Troubleshooting OpenID Setup
This guide will provide general troubleshooting for the setup of an OpenID login on Matillion ETL.
Due to the technical nature of this guide, it is highly recommended a member of the Matillion Support team be consulted before beginning and/or if anything about this document is unclear.
Fixing Tomcat Library Conflict
When configuring an OpenID, an authentication library conflict may occur after upgrading to Tomcat 8.5.51+ without updating Matillion ETL. This conflict becomes evident after restarting the Matillion ETL instance, causing the server to become inaccessible from the UI and an error message to be displayed during the login process.
It is recommended, to prevent this conflict either update to Matillion ETL 1.44.11 or later, or run the script below via an SSH client:
sudo su cd /usr/share/emerald/WEB-INF/lib￼ wget https://boylesoftware.com/maven/repo-os/org/bsworks/catalina/authenticator/oidc/tomcat-oidcauth/2.3.0/tomcat-oidcauth-2.3.0-tomcat85.jar # Remove KMS library into the the tomcat lib rm -f /usr/share/tomcat8/lib/KMSJndiRealm*.jar # Link tomcat oidcauth to tomcat lib rm -f /usr/share/tomcat8/lib/tomcat-oidcauth.jar ln -s /usr/share/emerald/WEB-INF/lib/tomcat-oidcauth-2.3.0-tomcat85.jar /usr/share/tomcat8/lib/tomcat-oidcauth.jar /etc/init.d/tomcat8 restart
If the conflict has already occured, the OpenID configuration will first need to be removed.
This is only an interim fix for internal security in the 1.45 release, and may prevent external security from functioning. However, the 1.46 release provides a permanent fix and is recommended.
Removing an OpenID Configuration
In the event an error occurs during the setup of an OpenID login that leads to access to the Matillion ETL instance becoming restricted, the OpenID configuration may need to be removed. To do this, users should take the following steps:
- Connect to the Matillion ETL instance using SSH (read this article for details).
- Make a backup of the /etc/tomcat8/context.xml file.
- Open the context.xml file.
- Remove the node labelled <valve/> from the file.
- Save and close this file.
- Restart tomcat using the following command: tomcat sudo service tomcat8 restart