0

I've been googling for days and still can't find the answer I need. I'm not even sure if this is the best/right place to ask. But here's my story. I've installed gerrit 2.8.6 on a vps and all looks good from what I can see, but when I try to register/sign in on a web browser, I'm unable to login via Google sign on (get taken to a unknown domain error page with no real guidance on how to resolve it), or when using a different openID method (startssl.com's openid identity provider), I get taken back to my site with a "Not Found" page saying "The page you requested was not found, or you do not have permission to view this page." And this is the error from the error_log file:

2014-07-04 13:50:50,379] ERROR com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl : OpenID failure: Local signature verification failed

If anyone could help me make sense of what to do, I would greatly appreciate it :-) Oh, I'm on a bus as I write this, so if any other details are needed, I'll provide them when I can!

aspman
  • 1
  • 2
  • I had the exact same problem on a fresh Gerrit installation. See here for a workaround: http://stackoverflow.com/questions/26215409/google-authentication-for-gerrit-and-jenkins – revau.lt Oct 06 '14 at 11:41

1 Answers1

0

I had exactly the same problem today while installing Gerrit.

1.) Google OpenID authentication does not work since May 2014, as they deprecated this sort of authentication for 3rd parties (they have Google+ Sign-in though, which Gerrit does not implement) - https://developers.google.com/accounts/docs/OpenID2 This is really fresh and that's probably the reason why we couldn't google it out that easily :)

2.) Trying to use different OpenID provider (in my case my Launchpad.net account) resulted in "no permission" page. This was caused by a timeshift > not synced clock on the server. What I did was to 'yum install ntp', 'chkconfig ntpd on', 'service ntpd start' (on CentOS). In a while the registration page in Gerrit started to work (I got this from logs).

Hopefully, this points you to the solution :)

Andrej

agolis
  • 93
  • 5
  • Unfortunately, the time isn't the problem with my install. Plus, it seems i already had ntp installed. I also believe i have tried a different openid provider, too. But i was getting various different errors. Off the top of my head, i think one was to do with a bad signature? – aspman Aug 14 '14 at 22:37
  • The signature's computation is based on various values, one of them could be a time. That's why it doesn't match the OpenID provider's signature which it's compared with, and therefore the authentication fails. That is also a reason, why ntp sync fixed this - the time was corrected, therefore the signature was computed correctly and matched with OpenID. I do not know all the technical details though... Anyway, having ntp installed doesn't mean it's running and syncs the time with ntp servers ;) What are the other "various different errors"? – agolis Aug 16 '14 at 18:39