[one-users] Sunstone expired token issue using x509

Ruben S. Montero rubensm at dacya.ucm.es
Wed Nov 16 14:27:04 PST 2011


Hi

Look for X509CloudAuth.rb and line 103

       @token = auth.login_token(username, subjectname, 300)

the 300 is the expiration time in secs (5 min). Change it to whatever
suits your needs

Just wanted to let you know that we have reworked this to better deal
with session expiration times and caching to better scale the
server... This new feature is ready for the next pre-release of
OpenNebula 3.2 this Friday. This has been done also thanks to the
feedback and comments of Steven's team...

Cheers

Ruben

On Wed, Nov 16, 2011 at 5:58 PM, Emmanuel Mathot
<emmanuel.mathot at gmail.com> wrote:
> That would be very useful. If at least we can specify a validity time, this is fine.
>
> Thank you.
>
>
> On 16 Nov 2011, at 17:42, Steven Timm wrote:
>
>> We saw this happen too, they gave us a patch to expand the token
>> to 1 hour--if you want details we can dig them up and send them.
>> It's just changing one argument in one of the ruby files.
>>
>> Steve Timm
>>
>>
>> On Wed, 16 Nov 2011, Emmanuel Mathot wrote:
>>
>>> Hello,
>>>
>>> I configured (a bit painfully but successfully) all the authentication mechanism with X509 either from CLI or sunstone (SSL proxy).
>>> Unfortunately from the cloud operations center, the token generated by sunstone (not sure) does not last very long and after a very short time (2min?), it is necessary to reload the page from the browser in order to recreate a token.
>>>
>>> oned.log:
>>>
>>> Wed Nov 16 17:32:35 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 668 login token expired
>>>
>>> Wed Nov 16 17:32:35 2011 [AuM][E]: Auth Error: login token expired
>>> Wed Nov 16 17:32:35 2011 [ReM][E]: [HostPoolInfo] User couldn't be authenticated, aborting call.
>>> Wed Nov 16 17:32:47 2011 [ReM][D]: ImagePoolInfo method invoked
>>> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG I 669 Command execution fail: /var/lib/one/remotes/auth/server/authenticate emathot <DN>  <token>
>>>
>>> Wed Nov 16 17:32:47 2011 [AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server/authenticate emathot <DN>  <token>
>>> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG E 669 login token expired
>>>
>>> Wed Nov 16 17:32:47 2011 [AuM][I]: login token expired
>>> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG I 669 ExitCode: 255
>>>
>>> Is there any way to increase this token expiration time?
>>>
>>> Regards,
>>>
>>> Emmanuel Mathot
>>
>> --
>> ------------------------------------------------------------------
>> Steven C. Timm, Ph.D  (630) 840-8525
>> timm at fnal.gov  http://home.fnal.gov/~timm/
>> Fermilab Computing Division, Scientific Computing Facilities,
>> Grid Facilities Department, FermiGrid Services Group, Group Leader.
>> Lead of FermiCloud project.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>



-- 
Dr. Ruben Santiago Montero
Associate Professor (Profesor Titular), Complutense University of Madrid

URL: http://dsa-research.org/doku.php?id=people:ruben
Weblog: http://blog.dsa-research.org/?author=7



More information about the Users mailing list