From 84298201ae6ff300a08bc2202e4d9e5009e587f3 Mon Sep 17 00:00:00 2001 From: Michal Konecny Date: Fri, 28 Mar 2025 14:41:12 +0100 Subject: [PATCH] Add troubleshooting guide for authentication issues This guide is certainly incomplete, but it could serve as starting point for discussion. --- modules/sysadmin_guide/pages/ipsilon.adoc | 31 +++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/modules/sysadmin_guide/pages/ipsilon.adoc b/modules/sysadmin_guide/pages/ipsilon.adoc index d32ddbd..56042e2 100644 --- a/modules/sysadmin_guide/pages/ipsilon.adoc +++ b/modules/sysadmin_guide/pages/ipsilon.adoc @@ -11,6 +11,7 @@ ** <<_openid_connect_scope_registration>> ** <<_generate_an_openid_connect_token>> ** <<_create_openid_connect_secrets_for_apps>> +* <<_troubleshooting>> == Contact Information @@ -213,3 +214,33 @@ variable name to the person who requested it. Finally, commit and push the changes to both files and run the `ipsilon.yml` playbook. + +== Troubleshooting + +Here is a guide one can follow when trying to troubleshoot authentication +issues within Fedora Infrastructure for users. + +. SSH to ipsilon machine ++ +---- +ssh ipsilon01 +---- ++ +. Find the entry in logs ++ +The logs are located in `/var/log/httpd/error_log`. You can find the entry either by +looking at the timestamps or looking for the `ipsilon_transaction_id`. ++ +If you don't see the error in the ipsilon logs you can continue to next step. ++ +. SSH to IPA machine (usually ipa01) ++ +---- +ssh ipa01 +---- ++ +. Look into the logs ++ +On ipa machine the logs could be found in `/var/log/httpd/error_log`, but it's hard to map +the ipsilon transaction to exact entry in the logs, so you can either map them together by time +or just looking for any error that seems related.