1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Can't attach or deattach SSO (403 forbidden)

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by EduardoG, Dec 3, 2010.

  1. EduardoG

    EduardoG Basic Pleskian

    23
    90%
    Joined:
    Dec 15, 2009
    Messages:
    60
    Likes Received:
    1
    Hi all. SSO is not working for me (latest centos 64, latest plesk). It denies me every query:

    Inside sso.log I see the cause of the error:
    But sqlite db seems to be empty:
    What can I do now? How can I generate a new db or a new admin?
    Thanks
     
  2. Petrou Net

    Petrou Net Basic Pleskian

    23
    90%
    Joined:
    Jan 8, 2008
    Messages:
    58
    Likes Received:
    0
    I think the sso feature is a bit problematic in my opinion. I wish it would not brake so easily. I had a 403 error, I couldn't detach & reattach plesk billing to sso but I managed to solve it by editing the billing database. If you are planning to try what I'm suggesting, try it at your own risk. Make a backup of the database first otherwise if something goes wrong, your plesk billing (Customer & Business Manager) might not work correctly afterwards. Also, if your sso.db is broken, I'm not sure if the following is going to help.
    1. Using phpmyadmin (or anything else you like, go to the plesk billing database (usually named billing) and then go to config_params table.
    2. Find admin:sp_registered (on config_param_name column) and change the value from 1 to 0 (on config_param_value column).
    3. Find client:sp_registered (on config_param_name column) and change the value from 1 to 0 (on config_param_value column).
    4. Run /usr/share/plesk-billing/sso --command=attach --app-type=admin --idp-url=https://host-name:11443 (you'll see a Service Provider ID, save it, you'll need it later).
    5. Run /usr/share/plesk-billing/sso --command=attach --app-type=customer --idp-url=https://host-name:11443 (don't save this Service Provider ID, you need only the other one).
    6. Run /usr/local/sso/etc/set_privileged_sp.sh ID (replace ID with the Service Provider ID of admin)
    Now plesk billing should be reattached to sso. You might want to run also /usr/share/plesk-billing/sso --command=repair-accounts after plesk billing is attached to sso, to repair any broken accounts.
     
    Last edited: Dec 3, 2010
  3. EduardoG

    EduardoG Basic Pleskian

    23
    90%
    Joined:
    Dec 15, 2009
    Messages:
    60
    Likes Received:
    1
    Hi, Petrou. Thanks very much for your explanation, I managed to make reattachment:

    But repair-accounts command still doesn't work:

    I can't understand the "No such SP specified as target" message. I've checked /etc/sso/sso_config.ini and "privileged_sp_id" key is right. Any clue at this point?

    Againg, thanks very much for your useful help
     
  4. Petrou Net

    Petrou Net Basic Pleskian

    23
    90%
    Joined:
    Jan 8, 2008
    Messages:
    58
    Likes Received:
    0
    Hello EduardoG,
    The SSO system is using an sqlite database to store data (/var/lib/sso/sso.db). Each Service Provider ID is stored inside that database, in a table named sp.
    No such SP specified as target, probably means that your Service Provider IDs were not stored, when you reattached customer & business manager, or your sso.db database is broken.
    If you try now to detach using the commands /usr/share/plesk-billing/sso --command=detach --app-type=admin and /usr/share/plesk-billing/sso --command=detach --app-type=customer does customer & business manager detaches properly?
    Can you try to detach & reattach? When you reattach, new Service Provider IDs should be produced, otherwise it wasn't successful.
    Another option would be to edit manually the sso.db database using the sqlite3 command (or to find the Service Provider IDs stored there, and put them manually in the billing database) but this could be dangerous.
     
    Last edited: Dec 6, 2010
  5. EduardoG

    EduardoG Basic Pleskian

    23
    90%
    Joined:
    Dec 15, 2009
    Messages:
    60
    Likes Received:
    1
    Thanks again for your answer. I've done as you asked, everything worked right:

    I've updated my new sp_id:

    Inside sqlite db I see this rows:
    3rd row is the last created one.

    Still, when trying to run a repair commando, I get the same error:
    But then I check sso.log file and found it's using *two different sp_id's*. How is it possible?
     
  6. Petrou Net

    Petrou Net Basic Pleskian

    23
    90%
    Joined:
    Jan 8, 2008
    Messages:
    58
    Likes Received:
    0
    The sso database retains the old Service Provider ID's of past sso registrations, (this could be either a bug or a feature), so I guess it's considered normal to see multiple Service Provider ID's.
    Have you tried the update-hostname command (http://kb.odin.com/en/9296)? I'm afraid I don't know what else to suggest. Perhaps if you contact Parallels the might be able to fix the issue.
     
Loading...