cf-charmers team mailing list archive

Thread
Date

Re: SSO / Service Broker test failures

To: Cory Johns <cory.johns@xxxxxxxxxxxxx>
From: Matthew Kocher <mkocher@xxxxxxxxxx>
Date: Fri, 15 Aug 2014 16:04:42 -0700
Cc: "cf-charmers@xxxxxxxxxxxxxxxxxxx" <cf-charmers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAOnY7SPWj-keHpZw8gUkFyEc=Nz6sofLvRA6OzmYvr7=ncxtDw@mail.gmail.com>

Glad to hear it's working. Service brokers that are provisioning services
with administrative web interfaces need to be approved clients in UAA so
users can sign into the web interface using their CF account.


On Fri, Aug 15, 2014 at 3:48 PM, Cory Johns <cory.johns@xxxxxxxxxxxxx>
wrote:

> Matthew,
>
> Thank you very much.  We still don't understand the role of those
> clients, but that fixed our issue and we now have a fully passing
> deployment of 175.
>
> On Fri, Aug 15, 2014 at 2:24 PM, Matthew Kocher <mkocher@xxxxxxxxxx>
> wrote:
> > I'm not too familiar with those tests, but my first guess would be that
> > there is a missing client in the UAA configuration. In the spiff
> generated
> > bosh templates there is a 'servicesmgmt' client which is where I'd start
> > looking first.
> >
> >
> > On Thu, Aug 14, 2014 at 10:48 AM, Cory Johns <cory.johns@xxxxxxxxxxxxx>
> > wrote:
> >>
> >> We're down to two tests failing in CATS, and would like to request
> >> some assistance from our friends at Pivotal.
> >>
> >> The failures seem to stem from the same issue, specifically that
> >> OAuth2 authorization against a service broker fail.  The specific
> >> tests that are failing are:
> >>
> >> * SSO Lifecycle When a service broker is created [It] can perform an
> >> operation on a user's behalf using sso
> >> * SSO Lifecycle When a service broker is updated [It] can perform an
> >> operation on a user's behalf using sso
> >>
> >> The test failure outputs can be found respectively at:
> >>
> >> * http://pastebin.ubuntu.com/8047028/
> >> * http://pastebin.ubuntu.com/8046470/
> >>
> >> The tests both first fail on the shelpers.RequestScopes(...) lines,
> >> with the requests to http://login.<domain>/oauth/authorize returning a
> >> 401 response (at lines 311 and 363, respectively, in the test
> >> outputs).
> >>
> >> (Note: The Expect checking around those calls is slightly flawed and
> >> the tests continue further before ultimately failing.  Specifically,
> >> in RequestScopes, authCode is pre-initialized to `initialized` so will
> >> never be nil, and neither is the returned httpCode checked in the test
> >> case to ensure the RequestScope call was successful.)
> >>
> >> We have a deployment up (of release 175) that we can give access to,
> >> with the service brokers available to test against.  We would
> >> appreciate any assistance that can be provided, as these are the only
> >> tests we are missing from having a fully passing deployment.
> >>
> >>
> >> Thanks,
> >> Cory
> >>
> >> --
> >> Mailing list: https://launchpad.net/~cf-charmers
> >> Post to     : cf-charmers@xxxxxxxxxxxxxxxxxxx
> >> Unsubscribe : https://launchpad.net/~cf-charmers
> >> More help   : https://help.launchpad.net/ListHelp
> >
> >
>

References

SSO / Service Broker test failures
From: Cory Johns, 2014-08-14
Re: SSO / Service Broker test failures
From: Matthew Kocher, 2014-08-15
Re: SSO / Service Broker test failures
From: Cory Johns, 2014-08-15