Issue
We are installing the latest version of CJE tile for PCF. After successful installation, we are unable to login to the UI using UAA admin credentials. It throws the following error on the screen.
Caused by: java.lang.RuntimeException: Error making request [POST https://example.com/oauth/token HTTP/1.1]
at com.cloudfoundry.jenkins.cloudfoundryoauth.util.HttpClientUtils2.getResponseBodyForRequest(HttpClientUtils2.java:35)
at com.cloudfoundry.jenkins.cloudfoundryoauth.backends.UaaServerClient.requestTokenAsJson(UaaServerClient.java:111)
at com.cloudfoundry.jenkins.cloudfoundryoauth.backends.UaaServerClient.getUserAccessToken(UaaServerClient.java:129)
at com.cloudfoundry.jenkins.cloudfoundryoauth.CloudFoundryOAuthAuthorizer.getUaaAuthenticationToken(CloudFoundryOAuthAuthorizer.java:39)
at com.cloudfoundry.jenkins.cloudfoundryoauth.CloudFoundryOAuthLoginHandler.doFinishLogin(CloudFoundryOAuthLoginHandler.java:63)
at com.cloudfoundry.jenkins.cloudfoundryoauth.UaaSecurityRealm.doFinishLogin(UaaSecurityRealm.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
... 84 more
Caused by: java.lang.RuntimeException: Non-200 response (401) when requesting (https://example.com/oauth/token).
Headers:
Cache-Control no-cache, no-store, max-age=0, must-revalidate
Cache-Control no-store
Content-Type application/json;charset=UTF-8
Date Wed, 20 Jul 2016 13:47:30 GMT
Expires 0
Pragma no-cache
Pragma no-cache
Server Apache-Coyote/1.1
Strict-Transport-Security max-age=31536000 ; includeSubDomains
Www-Authenticate Basic realm="UAA/client", error="unauthorized", error_description="Bad credentials"
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Vcap-Request-Id 26fd1ed1-6794-41cf-7bae-12a3fb3dd264
X-Xss-Protection 1; mode=block
Content-Length 62
Body: {"error":"unauthorized","error_description":"Bad credentials"}
at com.cloudfoundry.jenkins.cloudfoundryoauth.util.HttpClientUtils2.getResponseBodyForRequest(HttpClientUtils2.java:30)
... 99 more
trying to use the UAA REST api and generate oauth token using jenkins and UAA admin client credentials. It failed with 401 error for jenkins but UAA admin client worked.
Resolution
It seems the 'jenkins' app exists, but maybe not with the credentials Jenkins is using to access it. We suggest to re-create it:
export ADMIN_CLIENT_ID=admin export ADMIN_CLIENT_SECRET=... uaac token client get $ADMIN_CLIENT_ID --secret $ADMIN_CLIENT_SECRET export CLIENT_ID=jenkins export CLIENT_SECRET=... uaac client delete $CLIENT_ID uaac client add $CLIENT_ID --secret $CLIENT_SECRET \ --no-interactive \ --scope oauth.approvals,openid,scim.me,scim.userids,cloud_controller.read,cloud_controller.admin \ --authorities scim.me,oauth.login,scim.userids,cloud_controller.admin \ --authorized_grant_types authorization_code,client_credentials,refresh_token \ --debug
then you can probably try
uaac token client get $CLIENT_ID --secret $CLIENT_SECRET
and see if you get a token.