内容纲要
概要描述
本文表述在服务状态良好的情况下,Aquila server页面登陆不上,日志报错login by ManagerSso with ticket failed的解决方案
详细描述
问题描述
Aquila服务正常,后台pod状态也正常。Aquila server访问页面显示如下:
重启aquila-server pod后,发现日志报错如下:
2021-11-01 09:54:33.677 ERROR big29 --- [ XNIO-1 task-14] i.t.a.s.s.s.m.ManagerSsoRealm : Unable to validate ticket [ST-265341273595-gCvVEPYg1VHxJdaH8m2t-]
ApiException(status=500 INTERNAL_SERVER_ERROR, key=api.error.manager.proxy, args=[The resource requires authentication, which was not supplied with the request], noSuppression=false)
2021-11-01 09:54:33.679 ERROR big29 --- [ XNIO-1 task-14] i.t.a.s.u.LoginServiceImpl : login by ManagerSso with ticket ST-265341273595-gCvVEPYg1VHxJdaH8m2t- failed
org.apache.shiro.authc.AuthenticationException: Authentication token of type [class io.transwarp.aquila.server.system.security.managersso.ManagerSsoToken] could not be authenticated by any configured realms. Please ensure that at least one realm can authenticate these tokens.
解决方案
由于Aquila的登陆使用的是Manager的租户管理,查看Aquila的登陆租户
查看Aquila的配置文件/etc/aquila/conf/server/application.yml, 确认登陆aquila的 manager-proxy字段中设置的user: Aquila 账号字段为 Aquila,得到登陆账号
查看文件/etc/aquila/conf/server/shadow.yml中 manager-proxy.password 设置的密码 ,确认密码选项
尝试用 manager-proxy字段中设置的user 以及该密码登陆manager,发现登陆失败,报错就是账号密码错误 。
重置Manager租户里__Aquila账号的密码,为/etc/aquila/conf/server/shadow.yml中 manager-proxy.password 设置的密码
重置密码后,重启Aquila server角色后,Aquila server 8666页面访问正常
先停止
再启动