Unable to authenticate to CommCareHQ
21 views
Skip to first unread message
Christian Neumann
Jun 29, 2016, 6:51:06 AM6/29/16
to motec...@googlegroups.com
Hi,
When I try to hook the Commcare module to my CommCareHQ account, I receive the message below. I’m pretty sure that username and password, as well as the URL and project name are correct and that I’m on a Standard Plan.
Can I activate additional logging or manually test the connection similar to what MOTECT is doing?
Thanks,
christian
2016-06-24 03:18:20,597 ERROR [org.motechproject.commcare.web.ConfigController] Motech was unable to authenticate to CommCareHQ. Please verify your account settings.
org.motechproject.commcare.exception.CommcareAuthenticationException: Motech was unable to authenticate to CommCareHQ. Please verify your account settings.
at org.motechproject.commcare.web.ConfigController.verifyConfig(ConfigController.java:70)
at org.motechproject.commcare.web.ConfigController$$FastClassByCGLIB$$1ed40d2.invoke(<generated>)
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622)
at org.motechproject.commcare.web.ConfigController$$EnhancerByCGLIB$$a3bf6b5.verifyConfig(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
Nick Reid
Jun 29, 2016, 8:08:38 PM6/29/16
to MOTECH Developer
Christian~
I'll install and check 0.28 first thing tomorrow morning...
Can you confirm for me that you do have a paid CommCare account? I'm not trying to be dismissive, just want to double check the easy stuff
-- nick --
--
You received this message because you are subscribed to the Google Groups "MOTECH Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to motech-dev+...@googlegroups.com.
To post to this group, send email to motec...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/16583E88-81BD-47FC-9490-0FAFB1B5BCF2%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Nick Reid
Grameen Foundation, Mobile Health Innovations
2101 4th Ave | Suite 1550 | Seattle, WA 98121
nreid@grameenfoundation | +1.510.410.0020 | Skype: nickdotreid
GrameenFoundation.org | Twitter│MOTECH Project
Connecting the World's Poor to Their Potential
Craig A
Jun 29, 2016, 11:00:18 PM6/29/16
to Motech-dev
Hi Christian,
On which version of Ubuntu is MOTECH running? (I had an issue with Ubuntu 15.10 due to poorly loaded SSL certs with the apt-get openjdk-8 install) I just tested my demo box that's running Ubuntu 14.04 with MOTECH 0.28.1 and it connected successfully to the CommCare server.
Here's the curl command that you can use to test the connectivity. You should get a certificate returned from their server when successfully authenticated:
curl -v -u christia...@gmail.com:ENTER_YOUR_PASS 'https://www.commcarehq.org/a/test-2284/' (link to CCHQ API doc)
As Nick mentioned, check to make sure this CommCare project is either on the standard plan or within the 30 day trial period so you can communicate through the API. (CommCare Doc)
Sincerely,
Craig
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/CA%2BC%3D4WTLoiNQ71DgD45r9gx_-kUz%2BY4uyLrzHVncgzsaQEaZKw%40mail.gmail.com.
Craig Appl
Lead Technical Program Manager, Mobile Health Innovations
Grameen Foundation
2101 4th Ave | Suite 1550 | Seattle, WA 98121
Skype:craigappl
Christian Neumann
Jun 30, 2016, 5:49:58 AM6/30/16
to MOTECH Developer
Am on 14.04.
But indeed the curl to my CommCare project doesn't work (more precisely it gets redirected to the login page; also tried digest auth without luck). Full output pasted below.
On my subscription page for this project is says: CommCare Standard Edition
(For projects with a medium set (up to 100) of mobile users that want to build in limited SMS workflows and have increased data security needs.)
So I assume it should work, but will check in with Dimagi to see if something is wrong/missing.
Thanks so far,
christian
~ $ curl -v -u christia...@gmail.com https://www.commcarehq.org/a/test-2284/
Enter host password for user 'christia...@gmail.com':
* Trying 146.20.47.186...
* Connected to www.commcarehq.org (146.20.47.186) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.commcarehq.org
* Server certificate: GeoTrust DV SSL CA - G2
* Server certificate: GeoTrust Global CA
* Server auth using Basic with user 'christia...@gmail.com'
> GET /a/test-2284/ HTTP/1.1
> Host: www.commcarehq.org
> Authorization: Basic Y2hyaXN0aWFuLm5ldW1hbm5AZ21haWwuY29tOkNuZXVtYW5uMg==
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 FOUND
< Server: nginx/1.10.1
< Date: Thu, 30 Jun 2016 09:44:50 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Content-Language: en
< Expires: Thu, 01 Dec 1994 16:00:00 GMT
< Vary: Accept-Language, Cookie
< Location: https://www.commcarehq.org/a/test-2284/login/
< Pragma: no-cache
< Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
< HTTP_X_OPENROSA_VERSION: 1.0
< Set-Cookie: sessionid=x46b5ymqgr3a83t1wqyxiz188zeycpre; expires=Thu, 14-Jul-2016 09:44:50 GMT; httponly; Max-Age=1209600; Path=/
< X-Frame-Options: SAMEORIGIN
<
* Connection #0 to host www.commcarehq.org left intact
~ $
Christian Neumann
Jun 30, 2016, 6:05:17 AM6/30/16
to motec...@googlegroups.com
Hi,
A little update: When I use ‘proper’ CommCare API URLs like these ones, I get a valid response from commcarehq.org.
Just when I don’t specify any ‘endpoint’ as I did for my last mail/test, I’ll get the redirect to login. So from this I think my CommCare account and subscription should be ok. And I’m also on MOTECH 0.28.1.
Is there way to bump up the logging?
Thanks,
christian
You received this message because you are subscribed to a topic in the Google Groups "MOTECH Developer" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/motech-dev/8GmXcrt2Eos/unsubscribe.
To unsubscribe from this group and all its topics, send an email to motech-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/86016502-6ed6-4786-954a-8489317eb3bf%40googlegroups.com.
Craig A
Jun 30, 2016, 8:42:42 AM6/30/16
to Motech-dev
Hi,
You can increase logging by clicking Admin>Server Log>Log Options tab. Add a TRACE to org.motechproject.commcare and it'll output everything in the log.
Craig
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/D20BCA6A-236D-4F3E-AEA7-50C9C5133CEF%40gmail.com.
Christian Neumann
Jun 30, 2016, 9:18:26 AM6/30/16
to motec...@googlegroups.com
Hi,
Unfortunately it doesn’t give me (much) more information. I once saw this message, and I’ve run 'apt-get upgrade’ and 'update-ca-certificates -f’, but afterwards I still have the original error message.
2016-06-30 14:11:00,666 WARN [org.motechproject.commcare.client.CommCareAPIHttpClient] IOException while sending request to CommcareHQ: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
And increasing the log level doesn’t really print out more. Naively I was scanning through the code to see how the verify URL is constructed, but didn’t follow through every call. So no new insights from me… ;-(
I was re-scanning the CommCare documentation and came to this (https://confluence.dimagi.com/display/commcarepublic/Project+Reporting+in+CommCare#ProjectReportinginCommCare-5.IntegrationwithMOTECHtoOtherSystems). Can you re-confirm that a Standard Plan is enough for the Compare module in MOTECH?
Thanks,
christian
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/CAOwqLVCxtZOo09d0GyN7xuQmm1Dt%2BYpnfvKomVG-4PU_XrjQEg%40mail.gmail.com.
Paweł Gesek
Jun 30, 2016, 9:28:34 AM6/30/16
to motec...@googlegroups.com
The issue is with the certs in your Java install, doubt it has
anything to do with Commcare or the plan. Did you try the
suggestions from here:
http://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus
?
Some people say 'update-ca-certificates -f' should fix the issue, did you try restarting Motech after you did that?
Regards,
Paweł
http://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus
?
Some people say 'update-ca-certificates -f' should fix the issue, did you try restarting Motech after you did that?
Regards,
Paweł
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/6098F722-B86F-4D32-A25C-84DD9CDB8F3A%40gmail.com.
Christian Neumann
Jun 30, 2016, 10:09:46 AM6/30/16
to motec...@googlegroups.com
As an update: I had a hangout session with Craig and he figured out that I had a trailing slash in my CommCare Base URL. After removing this it was working. I didn’t have the / from the beginning, so I think it was actually a combination of both the outdated certificates and the / that prevented a successful verification.
Thanks all for helping!
christian
To view this discussion on the web visit https://groups.google.com/d/msgid/motech-dev/57751E7F.1080300%40soldevelo.com.
Reply all
Reply to author
Forward
0 new messages