${resource:CF_GenericContent}test

If an answer to your question is correct, click on "Verify Answer" under the "More" button.  The answer will now appear with a checkmark.  Please be sure to always mark answers that resolve your issue as verified.  Your fellow Community members will appreciate it!  Learn more.

  • State Not Answered
  • Replies replies
    20
  • Subscribers subscribers
    14
  • Views views
    2557
  • Users 0 members are here
  • Locked Locked
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

6.3.4 upgrade fails to authenticate to Filr

JvdMeij

I have upgrade the Advanced Authentication from 6.3.3 to 6.3.4 security updates. Before I was able to login with the Filr Desktop Client and the web client. Now it hangs after the approval on my mobile and I am not able to login.

In the web client I see a message 'WebAuth feature is not running'.

In the Filr desktop client I get this error, but it was already there for a long time while it was working anyway:

[WARNING] Unhandled HTTP error: 302 (aa.<<domain>>/.../grant (aca.onprem.apiserver.restapi).

Anyone?

 

 

 

Parents
  • 0

    Workaround:

    docker cp aaf_aucore_1:/opt/AuCore/static/nginx.conf.j2 /tmp/​

    vi /tmp/nginx.conf.j2 â€‹

    Change proxy_buffer_size value from 8k to 16k, so it must be:​
    proxy_buffer_size 16k;​

    Add a couple of new lines below:​
    proxy_busy_buffers_size 24k;​
    proxy_buffers 64 4k;​

    docker cp /tmp/nginx.conf.j2 aaf_aucore_1:/opt/AuCore/static/​

    systemctl restart aauth​

     

    The proposed values may not be enough if a user is a member of about 100 groups. We are currently working to estimate the optimal values.

  • 0 in reply to 

    docker cp aaf_aucore_1:/opt/AuCore/static/nginx.conf.j2 /tmp/​  ==> this returns a file without name in the tmp directory.

    docker cp aaf_aucore_1:/opt/AuCore/static/nginx.conf.j2 /tmp/​nginx.conf.j2 ==> this returns a file with the correct name in the tmp directory.

    But when I do a vi on that file it still edits a 'new' empty file. Though the filesize is 11145 bytes.

    Did I miss something?

     

  • 0 in reply to 

    I succeeded to implement the workaround by specifying the filename in the destination and using another folder. But it does not make it better.

  • 0 in reply to 

    Please check if the command will show the three parameters with the new values?

    cat /var/lib/docker/volumes/aaf_webd-config/_data/nginx.conf | grep proxy_bu

     

    proxy_buffer_size 16k;

    proxy_busy_buffers_size 24k;

    proxy_buffers 64 4k;

  • 0 in reply to 

    This is the output:

    Last login: Mon Apr 12 14:54:32 2021 from 10.0.0.111
    fs-naaf:~ # cat /var/lib/docker/volumes/aaf_webd-config/_data/nginx.conf|grep proxy_bu
                proxy_buffer_size 16k;
                proxy_busy_buffers_size 24k;
                proxy_buffers 64 4k;

    Seems correct?

     

  • 0 in reply to 

    Yes.

    Do you still see the error "WebAuth feature is not running" or this was changed?

    How big your membership in the repository groups?

    If you will enable the Developer Tools in your browser, how much length will be the URL in the operation before getting the error? 

  • 0 in reply to 

    Here you are.

    aucore-logs_2021-04-12_2021-04-13.zip
  • 0 in reply to 

    The zip seems to be corrupted. It's only 230 bytes.

  • 0 in reply to 

    zuuut..

    aucore-logs_2021-04-12_2021-04-13.zip
  • 0 in reply to 

    Based on the errors I see, I recommend creating a new OAuth 2.0 event and apply the new Event name, Client ID, and Client Secret on the Filr side.

    If the issue still not solved after that and you see the same error, did you experience it in the previous version you had and which version you had before? 6.3.3?

  • 0 in reply to 

    I just ran into this same issue with Access manager (4.5.3.3).  I tried creating a new event but that didn't help.  I increased the nginx header size as suggested and then ran into the header size issue in access manager and had to increase that as well.  Once the headers were increased on both systems it worked.

    Is this suggested nginx change persistent in the container?  

    I had this issue in my production environment even though dev and test worked fine.  

    Is this a know issue in 6.3.4? 

     

    Thanks,
    Jeremiah

  • 0 in reply to 
    Jeremiah, we are currently working on 6.3.4 Patch 1 that will have some new settings per Event to limit the number of returning groups. We hope to release it next week.
  • 0 in reply to 

    Hello George and   others,

    The thing with the groups is one thing. Hopefully another defect, known as defect 327040 will be solved with this patch.

  • 0 in reply to 

    On Thursday I had a conversation with development, they state it should be fixed as well.

  • 0 in reply to 

    Thanks for the update.  Does the access manager integration with advanced auth pass groups?  

  • 0 in reply to 
    Yes, in 6.3.4 it happens for any OAuth 2.0 integration. In 6.3.4.1 this will be disabled by default and can be configured per event if needed.
Reply Children
No Data

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.