Gateway timeout or blank page error while you log in to the console

Cannot log in to your IBM Cloud Pak foundational services or IBM Cloud Pak® console.

Symptoms

You might see a 504 Gateway timeout error or blank page when you log in to the console.

Cause

IBM WebSphere Liberty has a limitation in their federated user registry mechanism where a problem in one registry affects all other registries in the cluster.

The foundational services Identity Management (IM) service uses Liberty federated registry. Hence, if you have multiple LDAP (Lightweight Directory Access Protocol) registries in your cluster, if any registry server is down, it impacts all other registries. You can't log in to your cluster. The issue might happen even if you have only one LDAP connection in your cluster.

Resolving the problem

If you find that all the IM pods are up and running, then follow these steps as a workaround to the issue:

  1. Verify whether your LDAP registries are healthy and that you are able to reach the servers.

  2. If there is a problem in any LDAP registry, disconnect the LDAP registry from your cluster by using either of the following ways:

    • If other identity providers are configured in your cluster, a user with admin access can log in to the console and delete the connection from the navigation menu > Identity and access > Identity providers page.
    • If you have the foundational services default cpadmin token, you can use the Deleting an LDAP connection by using IdP V3 API to remove the connection.
  3. Restart the platform-auth-service pod.

    oc get pod -n <your-foundational-services-namespace> | grep platform-auth
    oc delete pod $platform-auth-pod
    

If the problem still persists, contact IBM Support.