Authentication issue, Crowd plugin


(Rad) #1

I was wondering if anyone has the answer for Crowd authentication problem I’m facing. I have a test Crowd server to let people log on to Crowd using Crowd directory allowing certain groups only to log on, with application configured pointing to discourse server IP address. For some reason, and I believe it is on Discourse side related to the plugin, I always get “Sorry, there was an error authorizing your Crowd account. Perhaps you did not approve authorization?” and Discourse server logs show the following:
/var/www/discourse/log/production.log

----------Started GET "/auth/crowd" for 127.0.0.1 at 2014-11-20 19:10:47 +0000
Started POST "/auth/crowd" for 127.0.0.1 at 2014-11-20 19:10:54 +0000
Started GET "/auth/crowd/callback" for 127.0.0.1 at 2014-11-20 19:10:54 +0000
Started GET "/auth/failure?message=invalid_credentials&origin=http%3A%2F%2F10.10.10.232%2F&strategy=crowd" for 127.0.0.1 at 2014-11-20 19:10:54 +0000
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"message"=>"invalid_credentials", "origin"=>"http://10.10.10.232/", "strategy"=>"crowd"}
  Rendered users/omniauth_callbacks/failure.html.erb within layouts/no_js (0.2ms)
  Rendered common/_special_font_face.html.erb (0.5ms)
  Rendered common/_discourse_stylesheet.html.erb (0.2ms)
  Rendered layouts/_head.html.erb (3.0ms)
Completed 200 OK in 33ms (Views: 11.4ms | ActiveRecord: 4.7ms)
Started GET "/images/OICRlogo_small.jpg" for 127.0.0.1 at 2014-11-20 19:10:54 +0000

ActionController::RoutingError (No route matches [GET] "/images/logo_small.jpg"):
  config/initializers/quiet_logger.rb:10:in `call_with_quiet_assets'
  config/initializers/silence_logger.rb:26:in `call'
  lib/middleware/unicorn_oobgc.rb:95:in `process_client'


Processing by ExceptionsController#not_found as */*
  Rendered exceptions/not_found.html.erb within layouts/no_js (8.5ms)
  Rendered common/_special_font_face.html.erb (0.6ms)
  Rendered common/_discourse_stylesheet.html.erb (0.4ms)
  Rendered layouts/_head.html.erb (4.1ms)
  Rendered text template (0.0ms)
Completed 404 Not Found in 23ms (Views: 1.7ms | ActiveRecord: 4.7ms)

My unicorn.stdout.log is:

I, [2014-11-20T19:12:56.875062 #111]  INFO -- omniauth: (crowd) Request phase initiated.
I, [2014-11-20T19:13:10.665366 #128]  INFO -- omniauth: (crowd) Request phase initiated.
I, [2014-11-20T19:13:10.709158 #136]  INFO -- omniauth: (crowd) Callback phase initiated.
W, [2014-11-20T19:13:10.812335 #136]  WARN -- omniauth: (crowd) [retrieve_user_info!] response code: 404
W, [2014-11-20T19:13:10.814647 #136]  WARN -- omniauth: (crowd) [retrieve_user_info!] response body: <html><head><title>Apache Tomcat/7.0.54 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /crowd/console//rest/usermanagement/latest/authentication</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/crowd/console//rest/usermanagement/latest/authentication</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.54</h3></body></html>
E, [2014-11-20T19:13:10.816621 #136] ERROR -- omniauth: (crowd) Authentication failure! invalid_credentials encountered.
^[^C
----------

No SSL is enabled on Crowd, it is just a trial with minimum 2 groups and 4 users created which were granted access to the application.
Is there anything else within Crowd configuration i.e. Admin mind at /admin/site_settings/category/login?
Thanks!


(Kane York) #2

It looks to me like the Crowd server is 404ing in response to Discourse’s requests.

W, [2014-11-20T19:13:10.812335 #136]  WARN -- omniauth: (crowd) [retrieve_user_info!] response code: 404

(Rad) #3

Finally I found the culprit. I was missing ‘’ in containers/app.yml in Crowd server description. I know, it’s elementary but sometimes things happen and things like this are overlooked. For users who encounter the same issue, check your app.ml file and make sure that DISCOURSE_CROWD_SERVER_URL, DISCOURSE_CROWD_APPLICATION_NAME and DISCOURSE_CROWD_APPLICATION_PASSWORD ’ ’ in text string, otherwise it just hangs on another login page.