Troubleshooting OpenID Setup

Troubleshooting OpenID Setup


Overview

This guide will provide general troubleshooting for the setup of an OpenID login on Matillion ETL.

Important Information

Due to the technical nature of this guide, it is highly recommended a member of the Matillion Support team be consulted before beginning and/or if anything about this document is unclear.

OpenID Error Message

OpenID Error Message


Fixing Tomcat Library Conflict

When configuring an OpenID, an authentication library conflict may occur after upgrading to Tomcat 8.5.51+ without updating Matillion ETL. This conflict becomes evident after restarting the Matillion ETL instance, causing the server to become inaccessible from the UI and an error message to be displayed during the login process.

It is recommended, to prevent this conflict either update to Matillion ETL 1.44.11 or later, or run the script below via an SSH client:

sudo su
cd /usr/share/emerald/WEB-INF/lib´┐╝
wget https://boylesoftware.com/maven/repo-os/org/bsworks/catalina/authenticator/oidc/tomcat-oidcauth/2.3.0/tomcat-oidcauth-2.3.0-tomcat85.jar
# Remove KMS library into the the tomcat lib
rm -f /usr/share/tomcat8/lib/KMSJndiRealm*.jar
# Link tomcat oidcauth to tomcat lib
rm -f /usr/share/tomcat8/lib/tomcat-oidcauth.jar
ln -s /usr/share/emerald/WEB-INF/lib/tomcat-oidcauth-2.3.0-tomcat85.jar /usr/share/tomcat8/lib/tomcat-oidcauth.jar
/etc/init.d/tomcat8 restart

Please Note

If the conflict has already occured, the OpenID configuration will first need to be removed.

Error

This is only an interim fix for internal security in the 1.45 release, and may prevent external security from functioning. However, the 1.46 release provides a permanent fix and is recommended.


Removing an OpenID Configuration

In the event an error occurs during the setup of an OpenID login that leads to access to the Matillion ETL instance becoming restricted, the OpenID configuration may need to be removed. To do this, users should take the following steps:

  1. Connect to the Matillion ETL instance using SSH (read this article for details).
  2. Make a backup of the /etc/tomcat8/context.xml file.
  3. Open the context.xml file.
  4. Remove the node labelled <valve/> from the file.
  5. Save and close this file.
  6. Restart tomcat using the following command: tomcat sudo service tomcat8 restart