Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1154

Openshift Oauth doesn't work on Z

    XMLWordPrintable

Details

    Description

      When we deploy crw2.2 on PSI cluser with Openshift Oath set to true, an authentication issue occurs saying can't send authentication request to identity provider. Below I attach the detailed information on this issue. 

      Checking the logs in keycloak pods: 

      [0m[31m15:38:50,081 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-1) couldNotSendAuthenticationRequestMessage: org.keycloak.broker.provider.IdentityBrokerException: Could not initialize oAuth metadata at ........

      Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at ........

      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at .......

      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at ........

       

       

      FYI, if i set the Openshift Oauth to false, can release the crw web console successfully.

       

      Attachments

        1. authentication issue when open the crw web console.png
          authentication issue when open the crw web console.png
          318 kB
        2. logs1.png
          logs1.png
          1.08 MB
        3. logs2.png
          logs2.png
          1.06 MB
        4. logs3.png
          logs3.png
          1.06 MB

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. CRW-967 Installation of CRW with OS OAuth by crwctl with operator installer failed because operator was unable to get openshift oauth

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. CRW-987 RH SSO deployment error 'password auth failed for user "keycloak"' when installing CRW 2.2.0.RC1 by operator installer

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              kcrane@redhat.com Kirk Crane
              ruoxuan95 Doris Xu (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: