[one-users] Can't Log Into Sunstone
Hutson Betts
hut101 at tamu.edu
Sun Dec 18 12:16:51 PST 2011
Dear Hector,
Thank you for your reply.
I've included the entire Sunstone log file in my previous e-mail.
Furthermore, I included the entire Apache access log relevant to
Sunstone testing. I checked again, and I wasn't able to find any
relevant entries in the Apache error
log relating to Sunstone.
As you also pointed out, several GET requests did not lead to the
browser downloading CSS or JS files.
In this case:
10.1.0.3 - - [17/Dec/2011 21:12:46] "GET / HTTP/1.1" 200 1518 0.0060
However, as you will see:
10.1.0.3 - - [17/Dec/2011 21:12:48] "GET // HTTP/1.1" 200 1518 0.0016
It did.
That's because the first request, I made was to
https://[server]/sunstone
While the second request was to https://[server]/suntone/
The difference being the slash at the end.
Now, it is odd that the Sunestone log did not show the JS file because
it was downloaded by the browser. I was able to see the JS file in
Chromes Web Developer's Tool.
--
Hutson Betts
Computer Science and Engineering
Texas A&M University
On Sun, 2011-12-18 at 12:19 +0100, Hector Sanjuan wrote:
> Hello Hutson,
>
> It seems to me that your problem happen because some of the javascripts
> are not fetched properly from the server which are needed for correct
> login. I would expect that things like "GET /js/login.js HTTP/1.1" (along
> with opennebula.js and jquery) would appear in the logs, but unless you've
> edited them, it seems they don't.
>
> Did maybe some 404s end up in apache's [error] log? It is a bit strange
> that .css files appear there but not .js files.
>
> Hector
>
>
> En Sun, 18 Dec 2011 04:34:24 +0100, Hutson Betts <hut101 at tamu.edu>
> escribió:
>
> > I'm currently having an issue logging into the Sunstone web interface
> > using Sunstone's basic authentication.
> >
> > Visually, I can see the login panel just fine. However, when I enter in
> > the credentials for the "oneadmin" user and press "Login", I am brought
> > back to the login page with the following URL:
> > https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]
> >
> > Now, my setup is a little convoluted to say the least.
> >
> > My Sunstone configuration file, /etc/one/sunstone-server.conf, is the
> > following:
> > # OpenNebula sever contact information
> > :one_xmlrpc: http://localhost:2633/RPC2
> > # Server Configuration
> > :host: 127.0.0.1
> > :port: 9869
> > :auth: basic
> > # VNC Configuration
> > :vnc_proxy_base_port: 29876
> > :novnc_path: /usr/share/one/noVNC
> >
> > My Apache site configuration file is the following:
> > <IfModule mod_ssl.c>
> > <VirtualHost _default_:443>
> > ...
> > <IfModule mod_proxy.c>
> > <Location /occi>
> > ProxyPass http://localhost:4567/ ttl=60
> > ProxyPassReverse http://localhost:4567/
> > </Location>
> > </IfModule>
> >
> > <IfModule mod_proxy.c>
> > <Location /sunstone>
> > ProxyPass http://localhost:9869/ ttl=60
> > ProxyPassReverse http://localhost:9869/
> > </Location>
> > </IfModule>
> > ...
> >
> > I know the site configuration works just fine when interacting with the
> > OCCI proxy.
> >
> > To gain access to the Sunstone server, I have to use SSH
> > port-forwarding:
> > ssh -A -L 9999:[OPENNEBULA SERVER]:443 [USERNAME]@[SERVER]
> >
> >
> > The Sunstone log file shows the following:
> > == Sinatra/1.3.1 has taken the stage on 9869 for development with backup
> > from Thin
> > 10.1.0.3 - - [17/Dec/2011 21:12:46] "GET / HTTP/1.1" 200 1518 0.0060
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET // HTTP/1.1" 200 1518 0.0016
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //css/login.css HTTP/1.1" 200
> > 4056 0.0026
> > 10.1.0.3 - - [17/Dec/2011 21:12:48]
> > "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0014
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/panel.png HTTP/1.1"
> > 200 5227 0.0018
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/login.png HTTP/1.1"
> > 200 4097 0.0011
> > 10.1.0.3 - - [17/Dec/2011 21:12:51] "GET //images/login.png HTTP/1.1"
> > 200 4097 0.0013
> > 10.1.0.3 - - [17/Dec/2011 21:12:52] "GET //images/panel.png HTTP/1.1"
> > 200 5227 0.0024
> > 10.1.0.3 - - [17/Dec/2011 21:12:52]
> > "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0013
> > 10.1.0.3 - - [17/Dec/2011 21:12:58] "GET //images/login_over.png
> > HTTP/1.1" 200 4351 0.0013
> > 10.1.0.3 - - [17/Dec/2011 21:12:59]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0017
> > 10.1.0.3 - - [17/Dec/2011 21:13:11]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0019
> > 127.0.0.1 - - [17/Dec/2011 21:19:14]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0018
> > 10.1.0.3 - - [17/Dec/2011 21:21:13]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0016
> > 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //css/login.css HTTP/1.1" 200
> > 4056 0.0011
> > 10.1.0.3 - - [17/Dec/2011 21:21:13]
> > "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0012
> > 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/panel.png HTTP/1.1"
> > 200 5227 0.0012
> > 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/login.png HTTP/1.1"
> > 200 4097 0.0016
> >
> >
> > Apache log files on the server hosting Sunstone:
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 9461
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600] "GET /sunstone/css/login.css
> > HTTP/1.1" 200 1428
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/images/opennebula-sunstone-big.png HTTP/1.1" 200 8223
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/images/panel.png HTTP/1.1" 200 3146
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/images/login.png HTTP/1.1" 200 3450
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:14 -0600] "GET /favicon.ico HTTP/1.1"
> > 403 404 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3
> > (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> >
> > Lastly, I'm hoping that having the username and password has parameters
> > in the URL is part of the issue I'm having. Having those values as
> > parameters in the URL means that they are logged in both Sunstone logs
> > and Apache logs. Some what of a security issue/concern.
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111218/9b38becd/attachment-0002.pgp>
More information about the Users
mailing list