[Archivesspace_Users_Group] Problems with oauth plugin

Tom Hanstra hanstra at nd.edu
Thu Jun 2 09:37:04 EDT 2022 

Thanks, Blake. Unfortunately, that did not do it. The install script works
but we still get this complaint about the certificate verification:

I'm attaching the entire error as a separate file. Perhaps someone with
more Ruby understanding will see something in there that I have not. If I
could figure out what certificate/file it is looking at, perhaps I could
track this down. Or maybe it is a red herring and there is something else
going on in there.

Tom

On Wed, Jun 1, 2022 at 5:10 PM Blake Carver <blake.carver at lyrasis.org>
wrote:

> You might try this branch, there was a weird issue with that for a while,
> I think maybe this fixed that?
> https://github.com/lyrasis/aspace-oauth/tree/unlock-address
>
> This was the only change
> https://github.com/lyrasis/aspace-oauth/pull/23/files
>
> That was a while back, so things may have changed since on some of those
> gems.
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Tom
> Hanstra <hanstra at nd.edu>
> *Sent:* Wednesday, June 1, 2022 2:22 PM
> *To:* Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> *Subject:* [Archivesspace_Users_Group] Problems with oauth plugin
>
> I'm having some problems with our Authentication with OKTA which I'm
> trying to understand.
>
> Because of the problems, I've tried reinstalling the oauth plugin
> completely. The first problem I ran into was that the current download of:
>
> https://github.com/lyrasis/aspace-oauth.git
>
> Had a Gemfile containing the line:
>
> gem 'addressable',   '2.8.0'
>
> This caused some gem issues with our 2.81. version of ArchivesSpace
> because 2.8.0 was evidently newer than the 2.7.0 version that is in the
> gems directory. I'm not savvy enough with Ruby to know how to deal with
> that so I simply updated the aspace-oauth Gemvile to read:
>
> gem 'addressable',   '2.7.0'
>
> Not sure if that is legit or not. But it allowed the initialize-plugin
> script to work.
>
> But I'm still running into what was actually the original error we are
> getting. In the archivesspace.out file, we see this error:
>
> --------
> INFO: An exception happened during JRuby-Rack startup
> certificate verify failed
> --- System
> jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 OpenJDK 64-Bit Server VM
> 25.312-b07 on 1.8.0_312-b07 +jit [linux-x86_64]
> Time: 2022-06-01 13:57:45 -0400
> Server: jetty/8.1.5.v20120716
> jruby.home: uri:classloader://META-INF/jruby.home
>
> --- Context Init Parameters:
> jruby.max.runtimes = 1
> jruby.min.runtimes = 1
> public.root = /
> rails.env = production
>
> --- Backtrace
> OpenSSL::SSL::SSLError: certificate verify failed
>                                  connect at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002
>                                 do_start at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924
>                                    start at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913
>                                  request at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465
>
> [and a lot more ruby stuff]
> ----------
>
> There seems to be some certificate that the plugin is not happy about. But
> I cannot determine what certificate it does not like. Both the local
> certificates and the OKTA certificates are valid. So what is the issue?
>
> Anyone seen this before and have ideas?
>
> Thanks,
> Tom
>
>
> --
> *Tom Hanstra*
> *Sr. Systems Administrator*
> hanstra at nd.edu
>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>


-- 
*Tom Hanstra*
*Sr. Systems Administrator*
hanstra at nd.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20220602/2a1e48fd/attachment.html>
-------------- next part --------------
servlet_context = ServletContext at o.e.j.w.WebAppContext{/,file:/home/app/archivesspace/data/tmp/jetty-0.0.0.0-8080-frontend.war-_-any-/webapp/},/home/app/archivesspace/wars/frontend.war
throw_init_exception = false

Jun 02, 2022 9:29:30 AM org.eclipse.jetty.server.handler.ContextHandler$Context log
WARNING: ERROR: initialization failed
org.jruby.rack.RackInitializationException: certificate verify failed
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002:in `connect'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924:in `do_start'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913:in `start'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465:in `request'
	from /home/app/archivesspace/plugins/aspace-oauth/gems/gems/ruby-saml-1.14.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:215:in `get_idp_metadata'
	from /home/app/archivesspace/plugins/aspace-oauth/gems/gems/ruby-saml-1.14.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:105:in `parse_remote_to_array'
	from /home/app/archivesspace/plugins/aspace-oauth/gems/gems/ruby-saml-1.14.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:87:in `parse_remote_to_hash'
	from /home/app/archivesspace/plugins/aspace-oauth/frontend/plugin_init.rb:24:in `block in <main>'
	from org/jruby/RubyArray.java:1809:in `each'
	from /home/app/archivesspace/plugins/aspace-oauth/frontend/plugin_init.rb:19:in `block in <main>'
	from org/jruby/RubyBasicObject.java:2622:in `instance_eval'
	from /home/app/archivesspace/gems/gems/rack-2.2.3/lib/rack/builder.rb:125:in `initialize'
	from /home/app/archivesspace/plugins/aspace-oauth/gems/gems/omniauth-1.7.1/lib/omniauth/builder.rb:6:in `initialize'
	from /home/app/archivesspace/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/stack.rb:37:in `build'
	from /home/app/archivesspace/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/stack.rb:101:in `block in build'
	from org/jruby/RubyArray.java:1809:in `each'
	from org/jruby/RubyEnumerable.java:1126:in `inject'
	from /home/app/archivesspace/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/stack.rb:101:in `build'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/engine.rb:510:in `block in app'
	from org/jruby/ext/thread/Mutex.java:164:in `synchronize'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/engine.rb:506:in `app'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/application/finisher.rb:47:in `block in Finisher'
	from org/jruby/RubyBasicObject.java:2694:in `instance_exec'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/initializable.rb:32:in `run'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/initializable.rb:61:in `block in run_initializers'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:228:in `block in tsort_each'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:350:in `block in each_strongly_connected_component'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:431:in `each_strongly_connected_component_from'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:349:in `block in each_strongly_connected_component'
	from org/jruby/RubyArray.java:1809:in `each'
	from org/jruby/RubyMethod.java:131:in `call'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:347:in `each_strongly_connected_component'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:226:in `tsort_each'
	from uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:205:in `tsort_each'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/initializable.rb:60:in `run_initializers'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/application.rb:361:in `initialize!'
	from org/jruby/RubyKernel.java:1960:in `public_send'
	from /home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/railtie.rb:190:in `method_missing'
	from /home/app/archivesspace/data/tmp/jetty-0.0.0.0-8080-frontend.war-_-any-/webapp/WEB-INF/config/environment.rb:6:in `<main>'
	from org/jruby/RubyKernel.java:974:in `require'
	from uri:classloader:/jruby/rack/rails/environment3.rb:25:in `load_environment'
	from uri:classloader:/jruby/rack/rails_booter.rb:83:in `load_environment'
	from <script>:1:in `<main>'
	from launcher/launcher.rb:92:in `start_server'
	from launcher/launcher.rb:165:in `main'
	from launcher/launcher.rb:261:in `<main>'

	at org.jruby.rack.RackInitializationException.wrap(RackInitializationException.java:29)
	at org.jruby.rack.RackApplicationFactoryDecorator.init(RackApplicationFactoryDecorator.java:104)
	at org.jruby.rack.RackServletContextListener.contextInitialized(RackSrvletContextListener.java:50)
	at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:766)
	at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:406)
	at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:758)
	at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:242)
	at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1233)
	at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:701)
	at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:475)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
	at org.eclipse.jetty.server.handler.HandlerCollection.doStart(HandlerCollection.java:224)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:167)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
	at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:90)
	at org.eclipse.jetty.server.Server.doStart(Server.java:272)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:441)
	at org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:305)
	at org.jruby.java.invokers.InstanceMethodInvoker.call(InstanceMethodInvoker.java:32)
	at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:141)
	at launcher.launcher.invokeOther125:start(launcher/launcher.rb:92)
	at launcher.launcher.RUBY$method$start_server$1(launcher/launcher.rb:92)
	at org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:82)
	at org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:194)
	at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:418)
	at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:236)
	at launcher.launcher.invokeOther223:start_server(launcher/launcher.rb:165)
	at launcher.launcher.RUBY$method$main$6(launcher/launcher.rb:165)
	at org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:158)
	at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:354)
	at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:143)
	at launcher.launcher.invokeOther321:main(launcher/launcher.rb:261)
	at launcher.launcher.RUBY$script(launcher/launcher.rb:261)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.jruby.ir.Compiler$1.load(Compiler.java:89)
	at org.jruby.Ruby.runScript(Ruby.java:1205)
	at org.jruby.Ruby.runNormally(Ruby.java:1128)
	at org.jruby.Ruby.runNormally(Ruby.java:1146)
	at org.jruby.Ruby.runFromMain(Ruby.java:958)
	at org.jruby.Main.doRunFromMain(Main.java:412)
	at org.jruby.Main.internalRun(Main.java:304)
	at org.jruby.Main.run(Main.java:234)
	at org.jruby.Main.main(Main.java:206)
Caused by: org.jruby.exceptions.StandardError: (SSLError) certificate verify failed
	at RUBY.connect(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002)
	at RUBY.do_start(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924)
	at RUBY.start(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913)
	at RUBY.request(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465)
	at RUBY.get_idp_metadata(/home/app/archivesspace/plugins/aspace-oauth/gems/gems/ruby-saml-1.14.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:215)
	at RUBY.parse_remote_to_array(/home/app/archivesspace/plugins/aspace-oauth/gems/gems/ruby-saml-1.14.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:105)
	at RUBY.parse_remote_to_hash(/home/app/archivesspace/plugins/aspace-oauth/gems/gems/ruby-saml-1.14.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:87)
	at RUBY.<main>(/home/app/archivesspace/plugins/aspace-oauth/frontend/plugin_init.rb:24)
	at org.jruby.RubyArray.each(org/jruby/RubyArray.java:1809)
	at RUBY.<main>(/home/app/archivesspace/plugins/aspace-oauth/frontend/plugin_init.rb:19)
	at org.jruby.RubyBasicObject.instance_eval(org/jruby/RubyBasicObject.java:2622)
	at RUBY.initialize(/home/app/archivesspace/gems/gems/rack-2.2.3/lib/rack/builder.rb:125)
	at RUBY.initialize(/home/app/archivesspace/plugins/aspace-oauth/gems/gems/omniauth-1.7.1/lib/omniauth/builder.rb:6)
	at RUBY.build(/home/app/archivesspace/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/stack.rb:37)
	at RUBY.build(/home/app/archivesspace/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/stack.rb:101)
	at org.jruby.RubyArray.each(org/jruby/RubyArray.java:1809)
	at org.jruby.RubyEnumerable.inject(org/jruby/RubyEnumerable.java:1126)
	at RUBY.build(/home/app/archivesspace/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/stack.rb:101)
	at RUBY.app(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/engine.rb:510)
	at org.jruby.ext.thread.Mutex.synchronize(org/jruby/ext/thread/Mutex.java:164)
	at RUBY.app(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/engine.rb:506)
	at RUBY.Finisher(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/application/finisher.rb:47)
	at org.jruby.RubyBasicObject.instance_exec(org/jruby/RubyBasicObject.java:2694)
	at home.app.archivesspace.gems.gems.railties_minus_5_dot_2_dot_4_dot_4.lib.rails.initializable.run(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/initializable.rb:32)
	at home.app.archivesspace.gems.gems.railties_minus_5_dot_2_dot_4_dot_4.lib.rails.initializable.run_initializers(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/initializable.rb:61)
	at uri_3a_classloader_3a_.META_minus_INF.jruby_dot_home.lib.ruby.stdlib.tsort.tsort_each(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:228)
	at uri_3a_classloader_3a_.META_minus_INF.jruby_dot_home.lib.ruby.stdlib.tsort.each_strongly_connected_component(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:350)
	at uri_3a_classloader_3a_.META_minus_INF.jruby_dot_home.lib.ruby.stdlib.tsort.each_strongly_connected_component_from(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:431)
	at uri_3a_classloader_3a_.META_minus_INF.jruby_dot_home.lib.ruby.stdlib.tsort.each_strongly_connected_component(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:349)
	at org.jruby.RubyArray.each(org/jruby/RubyArray.java:1809)
	at org.jruby.RubyMethod.call(org/jruby/RubyMethod.java:131)
	at RUBY.each_strongly_connected_component(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:347)
	at RUBY.tsort_each(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:226)
	at RUBY.tsort_each(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/tsort.rb:205)
	at RUBY.run_initializers(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/initializable.rb:60)
	at RUBY.initialize!(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/application.rb:361)
	at org.jruby.RubyKernel.public_send(org/jruby/RubyKernel.java:1960)
	at RUBY.method_missing(/home/app/archivesspace/gems/gems/railties-5.2.4.4/lib/rails/railtie.rb:190)
	at RUBY.<main>(/home/app/archivesspace/data/tmp/jetty-0.0.0.0-8080-frontend.war-_-any-/webapp/WEB-INF/config/environment.rb:6)
	at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
	at RUBY.load_environment(uri:classloader:/jruby/rack/rails/environment3.rb:25)
	at RUBY.load_environment(uri:classloader:/jruby/rack/rails_booter.rb:83)
	at RUBY.<main>(<script>:1)
	at launcher.launcher.start_server(launcher/launcher.rb:92)
	at launcher.launcher.main(launcher/launcher.rb:165)
	at launcher.launcher.<main>(launcher/launcher.rb:261)

More information about the Archivesspace_Users_Group mailing list