Skip to content

Instantly share code, notes, and snippets.

@nickboldt
Last active July 16, 2019 19:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nickboldt/ee120e2ac58e290139ff85c7123d82d7 to your computer and use it in GitHub Desktop.
Save nickboldt/ee120e2ac58e290139ff85c7123d82d7 to your computer and use it in GitHub Desktop.
openshift v4 oauth testing 2019-07-16

Here’s the job [0] I’m using to deploy [1] CRW via a custom resource [2].

Once it’s up [3] and running [4], I can register a new user [5] and then go to that new user’s profile page [6].

When I click Federated Identities [7] and try to add [8] my user to the openshift v4 instance, I get this failure.

�[0m�[0m18:44:04,841 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 58) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
�[0m�[0m18:44:04,867 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 32) WFLYSRV0010: Deployed "openshift4-extension-6.0.1.jar" (runtime-name : "openshift4-extension-6.0.1.jar")
�[0m�[0m18:44:04,874 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 53) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
�[0m�[0m18:44:05,130 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
�[0m�[0m18:44:05,133 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
�[0m�[0m18:44:05,134 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0054: Admin console is not enabled
�[0m�[0m18:44:05,137 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Red Hat Single Sign-On 7.3.2.GA (WildFly Core 6.0.14.Final-redhat-00001) started in 29815ms - Started 712 of 1016 services (696 services are lazy, passive or on-demand)
�[0m�[33m18:46:41,018 WARN  [org.keycloak.events] (default task-3) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=8ad2a3f9-0f33-49e0-88fd-7fb082953938, clientId=codeready-public, userId=null, ipAddress=142.59.171.119, error=unexpectedErrorHandlingRequestMessage, identity_provider=openshift-v4, code_id=10db15cf-b6f2-472b-91f3-4accc28fac1f
�[0m�[31m18:46:41,018 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-3) unexpectedErrorHandlingRequestMessage
�[0m�[33m18:46:47,320 WARN  [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=8ad2a3f9-0f33-49e0-88fd-7fb082953938, clientId=codeready-public, userId=null, ipAddress=142.59.171.119, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://codeready-jda36ad9c1226e96b6d5328a5eeef8bf5-44b.apps.crw.codereadyqe.com/dashboard/, code_id=10db15cf-b6f2-472b-91f3-4accc28fac1f, username=developer
�[0m�[33m18:48:15,516 WARN  [org.keycloak.events] (default task-2) type=CLIENT_INITIATED_ACCOUNT_LINKING_ERROR, realmId=8ad2a3f9-0f33-49e0-88fd-7fb082953938, clientId=account, userId=4ff2fc2e-4506-448b-9858-737042661f80, ipAddress=142.59.171.119, error=unexpectedErrorHandlingRequestMessage, identity_provider=openshift-v4, redirect_uri=http://keycloak-jda36ad9c1226e96b6d5328a5eeef8bf5-44b.apps.crw.codereadyqe.com/auth/realms/codeready/account/identity, code_id=10db15cf-b6f2-472b-91f3-4accc28fac1f, username=nickboldt
�[0m�[31m18:48:15,516 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-2) unexpectedErrorHandlingRequestMessage: java.lang.RuntimeException: org.apache.http.client.ClientProtocolException
	at org.keycloak.social.openshift.OpenshiftV4IdentityProvider.getAuthJson(OpenshiftV4IdentityProvider.java:54)
	at org.keycloak.social.openshift.OpenshiftV4IdentityProvider.<init>(OpenshiftV4IdentityProvider.java:63)
	at org.keycloak.social.openshift.OpenshiftV4IdentityProviderFactory.create(OpenshiftV4IdentityProviderFactory.java:20)
	at org.keycloak.social.openshift.OpenshiftV4IdentityProviderFactory.create(OpenshiftV4IdentityProviderFactory.java:8)
	at org.keycloak.services.resources.IdentityBrokerService.getIdentityProvider(IdentityBrokerService.java:1180)
	at org.keycloak.services.resources.IdentityBrokerService.clientInitiatedAccountLinking(IdentityBrokerService.java:325)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.client.ClientProtocolException
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.keycloak.social.openshift.OpenshiftV4IdentityProvider.getAuthJson(OpenshiftV4IdentityProvider.java:44)
	... 74 more
Caused by: org.apache.http.ProtocolException: Target host is not specified
	at org.apache.http.impl.conn.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:70)
	at org.apache.http.impl.client.InternalHttpClient.determineRoute(InternalHttpClient.java:124)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:183)
	... 78 more
@nickboldt
Copy link
Author

Now @dfestal had suggested that I need to do this:

curl -sSL -q -o /tmp/cr.yaml https://raw.githubusercontent.com/eclipse/che-operator/master/deploy/cluster_role.yaml
 curl -sSL -q -o /tmp/crb.yaml https://raw.githubusercontent.com/eclipse/che-operator/master/deploy/cluster_role_binding.yaml
oc apply -f /tmp/cr.yaml
oc apply -f /tmp/crb.yaml

But that does not seem to have worked as a subsequent step to deploying CRW. I suppose I can next try to perform these steps BEFORE deploying the CRW pods...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment