OpenEdx ecommerce: Not Found: /oauth2/authorize/
353 views
Skip to first unread message
mario silic
Apr 15, 2019, 5:56:23 AM4/15/19
to General Open edX discussion
Hello
Trying to configure openedx ecommerce and checked few times all configs and I'm stuck with a small thing - probably a very simple one:
The only thing I can see in the logs is:
/edx/app/ecommerce/venvs/ecommerce/local/lib/python2.7/site-packages/django/core/handlers/base.py:152] - Not Found: /oauth2/authorize/
I do get the LOG in screen but each I click on the Log In button it takes me to the same URL:
Any idea what could be wrong?
Thanks.
mario silic
Apr 15, 2019, 2:03:57 PM4/15/19
to General Open edX discussion
I solved one issue..but now I have this error:
AuthFailed: Authentication failed: HTTPSConnectionPool(host='learn.domain.com', port=443): Max retries exceeded with url: /oauth2/access_token/ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
mario silic
Apr 18, 2019, 2:35:57 PM4/18/19
to General Open edX discussion
anyone has any idea what this could be?
Clinton Blackburn
Apr 18, 2019, 6:19:13 PM4/18/19
to General Open edX discussion
It seems you've misconfigured your OAuth provider somewhere. You are hosting the E-Commerce Service at learn.domain.com, port 18130. By default, it's supposed to use LMS (port 18000) as an OAuth provider. The service is attempting to use the default SSL port (443). Check your settings to ensure you are using the correct ports.
Clinton
mario silic
Apr 19, 2019, 4:20:34 AM4/19/19
to General Open edX discussion
thanks a lot...I'm still struggling...I spent hours on this..I would really appreciate if someone could tell what could be wrong - below is my config;
/edx/etc/ecommerce.yml
SOCIAL_AUTH_EDX_OIDC_ISSUER: https://learn.domain.com/oauth2
SOCIAL_AUTH_EDX_OIDC_KEY: ecommerce-key
SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL: https://learn.domain.com/logout
SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT: https://learn.domain.com/oauth2
SOCIAL_AUTH_EDX_OIDC_SECRET: ecommerce-secret
SOCIAL_AUTH_EDX_OIDC_URL_ROOT: https://learn.domain.com/oauth2
SOCIAL_AUTH_REDIRECT_IS_HTTPS: false
/edx/app/nginx/sites-available/ecommerce
upstream ecommerce_app_server {
server 127.0.0.1:8130 fail_timeout=0;
}
server {
server_name ~^((stage|prod)-)?ecommerce.*;
listen 18130 ssl;
ssl_certificate /etc/letsencrypt/live/learn.domain.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/learn.domain.com/privkey.pem;
/edx/app/nginx/sites-available/lms
upstream lms-backend {
server 127.0.0.1:8000 fail_timeout=0;
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
# error pages
server_name learn.domain.com
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/learn.domain.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/learn.domain.com/privkey.pem;
OAUTH2 client (config in django admin)
Redirect uri: https://learn.domain.com:18130/complete/edx-oidc/
/edx/app/edxapp/lms.env.json
"OAUTH_OIDC_ISSUER": "https://learn.domain.com/oauth2",
Again, each time I click on Login I get this:
AuthFailed: Authentication failed: HTTPSConnectionPool(host='learn.domain.com', port=443): Max retries exceeded with url: /oauth2/access_token/ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
What am I doing wrong?
thanksa lot.
thanksa lot.
Clinton Blackburn
Apr 19, 2019, 12:58:41 PM4/19/19
to General Open edX discussion
If you visit https://learn.domain.com, what happens?
The error you have posted implies your SSL certificate cannot be verified. Try accessing the URL from the E-Commerce host:
You probably need to update the root certificates on the E-Commerce host so that the SSL handshake succeeds. Since this is not directly related to Open edX, your best resource may be Google/Stack Overflow for posts on updating the cert store for your OS.
Clinton
mario silic
Apr 20, 2019, 1:27:47 AM4/20/19
to General Open edX discussion
No that is fine - the root certificate works very well, is valid...
Error is rated to some config issue.
Error is rated to some config issue.
Do you see anything wrong in my configuration?
Clinton Blackburn
Apr 20, 2019, 1:13:31 PM4/20/19
to General Open edX discussion
How did you verify the root certificates work well?
Again, your configuration looks fine. The error message you posted is clearly related to certificates.
Would you supply the output of these two commands?
> curl -v https://learn.domain.com
> python -c "import requests; print(requests.get('https://learn.domain.com'))"
Clinton
mario silic
Apr 22, 2019, 5:06:48 PM4/22/19
to edx-...@googlegroups.com
you were right - I should have used fullchain.pem instead of cert.pem - that was causing the issue - thanks a lot.
--
You received this message because you are subscribed to the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/39f07f59-fb01-40b5-9533-f9d0fe37e192%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages