Skip to Content.
Sympa Menu

perfsonar-user - Re: AW: [perfsonar-user] Problems with Authentication within perfsonar

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: AW: [perfsonar-user] Problems with Authentication within perfsonar


Chronological Thread 
  • From: Candido Rodriguez Montes <>
  • To: Nina Jeliazkova <>
  • Cc: "Niederberger, Ralph" <>, "" <>
  • Subject: Re: AW: [perfsonar-user] Problems with Authentication within perfsonar
  • Date: Thu, 22 Oct 2009 09:58:01 +0200
Dear Ralph,
could you send me the logs of the AS in order to find out the problem?

Thanks

On Oct 22, 2009, at 9:53 AM, Nina Jeliazkova wrote:

Dear Ralph,


Niederberger, Ralph wrote: 
Dear Nina,

As I said, the perfsonarUI client connects to the identity provider and this
seems to work fine. After getting the security token, he connects to the
sqlma server and provides his security token, this seems to work fine also.
Then the sqlma server tries to verify the security token he got from the
perfsonarUI client, to check if the client is allowed to get information.
Therefore the sqlma connects to the AS services (I had configured sqlma
before, to use an AS service). And here the problem seems to be located
currently. With wireshark I see that sqlma connects to the AS services, as
he should do because of configuration, but it gets back the message that the
AS is not available. 

But I can check with the perfsonarUI using the "playground page" of
perfsonarUI (as described in perfSONAR MDM 3.2 Administrator's Guide page
26-28), that the AS is available and working (To be clear, this test is
independend from my sqlma request I described earlier).
Sorry  I misunderstood in a way that you are able to retrieve info from sqlma via playground.   Seems like the problem first reported with the expired certificate is indeed solved.

The current issue sounds like a problem of the SQLMA configuration relevant to AS; I am not an expert on this, perhaps somebody else on the list could help.

Best regards,
Nina
Best regards

Ralph

  
-----Ursprüngliche Nachricht-----
Von: Nina Jeliazkova []
Gesendet: Donnerstag, 22. Oktober 2009 09:21
An: Niederberger, Ralph
Cc: 
Betreff: Re: [perfsonar-user] Problems with Authentication within
perfsonar

Dear Ralph,

Niederberger, Ralph wrote:
    
Dear Nina, Candido and all,

I did a further step by step analysis.

My perfsonarUI connects to redIRIS and though getting this
"HLPattern type not defined" error seems to work, since the client works
different when specifying legal or wrong (illegal) UID PWD combination.

When providing correct information, my the perfsonarUI client connects
      
to my
    
sqlma server. The server the connects to the authentication service
      
(AS).
  
With wireshark I can see that the SQLMA connect to the AS specifying a
security token with the "HTTP/XML POST /perfSONAR-
      
AS/services/AuthService
    
HTTP/1.0" message.

The response from the AS is "HTTP/1.1 404 Not Found (text/html)".

The full response is:

====================================
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1054
Date: Thu, 22 Oct 2009 06:26:27 GMT
Connection: close

<html>
<head><title>Apache Tomcat/6.0.18 - Error report</title>
  <style>
  <!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;
  background-color:#525D76;font-size:22px;}
  H2 {font-family:Tahoma,Arial,sans-serif;color:white;
      background-color:#525D76;font-size:16px;}
  H3 {font-family:Tahoma,Arial,sans-serif;color:white;
      background-color:#525D76;font-size:14px;}
  BODY {font-family:Tahoma,Arial,sans-serif;color:black;
      background-color:white;}
   B {font-family:Tahoma,Arial,sans-serif;color:white;
      background-color:#525D76;}
   P {font-family:Tahoma,Arial,sans-serif;
      background:white;color:black;font-size:12px;}
   A {color : black;}A.name {color : black;}
   HR {color : #525D76;}--></style>
</head>
<body>
   <h1>HTTP Status 404 - /perfSONAR-AS/services/AuthService</h1>
   <HR size="1" noshade="noshade">
   <p><b>type</b> Status report</p>
   <p><b>message</b>
     <u>/perfSONAR-AS/services/AuthService</u>
   </p>
   <p><b>description</b>
     <u>The requested resource (/perfSONAR-AS/services/AuthService)
        is not available.</u>
   </p>
   <HR size="1" noshade="noshade">
   <h3>Apache Tomcat/6.0.18</h3>
  </body>
</html>
=======================================

This message implies that the Authentication service is not available,
though I did "Testing Your Deployment" as specified in the perfSONAR MDM
      
3.2
    
Administrator's Guide on pages 19-28.

So my question is: Why does the AS tell my SQLMA that there is no
authentication service available, though he gives back to my perfsonarUI
client by using the "playground page" correct information?


      
Just to clarify, PerfsonarUI communicates with an identity provider to
authenticate you, not with particular AS service.  I understand this
works fine.

If you are able to retrieve information from the MA service without
authentication (via playground or another client), this indeed means
your sqlma service is not configured to use an AS.

Best regards,
Nina
    
Any help is very appreciated. Thanks a lot in advance

Ralph


--
Cándido Rodríguez Montes E-mail: 
Middleware warrior Tel:+34 955 05 66 13
Red.ES/RedIRIS
Edificio CICA
Avenida Reina Mercedes, s/n
41012 Sevilla
SPAIN





Archive powered by MHonArc 2.6.16.

Top of Page