[one-users] Sunstone expired token issue using x509

[Steven Timm]

We saw this happen too, they gave us a patch to expand the token
to 1 hour--if you want details we can dig them up and send them.
It's just changing one argument in one of the ruby files.

Steve Timm


On Wed, 16 Nov 2011, Emmanuel Mathot wrote:

> Hello,
>
> I configured (a bit painfully but successfully) all the authentication mechanism with X509 either from CLI or sunstone (SSL proxy).
> Unfortunately from the cloud operations center, the token generated by sunstone (not sure) does not last very long and after a very short time (2min?), it is necessary to reload the page from the browser in order to recreate a token.
>
> oned.log:
>
> Wed Nov 16 17:32:35 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 668 login token expired
>
> Wed Nov 16 17:32:35 2011 [AuM][E]: Auth Error: login token expired
> Wed Nov 16 17:32:35 2011 [ReM][E]: [HostPoolInfo] User couldn't be authenticated, aborting call.
> Wed Nov 16 17:32:47 2011 [ReM][D]: ImagePoolInfo method invoked
> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG I 669 Command execution fail: /var/lib/one/remotes/auth/server/authenticate emathot <DN>  <token>
>
> Wed Nov 16 17:32:47 2011 [AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server/authenticate emathot <DN>  <token>
> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG E 669 login token expired
>
> Wed Nov 16 17:32:47 2011 [AuM][I]: login token expired
> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG I 669 ExitCode: 255
>
> Is there any way to increase this token expiration time?
>
> Regards,
>
> Emmanuel Mathot

-- 
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm at fnal.gov  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Group Leader.
Lead of FermiCloud project.