The problem that I am having is showing up after I entered the credential at the login page. I tried to use the Oauth provider with indico 2.3.
Any thoughts?
Thanks
The problem that I am having is showing up after I entered the credential at the login page. I tried to use the Oauth provider with indico 2.3.
Any thoughts?
Thanks
Full traceback from the log please…
Also, does your oauth provider have a proper TLS certificate?
Thanks for quick reply. please see the below Full traceback. yes, we have a proper TLS certificate.
Traceback (most recent call last):
File "/opt/indico/.venv/local/lib/python2.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/indico/.venv/local/lib/python2.7/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/indico/web/rh.py", line 324, in wrapper
return cls(partial(func, *args, **kwargs)).process()
File "/opt/indico/.venv/local/lib/python2.7/site-packages/indico/web/rh.py", line 275, in process
res = self._do_process()
File "/opt/indico/.venv/local/lib/python2.7/site-packages/indico/web/rh.py", line 245, in _do_process
rv = self._process()
File "/opt/indico/.venv/local/lib/python2.7/site-packages/indico/web/rh.py", line 316, in _process
rv = self.func()
File "/opt/indico/.venv/local/lib/python2.7/site-packages/flask_multipass/util.py", line 123, in decorator
return func(*args, **kwargs)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/flask_multipass/providers/authlib.py", line 117, in _authorize_callback
token_data = self.authlib_client.authorize_access_token()
File "/opt/indico/.venv/local/lib/python2.7/site-packages/authlib/integrations/flask_client/remote_app.py", line 76, in authorize_access_token
token = self.fetch_access_token(**params)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/authlib/integrations/base_client/remote_app.py", line 110, in fetch_access_token
token = client.fetch_token(token_endpoint, **kwargs)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/authlib/oauth2/client.py", line 205, in fetch_token
headers=headers, **session_kwargs
File "/opt/indico/.venv/local/lib/python2.7/site-packages/authlib/oauth2/client.py", line 221, in _fetch_token
method, url, data=body, headers=headers, auth=auth, **kwargs)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/authlib/integrations/requests_client/oauth2_session.py", line 113, in request
method, url, auth=auth, **kwargs)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/opt/indico/.venv/local/lib/python2.7/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='XXXXX', port=443): Max retries exceeded with url: /oauth2/token (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),))
The error disagrees with it.
Since you blanked out the host I can’t check it myself (wouldn’t work anyway if it’s not accessible from the public internet), but assuming you can connect to the host using e.g. curl
without TLS problems, it may be a custom enterprise CA that’s not included in public trust databases.
If that’s the case, try setting the REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt
env var (the filename may be slightly different depending on your linux distribution - check what file exists!). You can set it like this in /etc/uwsgi.ini
(restart uwsgi afterwards):
env = REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt
This what I hire from our infrastructure team.
This is a test server. it’s not accessible from the public internet. Therefore, I removed it.
I just waiting for our security team to check this issue. I will let you know when it solved.
Thanks
@ThiefMaster still I have a server issue with the OAuth certificate at test environment,
is there a way to disable SSL verification for OAuth.
Thanks
Have you tried this?
You can also try setting the AUTHLIB_INSECURE_TRANSPORT
env var to allow plain HTTP for testing.
Yes, I tried it and I have the same error, unfortunately. this server configuration error, not related indico.
Thanks