This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

6.3.4 upgrade fails to authenticate to Filr

I have upgrade the Advanced Authentication from 6.3.3 to 6.3.4 security updates. Before I was able to login with the Filr Desktop Client and the web client. Now it hangs after the approval on my mobile and I am not able to login.

In the web client I see a message 'WebAuth feature is not running'.

In the Filr desktop client I get this error, but it was already there for a long time while it was working anyway:

[WARNING] Unhandled HTTP error: 302 (aa.<<domain>>/.../grant (aca.onprem.apiserver.restapi).

Anyone?

 

 

 

  • 0

    Workaround:

    docker cp aaf_aucore_1:/opt/AuCore/static/nginx.conf.j2 /tmp/​

    vi /tmp/nginx.conf.j2 â€‹

    Change proxy_buffer_size value from 8k to 16k, so it must be:​
    proxy_buffer_size 16k;​

    Add a couple of new lines below:​
    proxy_busy_buffers_size 24k;​
    proxy_buffers 64 4k;​

    docker cp /tmp/nginx.conf.j2 aaf_aucore_1:/opt/AuCore/static/​

    systemctl restart aauth​

     

    The proposed values may not be enough if a user is a member of about 100 groups. We are currently working to estimate the optimal values.

  • 0 in reply to 

    docker cp aaf_aucore_1:/opt/AuCore/static/nginx.conf.j2 /tmp/​  ==> this returns a file without name in the tmp directory.

    docker cp aaf_aucore_1:/opt/AuCore/static/nginx.conf.j2 /tmp/​nginx.conf.j2 ==> this returns a file with the correct name in the tmp directory.

    But when I do a vi on that file it still edits a 'new' empty file. Though the filesize is 11145 bytes.

    Did I miss something?

     

  • 0 in reply to 

    I succeeded to implement the workaround by specifying the filename in the destination and using another folder. But it does not make it better.

  • 0 in reply to 

    Please check if the command will show the three parameters with the new values?

    cat /var/lib/docker/volumes/aaf_webd-config/_data/nginx.conf | grep proxy_bu

     

    proxy_buffer_size 16k;

    proxy_busy_buffers_size 24k;

    proxy_buffers 64 4k;

  • 0 in reply to 

    This is the output:

    Last login: Mon Apr 12 14:54:32 2021 from 10.0.0.111
    fs-naaf:~ # cat /var/lib/docker/volumes/aaf_webd-config/_data/nginx.conf|grep proxy_bu
                proxy_buffer_size 16k;
                proxy_busy_buffers_size 24k;
                proxy_buffers 64 4k;

    Seems correct?

     

  • 0 in reply to 

    Yes.

    Do you still see the error "WebAuth feature is not running" or this was changed?

    How big your membership in the repository groups?

    If you will enable the Developer Tools in your browser, how much length will be the URL in the operation before getting the error? 

  • 0 in reply to 

    No I don't see the error anymore. It just jumps back to the login screen. Membership groups is not big. Less than 10.

    But now I get an other error from the AA server (translated from Dutch):

    Error: The service may be unavailable or an incorrect request has been made by an active service. Contact your system administrator. (An incorrect OAuth2 request is received)

  • 0 in reply to 

    Okay, so we moved forward...

    To get the helpful logs, you need to login to the Administrative Portal - Logs. Enable the debug logging. If the debug logging was enabled, disable it and enable it back. Then reproduce the issue again and check the Web Service tab. It will contain many interesting details.

    If you can share the complete logs package with me, I will try to help.

  • 0 in reply to 

    I got the logs, but I do not find a clear answer. How can I send the logs to you? tgz files are not accepted here. File is log for today only and is 6.2Mb.

  • 0 in reply to 

    You can zip them and attach them here.