I'm having problems logging in
During login, the Web Client uses OAuth 2.0 with the Authentication Server to receive an access token that is used to obtain user information and other information from the Handler. If you experience errors logging in, it could be due to either an error contacting the Handler, or invalid PAM credentials if you configured your Console to use PAM.
Error contacting the Handler
If you see an “Error contacting the handler” message, this means that the Web Client is unable to contact the Handler.
Check the status of the handler and the handler components logs to diagnose the problem.
Check that the web browser is able to connect to the host running the Handler. You could do this by using telnet to test connectivity to the port.
telnet handler-host 443 Trying handler-host ip address... Connected to handler-host. Escape character is '^]'. ^] telnet> ^C
Invalid PAM credentials
When the Authentication Server is setup to use PAM authentication, it validates the username and the password using the PAM method of the operating system on the host running the authentication server.
Verify PAM authentication configuration
Connect to the host on which you are running the Authentication Server.
Navigate to
/etc/dcv-access-console-auth-server/access-console-auth-server.properties
.Verify that
pam-service-name
is set tosystem-auth
for Red Hat based systems orcommon-auth
for Ubuntu/Debian.Restart the Authentication Server.
Gather more detailed information.
Connect to the host on which you are running the Authentication Server.
Navigate to
/etc/dcv-access-console-auth-server/access-console-auth-server.properties
.Enable
pam-normalize-userid-enabled
to true.Enable debug logs for the
com.amazon.dcv.sm.ui.handler.authorization
class.Restart the Authentication Server.
Note
Enabling “Debug” logging prints the access and refreshes tokens in the logs. It is recommended you change the verbosity back to “Info” after debugging.