Arvados

Steps to reproduce:¶

• Install Arvados on CentOS 7.4 according to the manual
• Install Ruby using RVM
• Use Certbot/Nginx SSL certificates
• Install SSO, API and Workbench on the same machine
• Configure SSO to use local account authentication, allow_account_registration: true
• Try to log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client.
• After signing as a new user Arvados redirects you to https://zzzzz.example.com/auth/joshid/callback?return_to=https%3A%2F%2Fworkbench.zzzzz.example.com%2Fusers%2Fwelcome%3Freturn_to%3D%252F&code=94c021207e6821d8cbbeb1e422577492&response_type=code&state=04dde8d6a5c16776d3ef57a10ba5386724fafae9e9ce98e4 displaying "We're sorry, but something went wrong."
• Add a trusted client and an admin user using Rails console
• Trying to login into Workbench causes the same error as above
• /var/www/arvados-api/current/log/production.log contains the following error:

{"method":"GET","path":"/login","format":"html","controller":"UserSessionsController","action":"login","status":302,"duration":0.67,"view":0.0,"db":0.0,"location":"https://zzzzz.example.com/auth/joshid?return_to=https%3A%2F%2Fworkbench.zzzz.example.com%2Fusers%2Fwelcome%3Freturn_to%3D%252F&","request_id":"req-4wfvptymqeuae07hxm7p","client_ipaddr":"xxx.xxx.xxx.xxx","client_auth":null,"params":{"return_to":"https://workbench.zzzzz.example.com/users/welcome?return_to=%2F"},"@timestamp":"2018-04-12T08:36:08.305897708Z","@version":"1","message":"[302] GET /login (UserSessionsController#login)"}

Faraday::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed):
app/middlewares/arvados_api_token.rb:63:in 'call'

• Debugging arvados_api_token.rb shows that all the supplied session token candidates = nil