[one-users] Can't Log Into Sunstone

Hutson Betts hut101 at tamu.edu
Sat Dec 17 19:34:24 PST 2011


I'm currently having an issue logging into the Sunstone web interface
using Sunstone's basic authentication.

Visually, I can see the login panel just fine. However, when I enter in
the credentials for the "oneadmin" user and press "Login", I am brought
back to the login page with the following URL:
	https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]

Now, my setup is a little convoluted to say the least.

My Sunstone configuration file, /etc/one/sunstone-server.conf, is the
following:
# OpenNebula sever contact information
:one_xmlrpc: http://localhost:2633/RPC2
# Server Configuration
:host: 127.0.0.1
:port: 9869
:auth: basic
# VNC Configuration
:vnc_proxy_base_port: 29876
:novnc_path: /usr/share/one/noVNC

My Apache site configuration file is the following:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
	...
        <IfModule mod_proxy.c>
                <Location /occi>
                        ProxyPass http://localhost:4567/ ttl=60
                        ProxyPassReverse http://localhost:4567/
                </Location>
        </IfModule>

        <IfModule mod_proxy.c>
                <Location /sunstone>
                        ProxyPass http://localhost:9869/ ttl=60
                        ProxyPassReverse http://localhost:9869/
                </Location>
        </IfModule>
	...

I know the site configuration works just fine when interacting with the
OCCI proxy.

To gain access to the Sunstone server, I have to use SSH
port-forwarding:
	ssh -A -L 9999:[OPENNEBULA SERVER]:443 [USERNAME]@[SERVER]


The Sunstone log file shows the following:
== Sinatra/1.3.1 has taken the stage on 9869 for development with backup
from Thin
10.1.0.3 - - [17/Dec/2011 21:12:46] "GET / HTTP/1.1" 200 1518 0.0060
10.1.0.3 - - [17/Dec/2011 21:12:48] "GET // HTTP/1.1" 200 1518 0.0016
10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //css/login.css HTTP/1.1" 200
4056 0.0026
10.1.0.3 - - [17/Dec/2011 21:12:48]
"GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0014
10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/panel.png HTTP/1.1"
200 5227 0.0018
10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/login.png HTTP/1.1"
200 4097 0.0011
10.1.0.3 - - [17/Dec/2011 21:12:51] "GET //images/login.png HTTP/1.1"
200 4097 0.0013
10.1.0.3 - - [17/Dec/2011 21:12:52] "GET //images/panel.png HTTP/1.1"
200 5227 0.0024
10.1.0.3 - - [17/Dec/2011 21:12:52]
"GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0013
10.1.0.3 - - [17/Dec/2011 21:12:58] "GET //images/login_over.png
HTTP/1.1" 200 4351 0.0013
10.1.0.3 - - [17/Dec/2011 21:12:59]
"GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0017
10.1.0.3 - - [17/Dec/2011 21:13:11]
"GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0019
127.0.0.1 - - [17/Dec/2011 21:19:14]
"GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0018
10.1.0.3 - - [17/Dec/2011 21:21:13]
"GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0016
10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //css/login.css HTTP/1.1" 200
4056 0.0011
10.1.0.3 - - [17/Dec/2011 21:21:13]
"GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0012
10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/panel.png HTTP/1.1"
200 5227 0.0012
10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/login.png HTTP/1.1"
200 4097 0.0016


Apache log files on the server hosting Sunstone:
10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
"GET /sunstone/?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 9461
"https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
"Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
Gecko) Chrome/6.0.472.63 Safari/534.3"

10.1.0.3 - - [17/Dec/2011:21:21:13 -0600] "GET /sunstone/css/login.css
HTTP/1.1" 200 1428
"https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
"Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
Gecko) Chrome/6.0.472.63 Safari/534.3"

10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
"GET /sunstone/images/opennebula-sunstone-big.png HTTP/1.1" 200 8223
"https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
"Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
Gecko) Chrome/6.0.472.63 Safari/534.3"

10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
"GET /sunstone/images/panel.png HTTP/1.1" 200 3146
"https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
"Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
Gecko) Chrome/6.0.472.63 Safari/534.3"

10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
"GET /sunstone/images/login.png HTTP/1.1" 200 3450
"https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
"Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
Gecko) Chrome/6.0.472.63 Safari/534.3"

10.1.0.3 - - [17/Dec/2011:21:21:14 -0600] "GET /favicon.ico HTTP/1.1"
403 404 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3
(KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"


Lastly, I'm hoping that having the username and password has parameters
in the URL is part of the issue I'm having. Having those values as
parameters in the URL means that they are logged in both Sunstone logs
and Apache logs. Some what of a security issue/concern.

-- 
Hutson Betts
Computer Science and Engineering
Texas A&M University


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111217/14b4491e/attachment-0001.pgp>


More information about the Users mailing list