Hi team.
I have deployed the Docker version of the datahub, and I am testing the integration of SSO login normally. Currently, I have encountered an issue with pending here. Can someone help me for this issue please?
I am using Aauth2.0, and my configuration and error logs are as follows. I did not successfully redirect to the SSO page. i try to mount this jks file to images, after trying mount this jks, the service couldn’t start properly and kept restarting non-stop.
Can anyone give me some guidance?
Hi <@U05F2CWUS5C>, good morning. this is the log, From the front of the log, I saw that the ANTLR Tool version does not match. How should I solve it? The password for this test certificate should be correct
the error indicates that the truststore could not be loaded / verified. I don’t have additional info there, but that seems to be a valid issue then. Can you validate the truststore somehow?
Alternatively you could the existing truststore from the docker image and only append your specific certificate to it, then re-mount that one into the container
you’re providing a full jks file, right? That’s normally a container of multiple certificates, not just one (as its a full truststore)
It appears that truststore/jks file is invalid, or has an invalid password specified (according to the logs)
My idea was to copy the original jks file from the container to your local machine, add the required certificates to that jks file, then mount the new, combined jks files to the container
Oh, may I ask where the original files in the datahub front-end read are located?
I can copy it out and then reassemble it for testing, covering the original jks in mount mode
Unfortunately I don’t know the answer to this from the top of my head.
I would assume something like /lib/security/cacerts - but would have to dig into the container myself
When you disable the SSO, the container should start and you could ssh into it - then maybe follow a guide like https://stackoverflow.com/a/65931622 ? Good luck!
Hi <@U05F2CWUS5C> , good morning.
I found the certificate location in the image, then copied it to the server and used the following command to merge my certificate with it, and then mounted it back into the directory of the image.
command ex: keytool -import -alias a.crt -keystore cacerts -file a.crt
However, there was an error in the screenshot. I tried to search the history but couldn’t find the corresponding solution. I also attached a screenshot of the yml file. Can you give me some guidance? Actually, I couldn’t find any more solutions
Hey
I’m no expert with truststores, but that feels like the certificate you have has a “wrong” encryption algorithm provided. Whatever that means
For our setup, we received a full cacerts file from our infra team and I mounted that as a truststore. That was all that was needed to make it work.
Make sure your message includes the following information if relevant, so we can help more effectively!
