openunison / openunison-k8s-login-oidc Goto Github PK

Kubernetes login portal for both kubectl and the dashboard using OpenID Connect. Use groups from your assertion in RBAC policies to control access to your cluster. Supports impersonation and OpenID Connect integration with your API server.

Home Page: https://www.tremolosecurity.com/kubernetes/

License: Apache License 2.0

Shell 0.48% Java 9.26% JavaScript 23.49% Python 0.31% CSS 4.09% HTML 0.31% Less 31.29% SCSS 30.77%

orchestra-login-portal openunison kubernetes kubernetes-dashboard portal kubernetes-rbac openid-connect

openunison-k8s-login-oidc's Issues

OpenUnison resource reports Failed state after upgrade 1.0.21, but otherwise works

Hey @mlbiam,

Just upgraded to the latest OpenUnison 1.0.21 that was released yesterday in a test cluster, upgrade seem to go well, the Pods redeployed and everything seems to work as expected.

However, noticed the following error in the operator:

[openunison-operator-dbd778f5d-mn678] Error on watch - {<JSON BLOB>}
[openunison-operator-dbd778f5d-mn678] javax.script.ScriptException: TypeError: Cannot read property "spec" from undefined in <eval> at line number 417
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.api.scripting.NashornScriptEngine.throwAsScriptException(NashornScriptEngine.java:470)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:392)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.api.scripting.NashornScriptEngine.invokeFunction(NashornScriptEngine.java:190)
[openunison-operator-dbd778f5d-mn678] 	at com.tremolosecurity.kubernetes.artifacts.util.K8sWatcher.processEvent(K8sWatcher.java:318)
[openunison-operator-dbd778f5d-mn678] 	at com.tremolosecurity.kubernetes.artifacts.util.K8sWatcher.watchUri(K8sWatcher.java:152)
[openunison-operator-dbd778f5d-mn678] 	at com.tremolosecurity.kubernetes.artifacts.run.RunWatch.run(RunWatch.java:38)
[openunison-operator-dbd778f5d-mn678] 	at java.lang.Thread.run(Thread.java:748)
[openunison-operator-dbd778f5d-mn678] Caused by: <eval>:417 TypeError: Cannot read property "spec" from undefined
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ECMAErrors.error(ECMAErrors.java:57)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ECMAErrors.typeError(ECMAErrors.java:213)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ECMAErrors.typeError(ECMAErrors.java:185)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ECMAErrors.typeError(ECMAErrors.java:172)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.Undefined.get(Undefined.java:157)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.scripts.Script$Recompilation$53$47267$\^eval\_.manageCertMgrJob(<eval>:417)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.scripts.Script$Recompilation$38$52A$\^eval\_.on_watch(<eval>:36)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:639)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.api.scripting.ScriptObjectMirror.callMember(ScriptObjectMirror.java:199)
[openunison-operator-dbd778f5d-mn678] 	at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:386)
[openunison-operator-dbd778f5d-mn678] 	... 5 more

also the resource status reports as failed:

❯ k get openunisons.openunison.tremolo.io orchestra -ojsonpath='{.status}'
{"conditions":{"lastTransitionTime":"2021-03-19 04:16:18GMT","reason":"error","status":"True","type":"Failed"},"digest":"A5SZJLzkLvMSV7YGaD38xNdV5K5s/rhTnWhAaBouVJ8="}

Orchestra itself doesn't have any errors in the logs and we're able to connect to the cluster and everything seems to work, I couldn't decipher any additional information from the logs.

The cluster is a GKE v1.18.16-gke.300

artifact-deployment bach job fails to complete

following deployment step in docs, artifact-deployment bach job fails to complete with the following output

namespace/openunison-deploy created
configmap/extracerts created
secret/input created
configmap/deployment-scripts created
clusterrolebinding.rbac.authorization.k8s.io/artifact-deployment created
job.batch/artifact-deployment created
NAME                        READY   STATUS              RESTARTS   AGE
artifact-deployment-97fpw   0/1     ContainerCreating   0          0s
artifact-deployment-97fpw   1/1   Running   0     1s
artifact-deployment-97fpw   0/1   Error   0     3s
artifact-deployment-5zh4g   0/1   Pending   0     0s
artifact-deployment-5zh4g   0/1   Pending   0     0s
artifact-deployment-5zh4g   0/1   ContainerCreating   0     0s
artifact-deployment-5zh4g   1/1   Running   0     2s
artifact-deployment-5zh4g   0/1   Error   0     8s

the logs from one job pods are showing:

$ kubectl logs -f artifact-deployment-97fpw -nopenunison-deploy                                                                                                                                                                                    Processing - '/etc/extracerts/..2019_08_19_14_15_46.852569665'                                                                                                                                                                                     not a pem, sipping
Processing - '/etc/extracerts/..data'
not a pem, sipping
Processing - '/etc/extracerts/ca-devops.pem'
Processing - '/etc/extracerts/input.props'
not a pem, sipping
Processing - '/etc/extracerts/..2019_08_19_14_15_46.852569665'
not a pem, sipping
Processing - '/etc/extracerts/..data'
not a pem, sipping
Processing - '/etc/extracerts/ca-devops.pem'
Processing - '/etc/extracerts/input.props'
not a pem, sipping
Loading CertUtils
Creating openunison keystore
Exception in thread "main" javax.script.ScriptException: TypeError: null has no such function "toCharArray" in <eval> at line number 30
        at jdk.nashorn.api.scripting.NashornScriptEngine.throwAsScriptException(NashornScriptEngine.java:470)
        at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:454)
        at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:406)
        at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:402)
        at jdk.nashorn.api.scripting.NashornScriptEngine.eval(NashornScriptEngine.java:150)
        at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:249)
        at com.tremolosecurity.kubernetes.artifacts.run.RunDeployment.main(RunDeployment.java:119)
Caused by: <eval>:30 TypeError: null has no such function "toCharArray"
        at jdk.nashorn.internal.runtime.ECMAErrors.error(ECMAErrors.java:57)
        at jdk.nashorn.internal.runtime.ECMAErrors.typeError(ECMAErrors.java:213)
        at jdk.nashorn.internal.runtime.ECMAErrors.typeError(ECMAErrors.java:185)
        at jdk.nashorn.internal.runtime.ECMAErrors.typeError(ECMAErrors.java:172)
        at jdk.nashorn.internal.runtime.linker.NashornBottomLinker.linkNull(NashornBottomLinker.java:180)
        at jdk.nashorn.internal.runtime.linker.NashornBottomLinker.getGuardedInvocation(NashornBottomLinker.java:66)
        at jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
        at jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:154)
        at jdk.internal.dynalink.DynamicLinker.relink(DynamicLinker.java:253)
        at jdk.nashorn.internal.scripts.Script$\^eval\_.:program(<eval>:30)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:637)
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
        at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:449)
        ... 5 more

ldap inserting http schema into okta redirect_uri

Hi guys,
I'm trying to implement k8s<->okta authentication but getting into a weird issue. I'm opening the dashboard URL it redirects to /login/ldap and to okta after that. But okta throwing this error:
Identity Provider: Unknown Error Code: invalid_request Description: The 'redirect_uri' parameter must be an absolute URI that is whitelisted in the client app settings.
I've checked rediret_uri and it set to dashboard uri but schema set to HTTP instead of HTTPS. Could you tell me where I could define schema for return uri?
Here are my configs:
Cluster: EKS 1.16
Ingress: Istio 1.6.5
Openunison-k8s-login-oidc: 1.0.19
OIDC provider: okta
values.yaml:

  openunison_host: "dev-eks-test-01.testdomain.com"
  dashboard_host: "dev-eks-test-01.testdomain.com"
  api_server_host: "dev-eks-test-01.testdomain.com"
  session_inactivity_timeout_seconds: 900
  k8s_url: "https://bububu.lala.us-east-1.eks.amazonaws.com"

cert_template:
  ou: "dev-eks-test-01"
  o: "whereami"
  l: "dev-eks-test-01"
  st: "TX"
  c: "US"

image: "31415926.dkr.ecr.us-west-2.amazonaws.com/openunison-k8s-login-oidc:latest"
myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: dev-eks-test-01
enable_impersonation: false

dashboard:
  namespace: "kubernetes-dashboard"
  cert_name: "kubernetes-dashboard-certs"
  label: "k8s-app=kubernetes-dashboard"
  service_name: kubernetes-dashboard
certs:
  use_k8s_cm: false

trusted_certs: []

monitoring:
  prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s

oidc:
  client_id: omgid
  auth_url: https://whereami-test.okta.com/oauth2/v1/authorize
  token_url: https://whereami-test.okta.com/oauth2/v1/token
  user_in_idtoken: false
  userinfo_url: https://whereami-test.okta.com/oauth2/v1/userinfo
  domain: "whereami-test"
  scopes: openid email profile groups
  claims:
    sub: sub
    email: email
    given_name: given_name
    family_name: family_name
    display_name: name
    groups: groups

Unable to install on k3d cluster

Following the instructions on the page on a local k3d cluster.

Operator installs correctly and able to put in correct secret.
helm install orchestra tremolo/openunison-k8s-login-oidc --namespace=openunison -f values.yaml

It starts installing however the pods are not created correctl with the following errors

[2021-06-23 22:04:11,417][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_IMPERSONATION'
[2021-06-23 22:04:11,417][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_DASHBOARD_HOST'
[2021-06-23 22:04:11,417][main] INFO OpenUnisonOnUndertow - Adding property : 'GIVEN_NAME_CLAIM'
[2021-06-23 22:04:11,417][main] INFO OpenUnisonOnUndertow - Adding property : 'FAMILY_NAME_CLAIM'
[2021-06-23 22:04:11,417][main] INFO OpenUnisonOnUndertow - Adding property : 'OIDC_CLIENT_ID'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'MYVD_CONFIG_PATH'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'OIDC_IDP_USER_URL'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'DISPLAY_NAME_CLAIM'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_DASHBOARD_NAMESPACE'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'OU_QUARTZ_MASK'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'GROUPS_CLAIM'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_DASHBOARD_SERVICE'
[2021-06-23 22:04:11,418][main] INFO OpenUnisonOnUndertow - Adding property : 'OIDC_IDP_LIMIT_DOMAIN'
[2021-06-23 22:04:11,419][main] INFO OpenUnisonOnUndertow - Adding property : 'PROMETHEUS_SERVICE_ACCOUNT'
[2021-06-23 22:04:11,419][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_URL'
[2021-06-23 22:04:11,419][main] INFO OpenUnisonOnUndertow - Adding property : 'SESSION_INACTIVITY_TIMEOUT_SECONDS'
[2021-06-23 22:04:11,419][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_CLUSTER_NAME'
[2021-06-23 22:04:11,420][main] INFO OpenUnisonOnUndertow - Loading keystore for Undertow
[2021-06-23 22:04:11,421][main] INFO OpenUnisonOnUndertow - OpenUnison XML File : '/usr/local/openunison/work/webapp/WEB-INF/unison.xml'
[2021-06-23 22:04:11,456][main] INFO OpenUnisonConfigLoader - No config from include files, using original
[2021-06-23 22:04:12,418][main] INFO OpenUnisonOnUndertow - Loading keystore : '/etc/openunison/unisonKeyStore.p12'
[2021-06-23 22:04:12,419][main] INFO OpenUnisonOnUndertow - Building Undertow
[2021-06-23 22:04:12,460][main] INFO OpenUnisonOnUndertow - Check if enabling HTTP2 - false
[2021-06-23 22:04:12,460][main] INFO OpenUnisonOnUndertow - Enabling HTTP2
[2021-06-23 22:04:12,463][main] INFO OpenUnisonOnUndertow - Adding open port : '8080'
Exception in thread "main" java.io.IOException: Invalid keystore format
at java.base/com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:725)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at com.tremolosecurity.openunison.undertow.OpenUnisonOnUndertow.setupTlsListener(OpenUnisonOnUndertow.java:533)
at com.tremolosecurity.openunison.undertow.OpenUnisonOnUndertow.main(OpenUnisonOnUndertow.java:280)

The dashboard ingress and orchestra ingress are not being created either.

Openunison/Kubernetes Cert Issues

Running Kubernetes on bare metal, using f5 to point to an nginx ingress controller, then to openunison. Okta redirect works an login is successful with the Openunison page displaying the option for the dashboard or tokens. Clicking the dashboard icon attempts to redirect to the dashboard_host from the values file but displays an Tremolo Security splash sceen error. The pod logs show the following at that time:

2021-05-04T18:17:30.802977238Z [2021-05-04 18:17:30,802][XNIO-1 task-1] INFO AccessLog - [Error] - k8s - https://tsb-kube-dashboard.yosemite.local/auth/oidc - uid=Anonymous,o=Tremolo - NONE [10.233.115.0] - [fd21af76ed512a9e9a3fb71171c33191b7086bfd1]
2021-05-04T18:17:30.804676918Z [2021-05-04 18:17:30,802][XNIO-1 task-1] ERROR ConfigSys - Could not process request
2021-05-04T18:17:30.804696725Z javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2021-05-04T18:17:30.804700883Z at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
....

Clicking the token icon redirects to the page with all of the token info but copying the kubectl command and then trying a kubectl command returns the following:

Cluster "tsb-kube" set.
Context "tsb-kube" modified.
User "00ukygpumukorZ0UQ0x7@tsb-kube" set.
Switched to context "tsb-kube".
 …/kubespray-local /main $kubectl get nodes
Unable to connect to the server: Get "https://tsb-kube-auth.yosemite.local/auth/idp/k8sIdp/.well-known/openid-configuration": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Seems like there is an issue with my certs? Any help is appreciated.

Kubernetes-Dashboard Redirection is returning an error

Hi, I'm getting an error when clicking the kubernetes dashboard icon on the Orchestra Portal.

Kubernetes version: Azure AKS 1.14.3
Dashboard Version : kubernetesui/dashboard:v2.0.0-beta2
Orceastra version : openunison-k8s-login-oidc:1.0.18 tried with 1.0.17 as well.

What is the problem here? Thanks

Integration with traefik ingressroute

Hi,
I'm trying to deploy openunison in an eks cluster with traefik ingressroute and a certificate signed with cert-manager.
The ingressroute config is the following:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: openunison
  namespace: openunison
spec:
  entryPoints:
    - websecure
  routes:
  - kind: Rule
    match: Host(`ou.example.com`)
    services:
    - name: openunison-orchestra
      port: 443
  - kind: Rule
    match: Host(`ds.example.com`)
    services:
    - name: openunison-orchestra
      port: 443
  - kind: Rule
    match: Host(`api.example.com`)
    services:
    - name: openunison-orchestra
      port: 443
  tls:
    secretName: openunison-tls-certificate

With this configuration if i reach to https://ou.example.com/ i get Internal Server Error, if i change the port in each rule from 443 to 80 i can reach openunison dashboard correctly but i can't use kubectl because of this error 2021/05/28 15:39:27 http: panic serving 127.0.0.1:54726: oidc: issuer did not match the issuer returned by provider, expected "https://ou.example.com/auth/idp/k8s-login-cli" got "http://ou.example.com/auth/idp/k8s-login-cli".

I'm guessing that the problem is related to traefik refusing to expose an endpoint if the service certificate is invalid (self signed in this case) when using https to connect to the service.

I've also tested in a local cluster with kind and if i set insecureskipverify in traefik it works correctly but i can't set that flag on the production cluster.
Is there a way to workaround this issue?

PS. the secret openunison-tls-certificate is the certificate created by cert-manager and it is valid.

Could not load user data

HI... Im getting the atached error on Orchestra Pod when a specific user is signing in..
other users I tested is OK
orchestra .log

any idea why?

check-certs-orchestra getting kubernetes.default.svc.cluster.local: Name or service not known

I noticed that the check-certs-orchestra pods were in an error state. Looking at the logs I see the following:

Exception in thread "main" java.net.UnknownHostException: kubernetes.default.svc.cluster.local: Name or service not known

That is not the correct name for the kubernetes default service. The domain is not correct. How do I update that?

Name should actually be kubernetes.default.svc.(my cluster name).(my domain).com

OpenID Connect to AWS eks

Hi,

I see there is a very good guide for a eks configuration using active directory https://www.tremolosecurity.com/post/multi-tenant-amazon-eks-the-easy-way-part-i-authentication.

I'm working on deploying using an openid token in OICD flow for AWS EKS. Expecting that a configuration will allow me to do userinfo lookup and retrieve groups from the IDP. Which in turn map to k8s aws-auth roles.

1st: should this work?
2nd: is there a guide similar to the active directory guide mentioned above?
3rd: how do I map say "memberOf"(pingid) to "groups" claim when interrogating userinfo endpoint

Thank you!

installing helm chart k8s-login-oidc results in error off of openunison_host

Installed and used values.yaml

network:
  openunison_host: "ou.ou-test.runshiftup.local"
  dashboard_host: "dashboard.ou-test.runshiftup.local"
  api_server_host: "api.ou-test.runshiftup.local"
  session_inactivity_timeout_seconds: 900
  k8s_url: http://127.0.0.1:49202/856a8c21-4dad-48d9-b82a-c9ba7dab23cc
  createIngressCertificate: true
  ingress_type: nginx
  ingress_annotations:
    kubernetes.io/ingress.class: nginx
  force_redirect_to_tls: true
  ingress_certificate: ou-tls-certificate

Going to https://ou.ou-test.runshiftup.local:8443 redirects to https://ou.ou-test.runshiftup.local:8443/login/ldap

It should be redirecting to my keycloak installation for login. I don't know where it's getting this login/ldap from.

Streaming commands (logs and get -w) cuts off after 20~40 seconds

Hey @mlbiam 👋🏼

We're using openunison in impersonation mode and we noticed that streaming commands such as:

kubectl logs <pod> -f
kubectl get pods -w

fail after a short while (usually within 20~40 seconds).

when that happens, the orchestra log dump this exception:

[2020-12-08 20:43:06,928][XNIO-1 task-3] INFO  AccessLog - [Error] - apiserver - https://k8sapi.our.domain.net/api/v1/namespaces/vault/pods/secrets-manager-6b764c686-cwdvv/log - sub=<my subid>,ou=oauth2,o=Tremolo - NONE [10.233.118.114] - [null]
[2020-12-08 20:43:06,928][XNIO-1 task-3] ERROR ConfigSys - Could not process request
javax.net.ssl.SSLException: Socket closed

any ideas?

full exception log

[2020-12-08 20:43:06,928][XNIO-1 task-3] INFO  AccessLog - [Error] - apiserver - https://k8sapi.our.domain.net/api/v1/namespaces/vault/pods/secrets-manager-6b764c686-cwdvv/log - sub=<my subid>,ou=oauth2,o=Tremolo - NONE [10.233.118.114] - [null]
[2020-12-08 20:43:06,928][XNIO-1 task-3] ERROR ConfigSys - Could not process request
javax.net.ssl.SSLException: Socket closed
	at sun.security.ssl.Alert.createSSLException(Alert.java:127) ~[?:1.8.0_275]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_275]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_275]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1303) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketImpl.access$300(SSLSocketImpl.java:72) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:831) ~[?:1.8.0_275]
	at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) ~[httpcore-4.4.13.jar:4.4.13]
	at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) ~[httpcore-4.4.13.jar:4.4.13]
	at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280) ~[httpcore-4.4.13.jar:4.4.13]
	at org.apache.http.impl.io.ChunkedInputStream.getChunkSize(ChunkedInputStream.java:261) ~[httpcore-4.4.13.jar:4.4.13]
	at org.apache.http.impl.io.ChunkedInputStream.nextChunk(ChunkedInputStream.java:222) ~[httpcore-4.4.13.jar:4.4.13]
	at org.apache.http.impl.io.ChunkedInputStream.read(ChunkedInputStream.java:183) ~[httpcore-4.4.13.jar:4.4.13]
	at org.apache.http.conn.EofSensorInputStream.read(EofSensorInputStream.java:135) ~[httpclient-4.5.12.jar:4.5.12]
	at org.apache.http.conn.EofSensorInputStream.read(EofSensorInputStream.java:148) ~[httpclient-4.5.12.jar:4.5.12]
	at com.tremolosecurity.proxy.ConfigSys.procData(ConfigSys.java:463) ~[unison-server-core-1.0.20.jar:?]
	at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:332) [unison-server-core-1.0.20.jar:?]
	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) [unison-server-core-1.0.20.jar:?]
	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290) [unison-server-core-1.0.20.jar:?]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
Caused by: java.net.SocketException: Socket closed
	at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_275]
	at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_275]
	at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[?:1.8.0_275]
	at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:457) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1095) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:72) ~[?:1.8.0_275]
	at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:815) ~[?:1.8.0_275]
	... 45 more
[2020-12-08 20:43:06,929][XNIO-1 task-3] ERROR UnisonServletFilter - Could not process request
java.lang.IllegalStateException: UT010019: Response already commited
	at io.undertow.servlet.spec.ServletOutputStreamImpl.resetBuffer(ServletOutputStreamImpl.java:739) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.HttpServletResponseImpl.resetBuffer(HttpServletResponseImpl.java:550) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:169) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:379) ~[unison-server-core-1.0.20.jar:?]
	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) ~[unison-server-core-1.0.20.jar:?]
	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290) [unison-server-core-1.0.20.jar:?]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[2020-12-08 20:43:06,930][XNIO-1 task-3] ERROR request - UT005023: Exception handling request to /api/v1/namespaces/vault/pods/secrets-manager-6b764c686-cwdvv/log
java.lang.IllegalStateException: UT010019: Response already commited
	at io.undertow.servlet.spec.ServletOutputStreamImpl.resetBuffer(ServletOutputStreamImpl.java:739) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.HttpServletResponseImpl.resetBuffer(HttpServletResponseImpl.java:550) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:169) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:299) ~[unison-server-core-1.0.20.jar:?]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]

Other ingress controllers

Hi,

is Orchestra login portal limited to Nginx? Is it possible to install alongside Traefik ingress controller?

Thank you

Not able to access Openunison UI

Hi Tremolo team,
Not able to access Openunison portal connected with keycloak. After entering https://IP:port, It will redirect to keycloak.
and will not redirect back to Openunison portal.
Below is my values.yaml file
network:
openunison_host: "Master-node-IP"
dashboard_host: "https://Master-node-IP:30050"
api_server_host: "https://Master-node-IP:6443"
session_inactivity_timeout_seconds: 900
k8s_url: https://Master-node-IP:6443
createIngressCertificate: true
ingress_type: nginx
ingress_annotations:
kubernetes.io/ingress.class: nginx

cert_template:
ou: "Master-node-IP"
o: "MyOrg"
l: "Kubernetes"
st: "State of Cluster"
c: "MyCountry"

image: "docker.io/tremolosecurity/openunison-k8s-login-oidc:latest"
myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: kubernetes
enable_impersonation: false

hosts:

annotations:
- name: kubernetes.io/ingress.class
  value: nginx
  ingress_name: openunison
  ingress_type: nginx

dashboard:
namespace: "kubernetes-dashboard"
cert_name: "kubernetes-dashboard-certs"
label: "k8s-app=kubernetes-dashboard"
service_name: kubernetes-dashboard
certs:
use_k8s_cm: false

trusted_certs: []

monitoring:
prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s

oidc:
client_id: test-kubernetes
auth_url: https://Ingress-IP.nip.io/auth/
token_url: https://Ingress-IP.nip.io/auth/realms/master/protocol/openid-connect/token
user_in_idtoken: false
userinfo_url: https://Ingress-IP.nip.io/auth/realms/master/protocol/openid-connect/userinfo
domain: ""
scopes: openid email profile groups
claims:
sub: sub
email: email
given_name: given_name
family_name: family_name
display_name: name
groups: groups

network_policies:
enabled: false
ingress:
enabled: true
labels:
app.kubernetes.io/name: ingress-nginx
namespace: openunison
monitoring:
enabled: true
labels:
app.kubernetes.io/name: monitoring
apiserver:
enabled: false
labels:
app.kubernetes.io/name: kube-system

services:
enable_tokenrequest: false
token_request_audience: api
token_request_expiration_seconds: 600
node_selectors: []
pullSecret: ""

openunison:
replicas: 1
non_secret_data:
K8S_DB_SSO: oidc
secrets: []

Unable to login to openunison

I followed the instruction for deploying this using help. I notice that it does not create a pod for the orchestra, but a kind of "OpenUnison". There is no pod, no service, no ingress. How can I expose this without a service?

I am using kubernetes 1.20 with Kong as my Ingress Controller. I am using kong with nodeport. So any service would have to be a NodePort service:

$ kubectl get all -n openunison
NAME READY STATUS RESTARTS AGE
pod/openunison-operator-6b95dc6574-v2t7p 1/1 Running 0 2d

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/openunison-operator 1/1 1 1 2d

NAME DESIRED CURRENT READY AGE
replicaset.apps/openunison-operator-6b95dc6574 1 1 1 2d

kubectl get openunison orchestra -n openunison
NAME AGE
orchestra 4h34m

For the values.yaml used with HELM. Would I need to set my openunison_host to be my Cluster IP:NodePort? How do I know what I should set this URL to normally I hit my host with the generic VIP I set up and then the NodePort.

Brian

Is it possible to supply a custom certificate during installation?

I've reviewed the steps described here https://github.com/TremoloSecurity/OpenUnison/wiki/troubleshooting#how-do-i-change-openunisons-certificates to replace the self-signed certificate with a custom one, but is it possible to do it as part of the installation to avoid extra steps?

specifically, we're using the helm chart to deploy this orchestra plugin.

Thanks!

Orchestra is pointing to IDP local host

Configured it with google OIDC using the following config

OU_HOST=52.175.252.220
K8S_DASHBOARD_HOST=52.175.252.220
K8S_URL=https://52.175.252.220:6443
OU_CERT_OU=k8s
OU_CERT_O=Tremolo Security
OU_CERT_L=Alexandria
OU_CERT_ST=Virginia
OU_CERT_C=US
USE_K8S_CM=true
SESSION_INACTIVITY_TIMEOUT_SECONDS=900
OIDC_CLIENT_ID=844805839722-r54gbam9n33teelujcl6dghfpol18ucj.apps.googleusercontent.com
OIDC_IDP_AUTH_URL=https://accounts.google.com/o/oauth2/v2/auth
OIDC_IDP_TOKEN_URL=https://oauth2.googleapis.com/token
OIDC_IDP_LIMIT_DOMAIN=tremolosecurity-test.com

Orchestra logs are showing errors as following
orchestra.log

Not sure if am configuring it right for testing with Google OIDC? And not able to get to my login page as well.

Issue with dashboard proxy with non-default cluster domain (!= cluster.local)

Hey 👋

We're having an issue setting up OpenUnison + Orchestra to work on clusters with non-default cluster domain (i.e. not cluster.local), API impersonation works however access to Dashboard throws an error, looking at the orchestra logs it seems like the hostname that orchestra generates for the dashboard service has the following dynamic format:

"kubernetes-dashboard." + k8sDashboardNamespace + ".svc.cluster.local

Since we use a different cluster domain (not cluster.local) the system is unable to resolve it and throws an UnknownHostException:
Caused by: java.net.UnknownHostException: kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local

, would it possible to omit cluster.local from these URLs? (in fact just <service name>.<namespace> is enough for Service Discovery), or perhaps introduce a configuration parameter to specify it in case it's not default?

Helm chart for orchestra is not deploying ingress.

Hi may be this is with some updates but i am deploying helm chart. and it is not creating any ingress resource..

Dashboard is Unauthorized

Working through this setup, I am able to log in via Okta and access the cluster CLI. However, when trying to access the dashbord I only see the alarm bell with the Unauthorized error. I have gone through the steps in the documentation for adding the OIDC vars to /etc/kubernetes/manifests/kube-apiserver.yaml here

    - --oidc-client-id=kubernetes
    - --oidc-issuer-url=https://our.internal.domain.url/auth/idp/k8sIdp
    - --oidc-ca-file=/etc/kubernetes/pki/ou-ca.pem
    - --oidc-username-claim=sub
    - --oidc-groups-claim=groups
    - '--oidc-username-prefix=oidc:'
    - '--oidc-groups-prefix=oidc:'

here is what I see in the logs of the Dashboard pod (just a snippet, a lot more of the same)

2021/08/02 13:56:57 [2021-08-02T13:56:57Z] Incoming HTTP/1.1 GET /api/v1/statefulset/default?itemsPerPage=10&page=1&sortBy=d%!C(MISSING)creationTimestamp request from 10.12.163.210: 
2021/08/02 13:56:57 Getting list of all pet sets in the cluster
2021/08/02 13:56:57 Non-critical error occurred during resource retrieval: Unauthorized
2021/08/02 13:56:57 Non-critical error occurred during resource retrieval: Unauthorized
2021/08/02 13:56:57 Non-critical error occurred during resource retrieval: Unauthorized
2021/08/02 13:56:57 Internal error occurred: No metric client provided. Skipping metrics.
2021/08/02 13:56:57 [2021-08-02T13:56:57Z] Outcoming response to 10.12.163.210 with 200 status code

and here are the corresponding logs from the kube-apiserver pod:

I0802 13:55:14.306014       1 trace.go:205] Trace[1148314369]: "Get" url:/api/v1/namespaces/openunison/pods/openunison-orchestra-85bc7f495d-sh6w2/log,user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Lens/5.1.3-latest.20210722.1 Chrome/83.0.4103.122 Electron/9.4.4 Safari/537.36,client:127.0.0.1 (02-Aug-2021 13:55:13.561) (total time: 744ms):
Trace[1148314369]: ---"Transformed response object" 664ms (13:55:00.305)
Trace[1148314369]: [744.620567ms] [744.620567ms] END
E0802 13:55:15.111397       1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0802 13:55:15.111493       1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0802 13:55:15.111555       1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0802 13:55:15.117679       1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0802 13:55:15.117693       1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0802 13:55:15.117722       1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token

Any ideas of where to start looking to figure out the problem with the invalid bearer token?

multiple token for multiple cluster of the same user in config

I suggest the user identifier string contains username and cluster in config.
Thus, it would be convenient to switch context without updating token of the same user.

kubectl exec|port-forward fails when using api impersonation

Hey 👋

We've encountered an issue with the api impersonation mode, it seems that kubectl exec & port-forward do not work (otherwise things are working as expected).

❯ kubectl port-forward -n vault vault-0 8200:8200


error: error upgrading connection: unable to upgrade connection: <html><head><title>Error</title></head><body>Internal Server Error</body></html>

❯ kubectl exec -n vault vault-0 -- bash
Defaulting container name to vault-init.
Use 'kubectl describe pod/vault-0 -n vault' to see all of the containers in this pod.


error: unable to upgrade connection: <html><head><title>Error</title></head><body>Internal Server Error</body></html>

on the orchestra pod I see the following error:

[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,715][XNIO-1 task-14] ERROR ConfigSys - Could not process request
[openunison-orchestra-74f5ffbf54-vlqcj] javax.net.ssl.SSLException: Socket closed

followed by a pretty long exception:

Full exception

[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,715][XNIO-1 task-14] ERROR ConfigSys - Could not process request
[openunison-orchestra-74f5ffbf54-vlqcj] javax.net.ssl.SSLException: Socket closed
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.Alert.createSSLException(Alert.java:127) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1303) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.access$300(SSLSocketImpl.java:72) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:831) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.ChunkedInputStream.getChunkSize(ChunkedInputStream.java:261) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.ChunkedInputStream.nextChunk(ChunkedInputStream.java:222) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.ChunkedInputStream.read(ChunkedInputStream.java:183) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.conn.EofSensorInputStream.read(EofSensorInputStream.java:135) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.conn.EofSensorInputStream.read(EofSensorInputStream.java:148) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ConfigSys.procData(ConfigSys.java:463) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:332) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] Caused by: java.net.SocketException: Socket closed
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:457) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1095) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:72) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:815) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	... 45 more
[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,721][XNIO-1 task-14] ERROR UnisonServletFilter - Could not process request
[openunison-orchestra-74f5ffbf54-vlqcj] java.lang.IllegalStateException: UT010019: Response already commited
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.ServletOutputStreamImpl.resetBuffer(ServletOutputStreamImpl.java:739) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.HttpServletResponseImpl.resetBuffer(HttpServletResponseImpl.java:550) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:169) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:379) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,719][XNIO-1 task-10] ERROR ConfigSys - Could not process request
[openunison-orchestra-74f5ffbf54-vlqcj] javax.servlet.ServletException: javax.net.ssl.SSLException: Socket closed
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ProxySys.doPush(ProxySys.java:184) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:139) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.AuthMgrSys.doAuthMgr(AuthMgrSys.java:135) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:126) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.AzSys.doAz(AzSys.java:139) ~[unison-sdk-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:111) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.finishSuccessfulLogin(AuthManagerImpl.java:731) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.execAuth(AuthManagerImpl.java:453) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:125) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:83) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.oauth2.OAuth2JWT.processToken(OAuth2JWT.java:260) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.oauth2.OAuth2Bearer.doGet(OAuth2Bearer.java:110) ~[unison-sdk-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.oauth2.OAuth2Bearer.doPost(OAuth2Bearer.java:145) ~[unison-sdk-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.execAuth(AuthManagerImpl.java:412) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.sys.AuthManagerImpl.nextAuth(AuthManagerImpl.java:125) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.auth.AuthSys.doAuth(AuthSys.java:159) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:105) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:293) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] Caused by: javax.net.ssl.SSLException: Socket closed
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.Alert.createSSLException(Alert.java:127) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1303) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.access$300(SSLSocketImpl.java:72) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:831) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.postProcess.PushRequestProcess.postProcess(PushRequestProcess.java:193) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.filter.HttpFilterChainImpl.nextFilter(HttpFilterChainImpl.java:92) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.filters.K8sInjectImpersonation.doFilter(K8sInjectImpersonation.java:92) ~[unison-applications-k8s-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.filter.HttpFilterChainImpl.nextFilter(HttpFilterChainImpl.java:86) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ProxySys.doPush(ProxySys.java:181) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	... 52 more
[openunison-orchestra-74f5ffbf54-vlqcj] Caused by: java.net.SocketException: Socket closed
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:457) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1095) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:72) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:815) ~[?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) ~[httpcore-4.4.13.jar:4.4.13]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.12.jar:4.5.12]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.postProcess.PushRequestProcess.postProcess(PushRequestProcess.java:193) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.filter.HttpFilterChainImpl.nextFilter(HttpFilterChainImpl.java:92) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.filters.K8sInjectImpersonation.doFilter(K8sInjectImpersonation.java:92) ~[unison-applications-k8s-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.filter.HttpFilterChainImpl.nextFilter(HttpFilterChainImpl.java:86) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ProxySys.doPush(ProxySys.java:181) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	... 52 more
[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,723][XNIO-1 task-14] ERROR request - UT005023: Exception handling request to /api/v1/namespaces/openunison/pods/openunison-orchestra-74f5ffbf54-vlqcj/log
[openunison-orchestra-74f5ffbf54-vlqcj] java.lang.IllegalStateException: UT010019: Response already commited
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.ServletOutputStreamImpl.resetBuffer(ServletOutputStreamImpl.java:739) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.HttpServletResponseImpl.resetBuffer(HttpServletResponseImpl.java:550) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:169) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:299) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,726][XNIO-1 task-10] ERROR UnisonServletFilter - Could not process request
[openunison-orchestra-74f5ffbf54-vlqcj] org.apache.jasper.JasperException: JBWEB004038: An exception occurred processing JSP page /auth/forms/error.jsp at line 23
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj] 23
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj] 20: <html xmlns="http://www.w3.org/1999/xhtml">
[openunison-orchestra-74f5ffbf54-vlqcj] 21: 		<%
[openunison-orchestra-74f5ffbf54-vlqcj] 22:
[openunison-orchestra-74f5ffbf54-vlqcj] 23: 		RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
[openunison-orchestra-74f5ffbf54-vlqcj] 24: 		String authURL = "/auth/forms/";
[openunison-orchestra-74f5ffbf54-vlqcj] 25:
[openunison-orchestra-74f5ffbf54-vlqcj] 26: 		if (reqHolder != null) {
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj] Stacktrace:
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:578) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[jakarta.servlet-api-4.0.3.jar:4.0.3]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:227) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:379) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:290) [unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] Caused by: java.lang.NullPointerException
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jsp.auth.forms.error_jsp._jspService(error_jsp.java:139) ~[?:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[jakarta.servlet-api-4.0.3.jar:4.0.3]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	... 52 more
[openunison-orchestra-74f5ffbf54-vlqcj] [2020-11-27 19:24:50,729][XNIO-1 task-10] ERROR request - UT005023: Exception handling request to /api/v1/namespaces/vault/pods/vault-0/portforward
[openunison-orchestra-74f5ffbf54-vlqcj] org.apache.jasper.JasperException: JBWEB004038: An exception occurred processing JSP page /auth/forms/error.jsp at line 23
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj] 23
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj] 20: <html xmlns="http://www.w3.org/1999/xhtml">
[openunison-orchestra-74f5ffbf54-vlqcj] 21: 		<%
[openunison-orchestra-74f5ffbf54-vlqcj] 22:
[openunison-orchestra-74f5ffbf54-vlqcj] 23: 		RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
[openunison-orchestra-74f5ffbf54-vlqcj] 24: 		String authURL = "/auth/forms/";
[openunison-orchestra-74f5ffbf54-vlqcj] 25:
[openunison-orchestra-74f5ffbf54-vlqcj] 26: 		if (reqHolder != null) {
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj]
[openunison-orchestra-74f5ffbf54-vlqcj] Stacktrace:
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:578) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[jakarta.servlet-api-4.0.3.jar:4.0.3]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:227) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:299) ~[unison-server-core-1.0.20.jar:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.3.Final.jar:2.1.3.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar:3.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
[openunison-orchestra-74f5ffbf54-vlqcj] Caused by: java.lang.NullPointerException
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jsp.auth.forms.error_jsp._jspService(error_jsp.java:139) ~[?:?]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[jakarta.servlet-api-4.0.3.jar:4.0.3]
[openunison-orchestra-74f5ffbf54-vlqcj] 	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) ~[jastow-2.1.0.Final.jar:2.1.0.Final]
[openunison-orchestra-74f5ffbf54-vlqcj] 	... 50 more

Can't access Kubernetes Dashboard Chapter 7

I deployed the kubernetes dashboard and Openunison Operator by following the step by step process in Chapter 7 of the book. I can visit the openunison host but when I click on Kubernetes Dashboard I get this error.

I am not sure what the error is

deployment of oidc-login fails with error " java.lang.IllegalArgumentException: Last unit does not have enough valid bits "

Hi ,
I am trying to deploy the k8s-login with azuread as oidc.

my values.yaml is -

network:
  openunison_host: "k8sou.app.103-149-126-200.nip.io"
  dashboard_host: "k8sdb.app.103-149-126-200.nip.io"
  api_server_host: "api.103-149-126-200.nip.io:6443"
  session_inactivity_timeout_seconds: 900
  k8s_url: https://api.103-149-126-200.nip.io:6443
  createIngressCertificate: false
  ingress_type: nginx
  ingress_annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: "letsencrypt"

cert_template:
  ou: "Kubernetes"
  o: "MyOrg"
  l: "My Cluster"
  st: "State of Cluster"
  c: "MyCountry"

image: "docker.io/tremolosecurity/openunison-k8s-login-oidc:latest"
myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: kubernetes
enable_impersonation: false


dashboard:
  namespace: "kubernetes-dashboard"
  cert_name: "kubernetes-dashboard-certs"
  label: "k8s-app=kubernetes-dashboard"
  service_name: kubernetes-dashboard
certs:
  use_k8s_cm: false

    #trusted_certs:
    #- name: idp
    # pem_b64: SDFGSDFGHDFHSDFGSDGSDFGDS

monitoring:
  prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s

oidc:
  client_id: b1a6ade5-249exxxxx.xxxxxx.xxxxxx.xxxx
  auth_url: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  token_url: https://login.microsoftonline.com/common/oauth2/v2.0/token
  user_in_idtoken: false
  userinfo_url: https://graph.microsoft.com/oidc/userinfo
  domain: ""
  scopes: openid email profile groups
  claims:
    sub: sub
    email: email
    given_name: given_name
    family_name: family_name
    display_name: name
    groups: groups


impersonation:
  use_jetstack: false
  jetstack_oidc_proxy_image: quay.io/jetstack/kube-oidc-proxy:v0.3.0
  explicit_certificate_trust: true
  ca_secret_name: ou-tls-secret

network_policies:
  enabled: false
  ingress:
    enabled: true
    labels:
      app.kubernetes.io/name: ingress-nginx
  monitoring:
    enabled: true
    labels:
      app.kubernetes.io/name: monitoring
  apiserver:
    enabled: false
    labels:
      app.kubernetes.io/name: kube-system

services:
  enable_tokenrequest: false
  token_request_audience: api
  token_request_expiration_seconds: 600
  node_selectors: []
  pullSecret: ""

openunison:
  replicas: 1
  non_secret_data: {}
  secrets: []

after running helm nothing happens and operator pod displays log.

Operator pod log

nto_ks":"keypair"},{"create_data":{"server_name":"kubernetes-dashboard.kubernetes-dashboard.svc","subject_alternative_names":[],"secret_info":{"key_name":"dashboard.key","cert_name":"dashboard.crt","type_of_secret":"Opaque"},"ca_cert":true,"delete_pods_labels":["k8s-app=kubernetes-dashboard"],"sign_by_k8s_ca":false,"key_size":2048,"target_namespace":"kubernetes-dashboard"},"replace_if_exists":true,"name":"kubernetes-dashboard","tls_secret_name":"kubernetes-dashboard-certs","import_into_ks":"certificate"},{"create_data":{"server_name":"unison-saml2-rp-sig","subject_alternative_names":[],"ca_cert":true,"sign_by_k8s_ca":false,"key_size":2048},"name":"unison-saml2-rp-sig","import_into_ks":"keypair"}]}},"enable_activemq":false,"dest_secret":"orchestra","secret_data":["K8S_DB_SECRET","unisonKeystorePassword","OIDC_CLIENT_SECRET"]}}}
java.lang.IllegalArgumentException: Last unit does not have enough valid bits
        at java.util.Base64$Decoder.decode0(Base64.java:734)
        at java.util.Base64$Decoder.decode(Base64.java:526)
        at java.util.Base64$Decoder.decode(Base64.java:549)
        at com.tremolosecurity.kubernetes.artifacts.util.CertUtils.pem2certs(CertUtils.java:394)
        at com.tremolosecurity.kubernetes.artifacts.util.CertUtils.importCertificate(CertUtils.java:370)
        at jdk.nashorn.internal.scripts.Script$Recompilation$120$18882A$\^eval\_.generate_openunison_secret(<eval>:553)
        at jdk.nashorn.internal.scripts.Script$Recompilation$119$52A$\^eval\_.on_watch(<eval>:10)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:639)
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
        at jdk.nashorn.api.scripting.ScriptObjectMirror.callMember(ScriptObjectMirror.java:199)
        at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:386)
        at jdk.nashorn.api.scripting.NashornScriptEngine.invokeFunction(NashornScriptEngine.java:190)
        at com.tremolosecurity.kubernetes.artifacts.util.K8sWatcher.processEvent(K8sWatcher.java:331)
        at com.tremolosecurity.kubernetes.artifacts.util.K8sWatcher.watchUri(K8sWatcher.java:153)
        at com.tremolosecurity.kubernetes.artifacts.run.RunWatch.run(RunWatch.java:38)
        at java.lang.Thread.run(Thread.java:748)
{code=200, data={"apiVersion":"openunison.tremolo.io/v4","kind":"OpenUnison","metadata":{"annotations":{"meta.helm.sh/release-name":"orchestra","meta.helm.sh/release-namespace":"openunison"},"creationTimestamp":"2021-04-21T10:10:48Z","generation":1,"labels":{"app.kubernetes.io/managed-by":"Helm"},"managedFields":[{"apiVersion":"openunison.tremolo.io/v4","fieldsType":"FieldsV1","fieldsV1":{"f:status":{".":{},"f:conditions":{".":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"f:digest":{}}},"manager":"Apache-HttpClient","operation":"Update","time":"2021-04-21T10:10:48Z"},{"apiVersion":"openunison.tremolo.io/v4","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:meta.helm.sh/release-name":{},"f:meta.helm.sh/release-namespace":{}},"f:labels":{".":{},"f:app.kubernetes.io/managed-by":{}}},"f:spec":{".":{},"f:deployment_data":{".":{}

Is this a bug or i am wrong as per instructions.

Is it possible to add versions for new releases?

Hello folks!

Great project, thank you for your work 😄

We're currently evaluating it and so far quite happy with it, but one small item is a concern - it seems like any new release gets pushed to the latest tag and it's a bit difficult to track what is the current version and what was changed, we also need to have a predictable deployment and test changes in different pre-production environments before we can roll anything new.

Would it be possible to tag each release with a version tag?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.