Settingup ood on redhat 7 cluster

Hi Alan et. al.
I have installed the server side on a node. Now when I try to login through local browser (or remote one) using ood@servername and the password I set when I I created local user ood I get login error


Also the access.log reads:

192.168.0.4 - - [30/Nov/2021:12:41:40 -0500] “GET / HTTP/1.1” 302 227 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”
192.168.0.4 - - [30/Nov/2021:12:41:40 -0500] “GET /pun/sys/dashboard HTTP/1.1” 302 454 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”
10.137.233.209 - - [30/Nov/2021:12:44:01 -0500] “GET /pun/sys/dashboard HTTP/1.1” 500 527 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.137.233.209 - - [30/Nov/2021:12:44:52 -0500] “-” 408 - “-” “-”

and error.log:

[Tue Nov 30 12:44:01.131247 2021] [auth_openidc:warn] [pid 221584] [client 10.137.233.209:49322] oidc_clean_expired_state_cookies: state (mod_auth_openidc_state_N_SOrfBS7NYQykLzkFKP0_7legQ) has expired (original_url=http://an-0004.nyumc.org/pun/sys/dashboard)
[Tue Nov 30 12:44:01.131498 2021] [auth_openidc:warn] [pid 221584] [client 10.137.233.209:49322] oidc_clean_expired_state_cookies: state (mod_auth_openidc_state_mSPQqqVBNikQ2NveKP3fL6d1Mrs) has expired (original_url=http://an-0004.nyumc.org/pun/sys/dashboard)
[Tue Nov 30 12:44:01.131616 2021] [auth_openidc:warn] [pid 221584] [client 10.137.233.209:49322] oidc_clean_expired_state_cookies: state (mod_auth_openidc_state_rVbt263s_xEJf6SqAInMv2QfMKU) has expired (original_url=http://an-0004.nyumc.org/pun/sys/dashboard)
[Tue Nov 30 12:44:01.131663 2021] [auth_openidc:error] [pid 221584] [client 10.137.233.209:49322] oidc_authenticate_user: the URL hostname (an-0004.cm.cluster) of the configured OIDCRedirectURI does not match the URL hostname of the URL being accessed (an-0004.nyumc.org): the “state” and “session” cookies will not be shared between the two!

I appreciate your help

Hi Ali.

Could you please use ood@localhost, instead of ood@an-0004.cm.cluster and see if that works?

Thanks,
-gerald

Hi Ali.

the URL hostname (an-0004.cm.cluster) of the configured OIDCRedirectURI does not match the URL hostname of the URL being accessed (an-0004.nyumc.org):

According to the error in the log, it appears that your server hostname is different than that assigned to OIDCRedirectURI

Please check /opt/rh/httpd24/root/etc/httpd/conf.d/auth_openidc.conf and ensure the redirect url matches the url you are navigating to. Or at least the FQDN part of the url.

Hi Gerald,
Is it possible to have a webex? All lines in auth_openidc.conf are commented out.