Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-2750

Authentication "500 Internal Error" when accessing RHPAM (Business Automation) operator application

    XMLWordPrintable

Details

    Description

      Originally filed in https://bugzilla.redhat.com/show_bug.cgi?id=1801913

      Description of problem:
      I installed the latest Openshift 4.3 version, and I used a custom ingress cert following the documentation here [1].
      The proxy sidecar from the console-cr-form appear to not be receiving the custom trust bundle. This issue looks to be very similar to what we saw here [2]

      [1] https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html
      [2] https://bugzilla.redhat.com/show_bug.cgi?id=1766181

      Version-Release number of selected component (if applicable):
      OCP4.3
      Business Automation Operator is 1.3.0

      How reproducible:
      100% of time when using a custom ingress certificate

      Steps to Reproduce:
      1. Follow steps here to replace the default ingress certificate: https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html
      2. Try to authenticate to https://console-cr-form-newcastle-devel.apps.paas.dev.psi.redhat.com

      Actual results:
      Browser error "500 Internal Error"

      1. oauth-proxy container error
        oc logs console-cr-form -c oauth-proxy
        ...

      2020/02/10 15:19:28 oauthproxy.go:649: error redeeming code (client:172.129.4.1:40568): Post https://oauth-openshift.apps.ocp.prod.psi.redhat.com/oauth/token: x509: certificate signed by unknown authority
      2020/02/10 15:19:28 oauthproxy.go:439: ErrorPage 500 Internal Error Internal Error

      Expected results:
      No 500 error after login

      1. oauth-proxy container success example
        oc logs console-cr-form -c oauth-proxy
        ...
        2020/02/11 21:53:42 oauthproxy.go:679: 10.131.0.1:51390 authentication complete Session {kube:admin@cluster.local token:true}

      Additional info:

      Attachments

        Activity

          People

            tohughes Tommy Hughes
            adkaplan@redhat.com Adam Kaplan
            Jose Carvajal Hilario Jose Carvajal Hilario
            Jose Carvajal Hilario Jose Carvajal Hilario
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: