Project

General

Profile

Tâche #16831

Distribution EOLE - Scénario #16807: Qualification campagne de test 2.6.0-beta1

Impossible de se connecter à l’EAD (erreur TLS) (HORUS-T02-001)

Added by Daniel Dehennin about 5 years ago. Updated about 5 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
07/27/2016
Due date:
% Done:

100%

Estimated time:
4.00 h
Spent time:
Remaining (hours):
0.0

Description

Au pas de test №2 l’authentification n’est pas possible.

Dans les logs ead-server :

2016-07-27T10:53:21.342766+02:00 horus.etb1.lan ead-server[9822]: 2016/07/27 10:53:21  [HTTPChannel (TLSMemoryBIOProtocol),1,10.1.1.10] Frontend forcé en local
2016-07-27T10:53:21.343218+02:00 horus.etb1.lan ead-server[9822]: 2016/07/27 10:53:21  [HTTPChannel (TLSMemoryBIOProtocol),1,10.1.1.10] #   Authentification auprès du serveur SSO   #
2016-07-27T10:53:21.343596+02:00 horus.etb1.lan ead-server[9822]: 2016/07/27 10:53:21  [HTTPChannel (TLSMemoryBIOProtocol),1,10.1.1.10] Debug manuel: app_ticket => ST-10.1.1.10-26559c540ec89c79e60cb0b283a3e900f8eff5e8d8f8f0ec8d996726
2016-07-27T10:53:21.344000+02:00 horus.etb1.lan ead-server[9822]: 2016/07/27 10:53:21  [HTTPChannel (TLSMemoryBIOProtocol),1,10.1.1.10] Debug manuel: app_path => https://horus.etb1.lan:4200/connect/
2016-07-27T10:53:21.352582+02:00 horus.etb1.lan ead-server[9822]: 2016/07/27 10:53:21  [HTTPChannel (TLSMemoryBIOProtocol),1,10.1.1.10] Unhandled Error
2016-07-27T10:53:21.352772+02:00 horus.etb1.lan ead-server[9822]: #011Traceback (most recent call last):
2016-07-27T10:53:21.352886+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/dist-packages/twisted/web/server.py", line 183, in process
2016-07-27T10:53:21.352994+02:00 horus.etb1.lan ead-server[9822]: #011    self.render(resrc)
2016-07-27T10:53:21.353100+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/dist-packages/twisted/web/server.py", line 234, in render
2016-07-27T10:53:21.353207+02:00 horus.etb1.lan ead-server[9822]: #011    body = resrc.render(self)
2016-07-27T10:53:21.353324+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/share/ead2/backend/lib/eadserver.py", line 197, in render
2016-07-27T10:53:21.353433+02:00 horus.etb1.lan ead-server[9822]: #011    defer.maybeDeferred(function, client_ip, *args).addErrback(
2016-07-27T10:53:21.353536+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 150, in maybeDeferred
2016-07-27T10:53:21.353641+02:00 horus.etb1.lan ead-server[9822]: #011    result = f(*args, **kw)
2016-07-27T10:53:21.353749+02:00 horus.etb1.lan ead-server[9822]: #011--- <exception caught here> ---
2016-07-27T10:53:21.353851+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/share/ead2/backend/lib/eadserver.py", line 425, in xmlrpc_get_magic_number
2016-07-27T10:53:21.353957+02:00 horus.etb1.lan ead-server[9822]: #011    app_path)
2016-07-27T10:53:21.354084+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/xmlrpclib.py", line 1243, in __call__
2016-07-27T10:53:21.354190+02:00 horus.etb1.lan ead-server[9822]: #011    return self.__send(self.__name, args)
2016-07-27T10:53:21.354293+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/xmlrpclib.py", line 1602, in __request
2016-07-27T10:53:21.354397+02:00 horus.etb1.lan ead-server[9822]: #011    verbose=self.__verbose
2016-07-27T10:53:21.354507+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/xmlrpclib.py", line 1283, in request
2016-07-27T10:53:21.354612+02:00 horus.etb1.lan ead-server[9822]: #011    return self.single_request(host, handler, request_body, verbose)
2016-07-27T10:53:21.354718+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/xmlrpclib.py", line 1311, in single_request
2016-07-27T10:53:21.354824+02:00 horus.etb1.lan ead-server[9822]: #011    self.send_content(h, request_body)
2016-07-27T10:53:21.354929+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/xmlrpclib.py", line 1459, in send_content
2016-07-27T10:53:21.355032+02:00 horus.etb1.lan ead-server[9822]: #011    connection.endheaders(request_body)
2016-07-27T10:53:21.355600+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/httplib.py", line 1053, in endheaders
2016-07-27T10:53:21.355785+02:00 horus.etb1.lan ead-server[9822]: #011    self._send_output(message_body)
2016-07-27T10:53:21.355976+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/httplib.py", line 897, in _send_output
2016-07-27T10:53:21.356158+02:00 horus.etb1.lan ead-server[9822]: #011    self.send(msg)
2016-07-27T10:53:21.356343+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/httplib.py", line 859, in send
2016-07-27T10:53:21.356754+02:00 horus.etb1.lan ead-server[9822]: #011    self.connect()
2016-07-27T10:53:21.357039+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/httplib.py", line 1278, in connect
2016-07-27T10:53:21.359329+02:00 horus.etb1.lan ead-server[9822]: #011    server_hostname=server_hostname)
2016-07-27T10:53:21.359597+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/ssl.py", line 353, in wrap_socket
2016-07-27T10:53:21.359863+02:00 horus.etb1.lan ead-server[9822]: #011    _context=self)
2016-07-27T10:53:21.360120+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/ssl.py", line 601, in __init__
2016-07-27T10:53:21.360401+02:00 horus.etb1.lan ead-server[9822]: #011    self.do_handshake()
2016-07-27T10:53:21.360674+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/ssl.py", line 838, in do_handshake
2016-07-27T10:53:21.360949+02:00 horus.etb1.lan ead-server[9822]: #011    match_hostname(self.getpeercert(), self.server_hostname)
2016-07-27T10:53:21.367385+02:00 horus.etb1.lan ead-server[9822]: #011  File "/usr/lib/python2.7/ssl.py", line 276, in match_hostname
2016-07-27T10:53:21.367745+02:00 horus.etb1.lan ead-server[9822]: #011    % (hostname, dnsnames[0]))
2016-07-27T10:53:21.368049+02:00 horus.etb1.lan ead-server[9822]: #011ssl.CertificateError: hostname '10.1.1.10' doesn't match 'horus.etb1.lan'
2016-07-27T10:53:21.368343+02:00 horus.etb1.lan ead-server[9822]: #011

Related issues

Related to Distribution EOLE - Tâche #16239: l'URL de l'EAD préenregistré est invalide et ne correspond pas au certificat Fermé 05/30/2016

Associated revisions

Revision c70c13e5 (diff)
Added by Emmanuel GARETTE about 5 years ago

La variable 'nom_domaine_machine' est utilisé pour le calcul de la valeur de eolesso_adresse (ref #16831 @2h)

Revision 34857f27 (diff)
Added by Emmanuel GARETTE about 5 years ago

Il n'est plus possible de mettre des IP dans la variable eolesso_adresse (ref #16831 @1h)

Revision c593722c (diff)
Added by Joël Cuissinat about 5 years ago

Mise à jour de l'aide pour eolesso_adresse

Ref: #16831 @10m

Revision cf8e8600 (diff)
Added by Joël Cuissinat about 5 years ago

Test unitaire validant les types Creole domaine et nom d'hôte

Ref: #16831 @30m

History

#1 Updated by Daniel Dehennin about 5 years ago

  • Project changed from Distribution EOLE to ead

#2 Updated by Daniel Dehennin about 5 years ago

  • Subject changed from HORUS-T01-001 : impossible de se connecter à l’EAD (erreur TLS) to Impossible de se connecter à l’EAD (erreur TLS) (HORUS-T01-001)

#3 Updated by Emmanuel GARETTE about 5 years ago

  • Status changed from Nouveau to En cours
  • Assigned To set to Emmanuel GARETTE

La valeur de la variable "eolesso_adresse" est mal calculé.

En effet, si web_url n'existe pas (c'est le cas sur Horus), c'est adresse_ip_eth0 qui est utilisé.

Cela devrait être un nom de domaine. Il faut changer le calcul pour utiliser la variable nom_domaine_machine.

#4 Updated by Emmanuel GARETTE about 5 years ago

  • % Done changed from 0 to 90
  • Remaining (hours) changed from 4.0 to 1.0

A priori eolesso_adresse ne devrait jamais être une IP. Il faut décidé si on interdit les IP.

Si oui il faut changer l'aide, la documentation et le type (domain_strict au lieu de domain).

#5 Updated by Emmanuel GARETTE about 5 years ago

  • Subject changed from Impossible de se connecter à l’EAD (erreur TLS) (HORUS-T01-001) to Impossible de se connecter à l’EAD (erreur TLS) (HORUS-T02-001)

#6 Updated by Scrum Master about 5 years ago

Décision : utiliser le type domain_strict + OK pour le calcul (fill) modifié.

#7 Updated by Emmanuel GARETTE about 5 years ago

  • % Done changed from 90 to 100
  • Remaining (hours) changed from 1.0 to 0.25

#8 Updated by Scrum Master about 5 years ago

  • Status changed from En cours to Résolu

#9 Updated by Joël Cuissinat about 5 years ago

Test ré-exécuté sans problème, la valeur calculée est bien celle attendu et on a bien :

root@horus:~# rgrep "variable name='eolesso_adresse'" /usr/share/eole/creole/dicos/*
/usr/share/eole/creole/dicos/21_sso.xml:            <variable name='eolesso_adresse' type='domain_strict' description= "Nom de domaine du serveur d'authentification SSO"/>
/usr/share/eole/creole/dicos/21_sso.xml:        <variable name='eolesso_adresse'>Nom de domaine ou adresse IP du serveur d'authentification, ne pas utiliser localhost ou 127.0.0.1</variable>

Par contre la validation "domain_strict" n'est pas fonctionnelle et la balise help est à mettre à jour...

#10 Updated by Joël Cuissinat about 5 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.25 to 0.0

OK avec tiramisu 2.0.15-1

Also available in: Atom PDF