Predix_Logo
  • Categories
    • Questions
    • Predix | Updates
      • Pricing
      • Product
    • Deloitte - Private
    • How-To
    • Accenture-Private
  • Explore
    • Topics
    • Questions
    • Articles
    • Feedback or Feature Requests
  • Sign in
  • Home /
  • Questions /
avatar image
0
Question by amir.alavi@ge.com · Feb 02, 2016 at 09:07 PM · uaapredix seedauthenticationhttp-status-code-502

predix-seed not authenticating UAA instance

I've been following the predix-seed readme file on GitHub for the past couple of days but still no luck.

This is what's added to the log file for my cf app:

 2016-02-02T15:46:36.04-0500 [App/0]      OUT ==> /home/vcap/app/openresty/nginx/logs/access.log <==
 2016-02-02T15:46:36.04-0500 [App/0]      OUT 3.202.95.242, 10.202.83.26 - https://436c5f88-9dc7-4ec0-b32f-03294ffb9103.predix-uaa-staging.grc-apps.svc.ice.ge.com/login - [02/Feb/2016:20:46:35 +0000] "GET /callback?code=vqs45I&state=/dashboards HTTP/1.1" 500 198
 2016-02-02T15:46:36.04-0500 [App/0]      OUT ==> /home/vcap/app/openresty/nginx/logs/error.log <==
 2016-02-02T15:46:36.04-0500 [App/0]      OUT 2016/02/02 20:46:35 [error] 38#0: *25 lua entry thread aborted: runtime error: /home/vcap/app/get_access_token.lua:15: Expected value but found invalid token at character 1
 2016-02-02T15:46:36.04-0500 [App/0]      OUT stack traceback:
 2016-02-02T15:46:36.04-0500 [App/0]      OUT coroutine 0:
 2016-02-02T15:46:36.04-0500 [App/0]      OUT     [C]: in function 'decode'
 2016-02-02T15:46:36.04-0500 [App/0]      OUT     /home/vcap/app/get_access_token.lua:15: in function 'exchange_code_for_token'
 2016-02-02T15:46:36.04-0500 [App/0]      OUT     /home/vcap/app/get_access_token.lua:23: in function </home/vcap/app/get_access_token.lua:19> while sending to client, client: 10.202.83.25, server: localhost, request: "GET /callback?code=vqs45I&state=/dashboards HTTP/1.1", host: "sit-webapp-sample.grc-apps.svc.ice.ge.com", referrer: "https://436c5f88-9dc7-4ec0-b32f-03294ffb9103.predix-uaa-staging.grc-apps.svc.ice.ge.com/login"


And here is what's added to the log file for my cf app:

 3.202.95.242, 10.202.83.26 - http://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:07 +0000] "GET /userinfo HTTP/1.1" 401 36
 3.202.95.242, 10.202.83.26 - http://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:07 +0000] "GET /userinfo HTTP/1.1" 401 36
 3.202.95.242, 10.202.83.26 - http://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:07 +0000] "GET /login?state=/dashboards HTTP/1.1" 302 166
 3.202.95.242, 10.202.83.26 - http://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:09 +0000] "GET /callback?code=GMZ5Kh&state=/dashboards HTTP/1.1" 500 198
 3.202.95.242, 10.202.83.26 - - - [02/Feb/2016:20:46:26 +0000] "GET / HTTP/1.1" 200 2239
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:26 +0000] "GET /bower_components/px/dist/px.min.js HTTP/1.1" 200 1099
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:27 +0000] "GET /bower_components/es6-promise/dist/es6-promise.min.js HTTP/1.1" 200 3768
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:27 +0000] "GET /bower_components/webcomponentsjs/webcomponents-lite.js HTTP/1.1" 200 16639
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:27 +0000] "GET /polymer-loader.vulcanized.html HTTP/1.1" 200 985263
 3.202.95.242, 10.202.83.26 - - - [02/Feb/2016:20:46:27 +0000] "GET /images/favicon.png HTTP/1.1" 200 509
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:29 +0000] "GET /bower_components/px-typography-design/type/GEInspiraSans-Regular-v01.woff HTTP/1.1" 200 59612
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:30 +0000] "GET /userinfo HTTP/1.1" 401 36
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:30 +0000] "GET /bower_components/requirejs/require.js HTTP/1.1" 200 20964
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:30 +0000] "GET /bower_components/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1" 200 64464
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:30 +0000] "GET /scripts/bootstrapper.js HTTP/1.1" 200 108733
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:31 +0000] "GET /userinfo HTTP/1.1" 401 36
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:31 +0000] "GET /views/dashboards.html HTTP/1.1" 200 248
 3.202.95.242, 10.202.83.26 - https://sit-webapp-sample.grc-apps.svc.ice.ge.com/ - [02/Feb/2016:20:46:31 +0000] "GET /login?state=/dashboards HTTP/1.1" 302 166
 3.202.95.242, 10.202.83.26 - https://436c5f88-9dc7-4ec0-b32f-03294ffb9103.predix-uaa-staging.grc-apps.svc.ice.ge.com/login - [02/Feb/2016:20:46:35 +0000] "GET /callback?code=vqs45I&state=/dashboards HTTP/1.1" 500 198


Comment
Add comment
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

3 Replies

  • Sort: 
avatar image
2
Best Answer

Answer by amir.alavi@ge.com · Feb 04, 2016 at 09:04 PM

I was not using the correct base64 credentials.

I ran the following command to encode the credentials

echo myclient:clientsecret | base64

The command above adds the new line return. Instead, I should have used -n as listed below

echo -n myclient:clientsecret | base64

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
1

Answer by Anh V. Nguyen · Feb 03, 2016 at 08:15 PM

@amir.alavi@ge.com please check your client's scopes and authorities, make sure they have uaa.resource, according to the logs, I can see that you've failed to get /userinfo which will call to /check_token api of your UAA. For calling the /check_token api, you client need uaa.resource in its scopes and authorities.

Comment
Add comment · Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image amir.alavi@ge.com · Feb 03, 2016 at 09:03 PM 0
Share

@AnhNV16@fsoft.com.vn I just added it and I'm still getting the same issue:

   scope: openid scim.me uaa.resource views.zones.c790d22c-fa2c-4670-bcdc-0bd0481cf70a.user
   client_id: sit
   resource_ids: none
   authorized_grant_types: authorization_code password refresh_token
   autoapprove: scim.me uaa.resource openid views.zones.c790d22c-fa2c-4670-bcdc-0bd0481cf70a.user
   action: none
   authorities: scim.me uaa.resource openid
   name: sit
avatar image Benjamin Schwitter · Mar 24, 2017 at 12:41 AM 0
Share

Thanks for the hint, this was exactly my issue.

avatar image
0

Answer by Priya Bandaru · Feb 03, 2016 at 07:29 PM

Hi Amir,

Can you please create a ticket here : https://www.predix.io/support/secure/new and support will help you resolve the issue.

Thanks, Priya.

Comment
Add comment · Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image amir.alavi@ge.com · Feb 03, 2016 at 09:11 PM 0
Share

I cannot create a ticket @priya.bandaru@ge.com It seems to be a javascript error on the page...

avatar image amir.alavi@ge.com · Feb 04, 2016 at 07:07 PM 0
Share

Here is the error I get: Uncaught TypeError: Cannot read property 'redirectInternalServer' of undefined

Follow this Question

Answers Answers and Comments

13 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

predix-seed local UAA authentication 3 Answers

Controlling angular routes depending on UAA User 2 Answers

Unable to start a Basic app 5 Answers

Getting JWT token for Authorization header 1 Answer

View service always return UNAUTHORIZED 2 Answers

GE Monogram
  • Legal
  • Cookies
  • Forum Terms
  • Contact Us
  • Copyright © 2017 General Electric Company. All rights reserved.


Enterprise
Social Q&A

  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Submit your feedback or feature request
  • Categories
  • Questions
  • Predix | Updates
    • Pricing
    • Product
  • Deloitte - Private
  • How-To
  • Accenture-Private
  • Explore
  • Topics
  • Questions
  • Articles
  • Feedback or Feature Requests