IBM Support

Resolving the issue of failure of loading CPD homepage with LDAP?

Troubleshooting


Problem

The login screen cannot be accessed, a blank page is displayed in the browser. All pods are in Running state in Openshift. 

Symptom

Blank page can be seen in browsers Console via link:  https://cp-console-xxxxxx/oidc/login.jsp and The login keeps pending in Network tab.
image-20240407205521-1
The screenshot shows that the issue is on the login with cp-console in the URL. cp-console is served by the Bedrock IAM routes. Also in the screenshot it shows that login.jsp succeeds, while login?callback=appendAssets hangs.
Please check the output of the following commands:
oc get route |grep cp-console

cp-console              cp-console-watsonx.apps.lubanbj9.cdl.ibm.com   /                           common-web-ui                  3000                   reencrypt/Redirect     None

platform-oidc           cp-console-watsonx.apps.lubanbj9.cdl.ibm.com   /oidc                       platform-auth-service          9443                   reencrypt/Redirect     None
The first one is a catch-all for anything going to cp-console. The other one for platform-oidc handles the successful call to login.jsp ( i.e. example from my comparison cluster: https://cp-console-xxxxxxx/oidc/login.jsp ). What this means is that in the back-end certainly the platform-auth-service:9443 service is healthy whereas the common-web-ui:3000 has probably issue. 
And then Please check the following pods and logs like below:
oc get all -l icpdsupport/component=idp-config-ui
NAME                                 READY   STATUS    RESTARTS   AGE
pod/common-web-ui-667ff8968f-npg5z   1/1     Running   0          45s


pods logs showed as below:
[2024-03-22T15:08:29.134] [WARN] [webui-nav] [iam-client] Slow response from request https://platform-identity-provider:4300/v1/auth/token (143101 ms)
[2024-03-22T15:08:29.135] [INFO] [webui-nav] [iam-client] POST https://platform-identity-provider:4300/v1/auth/token  HTTP/1.1 (143101 ms)
[2024-03-22T15:09:25.853] [INFO] [webui-nav] [zen-client] There was no icpHost cookie so unable to lookup cloudpak name from zen instance info
[2024-03-22T15:09:29.320] [WARN] [webui-nav] [iam-client] Slow response from request https://platform-identity-provider:4300/v1/auth/token (175772 ms)
[2024-03-22T15:09:29.320] [INFO] [webui-nav] [iam-client] POST https://platform-identity-provider:4300/v1/auth/token  HTTP/1.1 (175772 ms)
[2024-03-22T15:10:29.470] [WARN] [webui-nav] [iam-client] Slow response from request https://platform-identity-provider:4300/v1/auth/token (235917 ms)
[2024-03-22T15:10:29.471] [INFO] [webui-nav] [iam-client] POST https://platform-identity-provider:4300/v1/auth/token  HTTP/1.1 (235917 ms)
[2024-03-22T15:11:29.683] [WARN] [webui-nav] [iam-client] Slow response from request https://platform-identity-provider:4300/v1/auth/token (255209 ms)
[2024-03-22T15:11:29.683] [INFO] [webui-nav] [iam-client] POST https://platform-identity-provider:4300/v1/auth/token  HTTP/1.1 (255209 ms)
The logs looks like issue occurred in identity providers.
Please check all IAM resource:
oc get all -l icpdsupport/app=im

oc logs deployment.apps/platform-identity-provider -f

oc logs deployment.apps/platform-auth-service -f

[3/22/24, 15:59:38:824 UTC] 00000020 id=         com.ibm.ws.logging.internal.impl.IncidentImpl                I FFDC1015I: An FFDC Incident has been created: "javax.naming.CommunicationException: bluepages.ibm.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out] com.ibm.ws.security.wim.adapter.ldap.context.ContextManager 451" at ffdc_24.03.22_15.59.38.0.log
[3/22/24, 15:59:38:841 UTC] 00000020 id=         com.ibm.ws.logging.internal.impl.IncidentImpl                I FFDC1015I: An FFDC Incident has been created: "javax.naming.CommunicationException: bluepages.ibm.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out] com.ibm.ws.security.wim.adapter.ldap.context.ContextManager 1277" at ffdc_24.03.22_15.59.38.1.log

If it shows time out error when connecting to LDAP server: bluepages.ibm.com:389.  Because bluepgages has stopped supporting the 389 port and changed to ldaps://bluepages.ibm.com:636, LDAP configuration for CP4D should be also be changed accordingly. However, CP4D UI is not available to do this change.  Please follow the steps in 'Resolving The Problem'.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSHGYS","label":"IBM Cloud Pak for Data"},"ARM Category":[{"code":"a8m3p000000UoQtAAK","label":"Administration"},{"code":"a8m3p000000UoRlAAK","label":"Authentication-\u003ELDAP"}],"ARM Case Number":"","Platform":[{"code":"PF088","label":"Red Hat OpenShift"}],"Version":"4.8.0;4.8.1;4.8.3"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
21 May 2024

UID

ibm17147693

Page Feedback