[Archivesspace_Users_Group] Problems with oauth plugin

Tom Hanstra hanstra at nd.edu
Mon Jun 6 11:38:42 EDT 2022 

Blake and Peter,

Thanks for pointing me in the right direction. I could not see any reason
why our OKTA metadata URL would be complaining, but Blake's suggestion
allows us to bypass that piece (at least for now). Authentication through
OKTA is back up and working for us now.

Tom

On Thu, Jun 2, 2022 at 8:43 PM Blake Carver <blake.carver at lyrasis.org>
wrote:

> add this:
>   verify_ssl: false,
> To you config, after metadata_parser_url and above the config: {
>
> So it'll look something like this:
>
>     metadata_parser_url: "https://someloginurl.example",
>     verify_ssl: false,
>     config: {
>        blah blah blah
>
>
>
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Tom
> Hanstra <hanstra at nd.edu>
> *Sent:* Thursday, June 2, 2022 9:37 AM
> *To:* Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> *Subject:* Re: [Archivesspace_Users_Group] Problems with oauth plugin
>
> Thanks, Blake. Unfortunately, that did not do it. The install script works
> but we still get this complaint about the certificate verification:
>
> I'm attaching the entire error as a separate file. Perhaps someone with
> more Ruby understanding will see something in there that I have not. If I
> could figure out what certificate/file it is looking at, perhaps I could
> track this down. Or maybe it is a red herring and there is something else
> going on in there.
>
> Tom
>
> On Wed, Jun 1, 2022 at 5:10 PM Blake Carver <blake.carver at lyrasis.org>
> wrote:
>
> You might try this branch, there was a weird issue with that for a while,
> I think maybe this fixed that?
> https://github.com/lyrasis/aspace-oauth/tree/unlock-address
>
> This was the only change
> https://github.com/lyrasis/aspace-oauth/pull/23/files
>
> That was a while back, so things may have changed since on some of those
> gems.
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Tom
> Hanstra <hanstra at nd.edu>
> *Sent:* Wednesday, June 1, 2022 2:22 PM
> *To:* Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> *Subject:* [Archivesspace_Users_Group] Problems with oauth plugin
>
> I'm having some problems with our Authentication with OKTA which I'm
> trying to understand.
>
> Because of the problems, I've tried reinstalling the oauth plugin
> completely. The first problem I ran into was that the current download of:
>
> https://github.com/lyrasis/aspace-oauth.git
>
> Had a Gemfile containing the line:
>
> gem 'addressable',   '2.8.0'
>
> This caused some gem issues with our 2.81. version of ArchivesSpace
> because 2.8.0 was evidently newer than the 2.7.0 version that is in the
> gems directory. I'm not savvy enough with Ruby to know how to deal with
> that so I simply updated the aspace-oauth Gemvile to read:
>
> gem 'addressable',   '2.7.0'
>
> Not sure if that is legit or not. But it allowed the initialize-plugin
> script to work.
>
> But I'm still running into what was actually the original error we are
> getting. In the archivesspace.out file, we see this error:
>
> --------
> INFO: An exception happened during JRuby-Rack startup
> certificate verify failed
> --- System
> jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 OpenJDK 64-Bit Server VM
> 25.312-b07 on 1.8.0_312-b07 +jit [linux-x86_64]
> Time: 2022-06-01 13:57:45 -0400
> Server: jetty/8.1.5.v20120716
> jruby.home: uri:classloader://META-INF/jruby.home
>
> --- Context Init Parameters:
> jruby.max.runtimes = 1
> jruby.min.runtimes = 1
> public.root = /
> rails.env = production
>
> --- Backtrace
> OpenSSL::SSL::SSLError: certificate verify failed
>                                  connect at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002
>                                 do_start at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924
>                                    start at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913
>                                  request at
> uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465
>
> [and a lot more ruby stuff]
> ----------
>
> There seems to be some certificate that the plugin is not happy about. But
> I cannot determine what certificate it does not like. Both the local
> certificates and the OKTA certificates are valid. So what is the issue?
>
> Anyone seen this before and have ideas?
>
> Thanks,
> Tom
>
>
> --
> *Tom Hanstra*
> *Sr. Systems Administrator*
> hanstra at nd.edu
>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
>
>
> --
> *Tom Hanstra*
> *Sr. Systems Administrator*
> hanstra at nd.edu
>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>


-- 
*Tom Hanstra*
*Sr. Systems Administrator*
hanstra at nd.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20220606/abe09f1a/attachment.html>

More information about the Archivesspace_Users_Group mailing list