[Archivesspace_Users_Group] Problems with oauth plugin
Blake Carver
blake.carver at lyrasis.org
Thu Jun 2 20:43:31 EDT 2022
add this:
verify_ssl: false,
To you config, after metadata_parser_url and above the config: {
So it'll look something like this:
metadata_parser_url: "https://someloginurl.example",
verify_ssl: false,
config: {
blah blah blah
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Tom Hanstra <hanstra at nd.edu>
Sent: Thursday, June 2, 2022 9:37 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] Problems with oauth plugin
Thanks, Blake. Unfortunately, that did not do it. The install script works but we still get this complaint about the certificate verification:
I'm attaching the entire error as a separate file. Perhaps someone with more Ruby understanding will see something in there that I have not. If I could figure out what certificate/file it is looking at, perhaps I could track this down. Or maybe it is a red herring and there is something else going on in there.
Tom
On Wed, Jun 1, 2022 at 5:10 PM Blake Carver <blake.carver at lyrasis.org<mailto:blake.carver at lyrasis.org>> wrote:
You might try this branch, there was a weird issue with that for a while, I think maybe this fixed that?
https://github.com/lyrasis/aspace-oauth/tree/unlock-address
This was the only change
https://github.com/lyrasis/aspace-oauth/pull/23/files
That was a while back, so things may have changed since on some of those gems.
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> on behalf of Tom Hanstra <hanstra at nd.edu<mailto:hanstra at nd.edu>>
Sent: Wednesday, June 1, 2022 2:22 PM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] Problems with oauth plugin
I'm having some problems with our Authentication with OKTA which I'm trying to understand.
Because of the problems, I've tried reinstalling the oauth plugin completely. The first problem I ran into was that the current download of:
https://github.com/lyrasis/aspace-oauth.git
Had a Gemfile containing the line:
gem 'addressable', '2.8.0'
This caused some gem issues with our 2.81. version of ArchivesSpace because 2.8.0 was evidently newer than the 2.7.0 version that is in the gems directory. I'm not savvy enough with Ruby to know how to deal with that so I simply updated the aspace-oauth Gemvile to read:
gem 'addressable', '2.7.0'
Not sure if that is legit or not. But it allowed the initialize-plugin script to work.
But I'm still running into what was actually the original error we are getting. In the archivesspace.out file, we see this error:
--------
INFO: An exception happened during JRuby-Rack startup
certificate verify failed
--- System
jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 OpenJDK 64-Bit Server VM 25.312-b07 on 1.8.0_312-b07 +jit [linux-x86_64]
Time: 2022-06-01 13:57:45 -0400
Server: jetty/8.1.5.v20120716
jruby.home: uri:classloader://META-INF/jruby.home
--- Context Init Parameters:
jruby.max.runtimes = 1
jruby.min.runtimes = 1
public.root = /
rails.env = production
--- Backtrace
OpenSSL::SSL::SSLError: certificate verify failed
connect at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002
do_start at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924
start at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913
request at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465
[and a lot more ruby stuff]
----------
There seems to be some certificate that the plugin is not happy about. But I cannot determine what certificate it does not like. Both the local certificates and the OKTA certificates are valid. So what is the issue?
Anyone seen this before and have ideas?
Thanks,
Tom
--
Tom Hanstra
Sr. Systems Administrator
hanstra at nd.edu<mailto:hanstra at nd.edu>
[https://ci3.googleusercontent.com/mail-sig/AIorK4wQjvBdM9TFi5bR5RBsq_1dY3HTxh-Kg_4W690bwTCSKeVGyazMoj0wdmkNgJ0kfjeRnparhiw]
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org<mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
--
Tom Hanstra
Sr. Systems Administrator
hanstra at nd.edu<mailto:hanstra at nd.edu>
[https://ci3.googleusercontent.com/mail-sig/AIorK4wQjvBdM9TFi5bR5RBsq_1dY3HTxh-Kg_4W690bwTCSKeVGyazMoj0wdmkNgJ0kfjeRnparhiw]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20220603/f94df7aa/attachment.html>
More information about the Archivesspace_Users_Group
mailing list