We are testing vision client launcher on IGEL machines (very small, portable computers) and when we attempt to login into a site using SSO, we are never redirected to a web browser. In linux it is a chromium browser.
Normally from our windows instances we are redirected to a Chrome browser, the SAML response made and processed, and then we can go back to the vision client launcher.
We are looking at visionclientlauncher.log and there is no message in there related to the content or timestamps that we are looking for. Is there someone else to look?
When you click the button to launch your web browser for logging into the IdP, does it simply do nothing? Do you see a popup window hidden in the background with an error message like “Unable to open login page.”?
I just tested the SAML IdP login flow from a vision client in an Ubuntu 18.04.5 Desktop VM against Ignition 8.1.5 - worked fine when default browser was FF and when it was set to Chromium. Maybe there is something specific to the device that is causing problems. Hopefully there is an error dialog pop up that’s in the background that will give us more insight into the issue, otherwise diagnosing the issue will be much trickier.
Oops, actually, you won’t have access to the client diagnostics at this point in time. What you can do is take the ‘Starting Java with the following parameters’ line and directly run it in a terminal, e.g.:
When we launch the vision client using command line, it opens a GUI canvas with login button. Clicking the button triggers a short spiral and then static screen. Here is the terminal output
Is there an IP.java class missing. My understanding is the SAML API call exchange need to have a web-browser head for execution. Is there any way we can parameterize (pass in) the path for the browser to use. Seems like in this IGEL instance of ubuntu it is not finding a web browser or possibly it’s not finding the display to launch the browser within (?).
If we launch the client launcher, here is the stderr/out: nohup.out.txt (26.5 KB)
Also have not found any indicative diagnostic in visionclientlauncher.log file.
No, I think "HIDDEN IP ADDRESS" is literally being used as part of the gateway address parameter, causing the Java command line parsing to fail in a weird way and think it should start loading a main class called "IP".
Did you copy and paste this from something and forget to put an actual IP in there?
I usually tell people to pull the command being executed by the launcher out of their own launcher logs rather than copy the one from my machine because there are subtle differences in some of the parameters/paths.
So here is the console output from running the client launch command in an interactive shell:
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by de.javasoft.plaf.synthetica.SyntheticaLookAndFeel (file:/root/.ignition/cache/resources/platform/synthetica-3.1.1.jar/00000000162B46C0/synthetica-3.1.1.jar) to method sun.swing.DefaultLookup.setDefaultLookup(sun.swing.DefaultLookup)
WARNING: Please consider reporting this to the maintainers of de.javasoft.plaf.synthetica.SyntheticaLookAndFeel
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
And the command itself which we copied verbatim from visionclientlauncher.log file:
I just noticed the /root/ in your logs. And you say it is Ubuntu. There’s so much out there saying to never run GUIs as root that you might be running into a limit that Ubuntu enforces.
Try using a regular user account instead of root.
Then set your display manager to autologin to the designated regular user, if that’s the kind of startup you want.
Thanks @pturmel for your thoughts. We’ll test using a more vanilla user.
@Kevin.Herron
Is there an argument to tell the launcher where chrome can be found? We put chrome on the device to see if the launcher would find it and launch it, but it did not.
No it delegates to Java’s Desktop.browse and if that’s not available, which I suppose is possible since you’re running as root on Linux, falls back I think to whatever xdg-open is configured for.
So we made a little more progress. I think Phil’s (@pturmel ) suggestion may have been the huckleberry. Still not working but get more diagnostic info.
Your thoughts?
Here are the stdout & stderr from running the command in an interactive shell:
I’m thinking it may be puking on the SSL cert that the client launcher first needs the user to accept. This is a team effort so I’m not actually driving the test vehicle…
StdErr
nohup: ignoring input and appending output to 'nohup.out'
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by de.javasoft.plaf.synthetica.SyntheticaLookAndFeel (file:/userhome/.ignition/cache/resources/platform/synthetica-3.1.1.jar/00000000162B46C0/synthetica-3.1.1.jar) to method sun.swing.DefaultLookup.setDefaultLookup(sun.swing.DefaultLookup)
WARNING: Please consider reporting this to the maintainers of de.javasoft.plaf.synthetica.SyntheticaLookAndFeel
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
(java:15378): GLib-GIO-WARNING **: 19:40:00.553: /usr/share/applications/defaults.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations.
gstswitcher: current: 1.0, requested: 1.0, wanted: 1.0
[15475:15475:0629/194000.952797:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
[15477:15486:0629/194001.120868:ERROR:cert_issuer_source_aia.cc(31)] Error parsing cert retrieved from AIA (as DER):
ERROR: Failed parsing Certificate SEQUENCE
ERROR: Failed parsing Certificate
[15477:15486:0629/194001.121451:ERROR:cert_issuer_source_aia.cc(31)] Error parsing cert retrieved from AIA (as DER):
ERROR: Failed parsing Certificate SEQUENCE
ERROR: Failed parsing Certificate
[15477:15483:0629/194001.121810:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194001.121911:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15486:0629/194018.051437:ERROR:cert_issuer_source_aia.cc(31)] Error parsing cert retrieved from AIA (as DER):
ERROR: Failed parsing Certificate SEQUENCE
ERROR: Failed parsing Certificate
[15477:15486:0629/194018.051850:ERROR:cert_issuer_source_aia.cc(31)] Error parsing cert retrieved from AIA (as DER):
ERROR: Failed parsing Certificate SEQUENCE
ERROR: Failed parsing Certificate
[15477:15483:0629/194018.052152:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194018.289492:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194018.449936:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194018.635378:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194018.809652:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194018.994649:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194019.178900:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194019.340925:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194019.524163:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194019.692786:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202
[15477:15483:0629/194019.871982:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -202