Incident #13162: Bad Request message from the server if I try to access the VRE using the EOSC AAI service. - D4Science Infrastructure - D4science

Custom queries

03. VRE Plan
04. All Projects Deliverables
04. All Projects Milestones
06. D4Science Projects Activities
All open Issues
D4Science Infrastructure Upgrade
My InProgress Tasks
My Paused Tasks
My Watched Tasks
Not Closed Assigned To Me
Not Closed Assigned To Me (No Releases, No Project Tasks)
Not Closed Opened by Me
Open Issues
Upgrade Plan
Upgrade Plan Clear

Actions

Copy link

Incident #13162

closed

Bad Request message from the server if I try to access the VRE using the EOSC AAI service.

Added by Massimiliano Assante over 6 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

High

Assignee:

_InfraScience Systems Engineer

Category:

Other

Target version:

UnSprintable

Start date:

Jan 17, 2019

Due date:

% Done:

100%

Estimated time:

Infrastructure:

Production

Description

The issue was reported from @giuseppe.larocca@egi.eu

I kindly ask Giuseppe to provide more details about the issue encountered.

Files

Download all files

Landing page 1.png (177 KB) Landing page 1.png		Massimiliano Assante, Jan 17, 2019 05:10 PM
Landing page 2.png (113 KB) Landing page 2.png		Massimiliano Assante, Jan 17, 2019 05:10 PM
EGI User Account.png (248 KB) EGI User Account.png		Massimiliano Assante, Jan 17, 2019 05:10 PM
Landing page 1.png (177 KB) Landing page 1.png		Massimiliano Assante, Jan 17, 2019 05:43 PM
EGI User Account.png (248 KB) EGI User Account.png		Massimiliano Assante, Jan 17, 2019 05:43 PM
Landing page 2.png (113 KB) Landing page 2.png		Massimiliano Assante, Jan 17, 2019 05:43 PM

History
Notes
Property changes

Actions

Copy link

Updated by Andrea Dell'Amico over 6 years ago

Yes, we need details because I cannot reproduce it. I just tried logging in using Google as the authentication provider and it worked.
Also, nothing changed on our side since we introduced the functionality.

Actions

Copy link

Updated by Giuseppe La Rocca over 6 years ago

Hi,

If I access directly with Google IdP, it works. The server replies with a Bad Request message when I try to access with the EOSC AAI (and select EGI SSO as IdP).

Cheers, Giuseppe

Actions

Copy link

Updated by Massimiliano Assante over 6 years ago

Status changed from New to In Progress
% Done changed from 0 to 50

Giuseppe I think there might be issues with EGI SSO only. At least in my case when I try to access with the EOSC AAI (and select EGI SSO as IdP).

To show you the issue better I realised 3 very small videos accessing with the EOSC AAI and selecting 3 different IdP, namely CNR, ORCID and EGI SSO. You will see that in the case of EGI SSO there is no error but there is no redirect to D4Science.

Please find the videos in the following:

National Research Council (CNR): https://www.screencast.com/t/G4hKdjous
ORCiD: https://www.screencast.com/t/n5BOsBHQPXFX
EGI SSO: https://www.screencast.com/t/0EDaotRVTh

Please let us know what could be the issue in this case

Actions

Copy link

Updated by Giuseppe La Rocca over 6 years ago

I've asked other EGI colleagues to login with their SSO accounts. All of them have the same issue, even if they have cleaned the cache of of their browsers. I will ask Nicolas Liampotis whether there are any errors in the server log. I will keep you posted.

About your last video, since it is the first time that you've used your EGI SSO account to login, you are not member of the EGI community yet. You should complete the subscription, following the registration process as indicated by the EGI AAI service.

Actions

Copy link

Updated by Massimiliano Assante over 6 years ago

File Landing page 1.png Landing page 1.png added
File Landing page 2.png Landing page 2.png added
File EGI User Account.png EGI User Account.png added

Actions

Copy link

Updated by Massimiliano Assante over 6 years ago

File EGI User Account.png EGI User Account.png added
File Landing page 1.png Landing page 1.png added
File Landing page 2.png Landing page 2.png added

About your last video, since it is the first time that you've used your EGI SSO account to login, you are not member of the EGI community yet. You should complete the subscription, following the registration process as indicated by the EGI AAI service.

Thank you @giuseppe.larocca@egi.eu for looking into this, to check also what is happening on out side I'm trying to finalise the EGI SSO account, but even if it seems to me (see attached image) that Im affiliated as Member I still don't get redirected. I arrive to the page of the video and the menu above suggested don't help in letting me trough.See landing page 1 and 2 files attached.

Actions

Copy link

Updated by Andrea Dell'Amico over 6 years ago

Status changed from In Progress to Closed
% Done changed from 50 to 100

The error was due to a very big eduPersonEntitlement field. To make the account work, on @nikosev@admin.grnet.gr suggestion, I commented the ‘eduPersonEntitlement’ in the shibboleth attribute map.

We could enable that entry again when we are able to process bigger requests. A couple of suggestions:
http://tomcat.apache.org/connectors-doc/reference/workers.html (suited for mod_jk, that we do not use)
https://stackoverflow.com/a/1730514/7110280

For reference, the errors in the apache logs were:

[Thu Jan 17 16:10:54.289677 2019] [proxy_ajp:error] [pid 10609:tid 139679930476288] (120001)APR does not understand this error code: [client 146.48.122.115:42344] AH00868: request failed to (null) (*), referer: https://aai.egi.eu/proxy/module.php/consent/getconsent.php?saveconsent=1&StateId=_d8af67daf37ff23261a989258c3e3601bfe4005a39%3Ahttps%3A%2F%2Faai.egi.eu%2Fproxy%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fshibbolet-sp.d4science.org%252Fshibboleth%26cookieTime%3D1547737834%26RelayState%3Dss%253Amem%253A63571de49c596979a5344a19639e92a1a86a699d07d2a4c8cef1dfbddd0f5399&yes=

[Fri Jan 18 13:18:42.804806 2019] [proxy_ajp:error] [pid 10609:tid 139679642904320] [client 146.48.122.115:48077] AH00981: ajp_marshal_into_msgb: Error appending attribute AJP_eduPersonEntitlement=urn:mace:egi.eu:group:eosc-hub-all#sso.egi.eu;urn:mace:egi.eu:group:ssb#sso.egi.eu;urn:mace:egi.eu:group:EO-PoC#sso.egi.eu;urn:mace:egi.eu:group:egi-software-provisioning-support#sso.egi.eu;urn:mace:egi.eu:group:change-mgmnt#sso.egi.eu;urn:mace:egi.eu:group:ims-so#sso.egi.eu;urn:mace:egi.eu:group:tcb-cloud#sso.egi.eu;urn:mace:egi.eu:group:openstack-occi-support#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-members#sso.egi.eu;urn:mace:egi.eu:group:vm-operators#sso.egi.eu;urn:mace:egi.eu:group:staged-rollout#sso.egi.eu;urn:mace:egi.eu:group:techops#sso.egi.eu;urn:mace:egi.eu:group:cc-lifewatch#sso.egi.eu;urn:mace:egi.eu:group:sw-rel-qc#sso.egi.eu;urn:mace:egi.eu:group:cloud-compute#sso.egi.eu;urn:mace:egi.eu:group:cc-disastermitigation#sso.egi.eu;urn:mace:egi.eu:group:egi-eudat#sso.egi.eu;urn:mace:egi.eu:group:fc-information-discovery#sso.egi.eu;urn:mace:egi.eu:group:cc-epos#sso.egi.eu;urn:mace:egi.eu:group:service-orders#sso.egi.eu;urn:mace:egi.eu:group:vt-feddata#sso.egi.eu;urn:mace:egi.eu:group:sw-rel-sr#sso.egi.eu;urn:mace:egi.eu:group:svg-rat#sso.egi.eu;urn:mace:egi.eu:group:cc-dariah#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp4#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp6#sso.egi.eu;urn:mace:egi.eu:group:umd-team#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-tf#sso.egi.eu;urn:mace:egi.eu:group:fondacloud#sso.egi.eu;urn:mace:egi.eu:group:fc-federated-aai#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-devel#sso.egi.eu;urn:mace:egi.eu:group:EOSC-hub-access#sso.egi.eu;urn:mace:egi.eu:group:UCB-discuss#sso.egi.eu;urn:mace:egi.eu:group:fc-usersupport#sso.egi.eu;urn:mace:egi.eu:group:cc-elixir#sso.egi.eu;urn:mace:egi.eu:group:csirt#sso.egi.eu;urn:mace:egi.eu:group:noc-managers#sso.egi.eu;urn:mace:egi.eu:group:nagios-discuss#sso.egi.eu;urn:mace:egi.eu:group:ggus-authors#sso.egi.eu;urn:mace:egi.eu:group:cc-bbmri#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp6.1#sso.egi.eu;urn:mace:egi.eu:group:vt-funded-all#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp4.3#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp4.2#sso.egi.eu;urn:mace:egi.eu:group:appdb-atb#sso.egi.eu;urn:mace:egi.eu:group:VM-image-endorsement#sso.egi.eu;urn:mace:egi.eu:group:service-request#sso.egi.eu;urn:mace:egi.eu:group:urt-discuss#sso.egi.eu;urn:mace:egi.eu:group:ngi-international-liaisons#sso.egi.eu;urn:mace:egi.eu:group:tcb-coreinfrastructure#sso.egi.eu;urn:mace:egi.eu:group:hbp#sso.egi.eu;urn:mace:egi.eu:group:vm-endorsers#sso.egi.eu;urn:mace:egi.eu:group:esa-teiss#sso.egi.eu;urn:mace:egi.eu:group:notebooks-support#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-security-contact#sso.egi.eu;urn:mace:egi.eu:group:cloud-compute_watchers#sso.egi.eu;urn:mace:egi.eu:group:mpi-support#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-users#sso.egi.eu;urn:mace:egi.eu:group:galaxy-jupyter-pilots#sso.egi.eu;urn:mace:egi.eu:group:vt-gapf#sso.egi.eu;urn:mace:egi.eu:group:wiki-editors#sso.egi.eu;urn:mace:egi.eu:group:report-vulnerability#sso.egi.eu;urn:mace:egi.eu:group:egi-emso#sso.egi.eu;urn:mace:egi.eu:group:inspire-members#sso.egi.eu;urn:mace:egi.eu:group:sw-rel-admin#sso.egi.eu;urn:mace:egi.eu:group:engage-report#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-integration#sso.egi.eu;urn:mace:egi.eu:group:egi-pay-for-use#sso.egi.eu;urn:mace:egi.eu:group:author-e#sso.egi.eu;urn:mace:egi.eu:group:Copernicus-EGI#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp6.2#sso.egi.eu;urn:mace:egi.eu:group:vt-funded-leaders#sso.egi.eu;urn:mace:egi.eu:group:TCB-AAI#sso.egi.eu;urn:mace:egi.eu:group:inspire-sa1#sso.egi.eu;urn:mace:egi.eu:group:tcb-discuss#sso.egi.eu;urn:mace:egi.eu:group:otag#sso.egi.eu;urn:mace:egi.eu:group:EGI-Security-Assessment#sso.egi.eu;urn:mace:egi.eu:group:cc-mobrain#sso.egi.eu;urn:mace:egi.eu:group:eduroam#sso.egi.eu;urn:mace:egi.eu:group:fc-vm-management#sso.egi.eu;urn:mace:egi.eu:group:ict7-editorial-board#sso.egi.eu;urn:mace:egi.eu:group:office#sso.egi.eu;urn:mace:egi.eu:group:technical-support-cases#sso.egi.eu;urn:mace:egi.eu:group:requirements#sso.egi.eu;urn:mace:egi.eu:group:cloud#sso.egi.eu;urn:mace:egi.eu:group:spg-discuss#sso.egi.eu;urn:mace:egi.eu:group:cc-eiscat3d#sso.egi.eu;urn:mace:egi.eu:group:slipstream#sso.egi.eu;urn:mace:egi.eu:group:svg-discuss#sso.egi.eu;urn:mace:egi.eu:group:fc-vm-image-management#sso.egi.eu;urn:mace:egi.eu:group:IMS#sso.egi.eu;urn:mace:egi.eu:www.egi.eu:eosc-hub-all:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ssb:member@egi.eu;urn:mace:egi.eu:www.egi.eu:EO-PoC:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-software-provisioning-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:change-mgmnt:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ims-so:member@egi.eu;urn:mace:egi.eu:www.egi.eu:tcb-cloud:member@egi.eu;urn:mace:egi.eu:www.egi.eu:openstack-occi-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-members:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vm-operators:member@egi.eu;urn:mace:egi.eu:www.egi.eu:staged-rollout:member@egi.eu;urn:mace:egi.eu:www.egi.eu:techops:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-lifewatch:member@egi.eu;urn:mace:egi.eu:www.egi.eu:sw-rel-qc:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cloud-compute:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-disastermitigation:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-eudat:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fc-information-discovery:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-epos:member@egi.eu;urn:mace:egi.eu:www.egi.eu:service-orders:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vt-feddata:member@egi.eu;urn:mace:egi.eu:www.egi.eu:sw-rel-sr:member@egi.eu;urn:mace:egi.eu:www.egi.eu:svg-rat:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-dariah:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp4:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp6:member@egi.eu;urn:mace:egi.eu:www.egi.eu:umd-team:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-tf:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fondacloud:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fc-federated-aai:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-devel:member@egi.eu;urn:mace:egi.eu:www.egi.eu:EOSC-hub-access:member@egi.eu;urn:mace:egi.eu:www.egi.eu:UCB-discuss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fc-usersupport:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-elixir:member@egi.eu;urn:mace:egi.eu:www.egi.eu:csirt:member@egi.eu;urn:mace:egi.eu:www.egi.eu:noc-managers:member@egi.eu;urn:mace:egi.eu:www.egi.eu:nagios-discuss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ggus-authors:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-bbmri:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp6.1:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vt-funded-all:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp4.3:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp4.2:member@egi.eu;urn:mace:egi.eu:www.egi.eu:appdb-atb:member@egi.eu;urn:mace:egi.eu:www.egi.eu:VM-image-endorsement:member@egi.eu;urn:mace:egi.eu:www.egi.eu:service-request:member@egi.eu;urn:mace:egi.eu:www.egi.eu:urt-discuss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ngi-international-liaisons:member@egi.eu;urn:mace:egi.eu:www.egi.eu:tcb-coreinfrastructure:member@egi.eu;urn:mace:egi.eu:www.egi.eu:hbp:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vm-endorsers:member@egi.eu;urn:mace:egi.eu:www.egi.eu:esa-teiss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:notebooks-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-security-contact:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cloud-compute_watchers:member@egi.eu;urn:mace:egi.eu:www.egi.eu:mpi-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-users:member@egi.eu;urn:mace:egi.eu:www.egi.eu:galaxy-jupyter-pilots:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vt-gapf:member@egi.eu;urn:mace:egi.eu:www.egi.eu:wiki-editors:member@egi.eu;urn:mace:egi.eu:www.egi.eu:report-vulnerability:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-emso:member@egi.eu;urn:mace:egi.eu:www.egi.eu:inspire-members:member@egi.eu;urn:mace:egi.eu:www.egi.eu:sw-rel-admin:member@egi.eu;urn:mace:egi.eu:www.egi.eu:engage-report:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-integration:member@egi.eu;urn:mace:egi

[Fri Jan 18 13:18:42.807093 2019] [proxy_ajp:error] [pid 10609:tid 139679642904320] [client 146.48.122.115:48077] AH00988: ajp_send_header: ajp_marshal_into_msgb failed, referer: https://aai.egi.eu/proxy/module.php/consent/getconsent.php?StateId=_49534374c6d0c72f7a35b8a2d9504da9d042547648%3Ahttps%3A%2F%2Faai.egi.eu%2Fproxy%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fshibbolet-sp.d4science.org%252Fshibboleth%26cookieTime%3D1547813916%26RelayState%3Dss%253Amem%253A1cf945f841cfe5f205b76a4703aa2d46a9c80e35aeae1252760c5f6f36fd8781&yes=

[Fri Jan 18 13:18:42.807103 2019] [proxy_ajp:error] [pid 10609:tid 139679642904320] (120001)APR does not understand this error code: [client 146.48.122.115:48077] AH00868: request failed to (null) (*), referer: https://aai.egi.eu/proxy/module.php/consent/getconsent.php?StateId=_49534374c6d0c72f7a35b8a2d9504da9d042547648%3Ahttps%3A%2F%2Faai.egi.eu%2Fproxy%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fshibbolet-sp.d4science.org%252Fshibboleth%26cookieTime%3D1547813916%26RelayState%3Dss%253Amem%253A1cf945f841cfe5f205b76a4703aa2d46a9c80e35aeae1252760c5f6f36fd8781&yes=

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

D4Science Infrastructure

Custom queries

Incident #13162

Bad Request message from the server if I try to access the VRE using the EOSC AAI service.

Updated by Andrea Dell'Amico over 6 years ago

Updated by Giuseppe La Rocca over 6 years ago

Updated by Massimiliano Assante over 6 years ago

Updated by Giuseppe La Rocca over 6 years ago

Updated by Massimiliano Assante over 6 years ago

Updated by Massimiliano Assante over 6 years ago

Updated by Andrea Dell'Amico over 6 years ago