ssofya
June 15, 2022, 5:47pm
1
Hello all!
We are starting testing OnDemand and I’m running into issue.
When I launch the dashboard after a fresh install with
‘AuthType Mellon’
‘Require valid-user’
in my ood_portal.yml
After pass SAML auth I see the following error:
Error – invalid user name syntax: DOMAIN\username
In my http log file I see the following:
[Tue Jun 14 15:48:07.310730 2022] [lua:info] [pid 16499] [client 10.32.120.146:41530] req_protocol=“HTTP/1.1” req_handler="" req_method=“GET” req_accept=“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/ ;q=0.8,application/signed-exchange;v=b3;q=0.9” req_user_agent=“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36” res_content_length=“134” req_content_type="" res_content_encoding="" req_status=“404” req_origin="" time_user_map=“0.004” local_user=“DOMAIN\username” req_referer="" res_content_language="" req_port=“443” log_time=“2022-06-14T22:48:07.309772Z” req_server_name=“ht-hpc-ondemand” log_hook=“ood” req_accept_charset="" req_hostname=“ondemand” res_content_location="" res_content_disp="" req_is_websocket=“false” remote_user=“DOMAIN\username” res_location="" req_user_ip=“XX.XX.XXX.XXX” req_is_https=“true” req_filename="/opt/rh/httpd24/root/var/www/html/pun" req_uri="/pun/sys/dashboard" time_proxy=“0” res_content_type="" req_accept_language=“en-us,en;q=0.9” req_cache_control="" req_accept_encoding=“gzip, deflate, br”
Any word of advise?
Best,
Hi and welcome! Sorry we didn’t respond on the mailing list yet.
You need to setup user mapping. That is given DOMAIN\username you need to map it to username.
https://osc.github.io/ood-documentation/latest/authentication/overview/map-user.html#setup-user-mapping
ssofya
June 15, 2022, 9:23pm
3
Thank you, it worked! Only 1 thing I noticed. I have to upgrade my apache conf manually
Placing changes into /etc/ood/config/ood_portal.yml and run /opt/ood/ood-portal-generator/sbin/update_ood_portal doesn’t update apache conf file.
Is that expected?
Very good. That is not expected. I don’t know if you manually edited it before - but once you start to manually edit we’ll notice those manual edits and stop overwriting it.
You can try the force option -f/--force then from that point forward it should start to work.
ssofya
June 21, 2022, 9:20pm
5
Hi Jeff,
Thank you for letting me know. I tried with --force flag and it indeed overridden the http conf file, but with the wrong options.
In my ood_portal.yml I have:
‘AuthType Mellon’
‘Require valid-user’
( I used to have openid-connect)
But my http conf file gets created with
<Location “/pun”>
<Location “/nginx”>
And my user march line gets ignored as well.
Can you please advise?
Best,
Do you have ondemand-dex installed? We have logic to recognize it and auto-populate OIDC fields. Remove that rpm if so.
ssofya
June 21, 2022, 10:01pm
7
I used to have it installed, but I installed it a while ago. Is it possible if some config files or libs still there?
Before we think there’s a bug with this - can you upload and/or show your ood_portal.yml. OIDC is the default even without dex installed so we should also check to see if that is properly formatted YAML or if there’s something else that we’re just overlooking in the config.
If it is finding ondemand-dex with or without it installed, it’s looking for the config directory /etc/ood/dex and the file /usr/sbin/ondemand-dex. Note that it’s an AND operation - so that would seem odd if the RPM did not remove /usr/sbin/ondemand-dex.
ssofya
June 21, 2022, 10:34pm
9
I don’t have /usr/sbin/ondemand-dex, but I do have /etc/ood/dex. I renamed it ( didn’t remove) and re-run /opt/ood/ood-portal-generator/sbin/update_ood_portal --force but it didn’t help.
Is it safe to remove and try again?
Can you upload or format your ood_portal.yml?
ssofya
June 23, 2022, 7:51pm
11
I finally found it. I didn’t comment one line in my ood_portal.yml I commented it and we are good now.
Thank you so much for all your help
1 Like
system
December 20, 2022, 7:51pm
12
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.