|Talend Version (Required)||6.4.1|
|Using the 6.4.1 Installer, TAC, IAM, and TDS were installed, but the user cannot log into Data Stewardship.|
|Product (Required)||Data Stewardship, IAM, TAC|
After using the 6.4.1 Installer without any errors, the user cannot log into Data Stewardship.
The TAC, IAM and Data Stewardship services are up and running.
The login/user used is Active in TAC.
In the 6.4.1_installer\iam\apache-tomcat\conf folder, the iam.properties file contains the line email@example.com:
So in this case, firstname.lastname@example.org needs to be Active in TAC:
The customer was using a hostname similar to this format: aaaa.bbbbb.cccc.dddd.eeee.
So they would access Data Stewardship using a URL such as:
Looking at the different log files under /iam/logs, this error was found in the idp.log:
2017-09-05 16:41:16.815 [1;31m-ERROR[0;39m [http-apr-9080-exec-3] o.a.c.f.s.i.b.EndpointAddressValidator : The endpointAddress value of http:/ /10.22.123.999:9080/oidc/idp/authorize does not match any of the passive requestor values
Looking at the \6.4.1_installer\tds\apache-tomcat\conf\data-stewardship.properties file, these values for oidc.url and oidc.userauth.url were seen:
|Problem root cause|
|Solution or Workaround||
These values were changed to use the hostname:
oidc.url=http:/ /aaaa.bbbbb.cccc.dddd.eeee:9080/oidc oidc.userauth.url=http:/ /aaaa.bbbbb.cccc.dddd.eeee:9080/oidc
After restarting the IAM and TDS services, the error was still there but in the idp.log file a different error appeared:
2017-09-06 14:25:00.230 [31m- WARN[0;39m [http-apr-9080-exec-5] o.a.c.f.s.idp.beans.CommonsURLValidator : The given endpointAddress parameter http:/ /aaaa.bbbbb.cccc.dddd.eeee:9080/oidc/idp/authorize is not a valid URL
In this case, the error is related to the validity of the hostname. IAM uses Fediz, but when a new OIDC client is registered, the redirect URL is validated. This means that non-standard TLD names cannot be used.
To resolve this, one line was added to the iam.properties file:
iam.additionalTLDs=lan,eeee,dddd,cccc,bbbbb,aaaa - restart iam and tds services;
The login was then successful.
|JIRA ticket number||TPSVC-2981|