Hi,
Kenny Hanson from Montana State University, Research Cyberinfrastructure. We’re trying to get OOD up and going for our cluster Tempest. We are using Rocky 8.6.
I used RPM install, ondemand-2.0.27-1.el8.src.rpm, and am using OnDemand Dex, ondemand-dex-2.27.0-2.el8.src.rpm, for LDAP authentication.
I’m having a devil of a time getting a simple login. Dex ldap auth is working, if I enter a bad password for my user it reports bad credentials. When I use the correct password, the web page sits there spinning for about 3-4 minutes before claiming it couldn’t find the user. I believe the user mapping is working, I turned on debug level for lua_log_level.
[Tue Aug 09 11:02:49.664923 2022] [lua:debug] [pid 36222:tid 140043994298112] @/opt/ood/mod_ood_proxy/lib/ood/user_map.lua(21): [client 10.152.187.203:54893] Mapped 'w55c785' => 'w55c785' [0.009 ms]
There’s quite a bit of repetitive log entries then it finally ends with this:
[Tue Aug 09 11:05:01.409271 2022] [lua:debug] [pid 36222:tid 140043994298112] lua_request.c(1853): [client 10.152.187.203:54893] AH01487: request_rec->dispatching info -> lua_CFunction
[Tue Aug 09 11:05:01.409291 2022] [lua:info] [pid 36222:tid 140043994298112] [client 10.152.187.203:54893] req_accept="text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" req_hostname="tempest-web.msu.montana.edu" req_content_type="" req_cache_control="" req_is_websocket="false" req_origin="" req_is_https="true" req_accept_encoding="gzip, deflate, br" req_handler="" res_location="" req_accept_language="en-us,en;q=0.9" log_id="YvKTOd4JSy7dINvefzwriAAAAIE" res_content_disp="" req_uri="/pun/sys/dashboard" req_protocol="HTTP/1.1" log_time="2022-08-09T17:05:01.408888.0Z" res_content_length="116" req_referer="" req_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" req_server_name="tempest-web.msu.montana.edu" local_user="w55c785" req_method="GET" time_user_map="0.009" res_content_location="" res_content_language="" req_accept_charset="" req_user_ip="10.152.187.203" time_proxy="0" res_content_type="" req_status="404" res_content_encoding="" remote_user="w55c785" log_hook="ood" req_port="443" req_filename="/var/www/html/pun"
The web page finally displays:
Error -- can't find user for w55c785
Run 'nginx_stage --help' to see a full list of available command line options.
Here is the page produced by https://tempest-web.msu.montana.edu:5554/.well-known/openid-configuration:
{
"issuer": "https://tempest-web.msu.montana.edu:5554",
"authorization_endpoint": "https://tempest-web.msu.montana.edu:5554/auth",
"token_endpoint": "https://tempest-web.msu.montana.edu:5554/token",
"jwks_uri": "https://tempest-web.msu.montana.edu:5554/keys",
"userinfo_endpoint": "https://tempest-web.msu.montana.edu:5554/userinfo",
"device_authorization_endpoint": "https://tempest-web.msu.montana.edu:5554/device/code",
"grant_types_supported": [
"authorization_code",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"S256",
"plain"
],
"scopes_supported": [
"openid",
"email",
"groups",
"profile",
"offline_access"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"claims_supported": [
"aud",
"email",
"email_verified",
"exp",
"iat",
"iss",
"locale",
"name",
"sub"
]
}
I would sure appreciate some assistance or pointing in the right direction
Kenny Hanson
kenny.hanson@montana.edu