gravatar
Hi Team, Could you please help us in resolving the gluu admin console login issue. We deployed Gluu in EKS cluster and while accessing the gluu admin console we encountering an issue (Oops Something wrong happened.), unable to login the gluu. deployed only the below services. 1) fido2 2) oxauth 3) oxtrust 4) scim 5) config 6) persistence Here is the values file. ```` global: domain: gluu-dev.dev01.gov.bh isDomainRegistered: "true" gluuPersistenceType: sql gluuJackrabbitCluster: "false" fido2: enabled: true scim: enabled: true jackrabbit: enabled: false opendj: enabled: false config: orgName: NCSC email: operations@ncsc.gov.bh adminPass: P@ss1234 countryCode: BH state: Manama city: Juffair configmap: cnSqlDbDialect: mysql cnSqlDbHost: demo-database-gluu.cvuth-1.rds.amazonaws.com cnSqlDbPort: 3306 cnSqlDbName: gluu cnSqlDbUser: gluu cnSqldbUserPassword: "Nc$Uu1" gluuScimProtectionMode: "UMA" gluuOxtrustConfigGeneration: false #true lbAddr: "afa7992e193d3412f8ca7d71b558fa2.elb.me-south-1.amazonaws.com" #gluuOxtrustApiEnabled: true # -- Nginx ingress definitions chart nginx-ingress: ingress: enabled: true legacy: false path: / webfingerEnabled: false scimConfigEnabled: true scimEnabled: true fido2ConfigEnabled: true fido2Enabled: true authServerEnabled: true additionalAnnotations: cert-manager.io/issuer: gluu-dev hosts: - gluu-dev.dev01.gov.bh tls: - secretName: tls-certificate hosts: - gluu-dev.dev01.gov.bh ``` And also please find the error logs of oxtrust pod ``` 2022-07-28 12:35:23,626 INFO [main] [org.gluu.oxtrust.auth.uma.UmaPermissionService] (UmaPermissionService.java:125) - ##### Getting UMA metadata ... 2022-07-28 12:35:23,770 ERROR [main] [org.gluu.oxtrust.auth.uma.UmaPermissionService] (UmaPermissionService.java:112) - Failed to initialize UmaPermissionService javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <gluu-dev.dev01.gov.bh> doesn't match any of the subject alternative names: [ingress.local] at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:321) ~[resteasy-client-4.7.5.Final.jar:4.7.5.Final] 2022-07-28 12:36:23,556 INFO [Thread-25] [org.gluu.oxtrust.service.Shibboleth3ConfService] (Shibboleth3ConfService.java:227) - >>>>>>>>>> IN Shibboleth3ConfService.generateGluuAttributeRulesFile() ... 2022-07-28 12:36:23,572 ERROR [Thread-24] [org.gluu.oxtrust.service.StatusCheckerTimer] (StatusCheckerTimer.java:183) - Can not download ssl certificate javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching gluu-dev.dev01.gov.bh found. at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?] at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?] 2022-07-28 12:36:23,694 ERROR [Thread-25] [gluu.service.document.store.provider.JcaDocumentStoreProvider] (JcaDocumentStoreProvider.java:159) - Failed to write document to file '/opt/shibboleth-idp/conf/attributes/gluu-attribute-rules.xml' javax.jcr.RepositoryException: Failed to get session 2022-07-28 12:41:23,413 ERROR [Thread-82] [org.gluu.oxtrust.service.StatusCheckerTimer] (StatusCheckerTimer.java:183) - Can not download ssl certificate javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching gluu-dev.dev01.gov.bh found. at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?] ```

By Mohib Zico staff 28 Jul 2022 at 9:43 a.m. CDT

Mohib Zico gravatar
Any cloud native support require Gluu subscription, not covered in community support. If you have some POC plan, please contact to sales@gluu.org or davin@gluu.org.

By Raghu Mupparthi user 10 Aug 2022 at 7:43 a.m. CDT

Raghu Mupparthi gravatar
Hi @Mohib.Zico, Thanks for the reply, one of our colleague is in contact with your team regarding the poc and other stuff. Right now I'm facing problem while accessing the gluu deployed in EC2 Instance. Unable to access the gluu admin-ui ``` Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. ``` Tried with modifying the apache configuration file for redirecting HTTP the requests HTTPS, but still same issue. Could you please suggest me where I'm doing the mistake.

By Mohib Zico staff 10 Aug 2022 at 10:14 a.m. CDT

Mohib Zico gravatar
Hi, >> Thanks for the reply, one of our colleague is in contact with your team regarding the poc and other stuff. Sorry, I haven't heard anything from our team yet. Please ask your colleague to tell Gluu team ( or Gluu person whom he is talking to ) to relay such POC message to me directly? We will move forward from there.