Question about Central User Directory at mirror site

After I set up a mirror site, users always get the following message on home page:

Internal Server Error. There was an error processing your request, with the message of 'java.net.ConnectException: Connection refused'. It has been logged (ID e4d588b01a2112d1).Home Close

Dusan suggested that this may be related to CUD.

I have a few questions about CUD:

  1. What CUD is used for? Is there a document describe how it works?
  2. Since all login requestes go to icgc.org, do mirror sites need their own CUD servers?
  3. Is CUD server at icgc.orig a private server not accessible from Internet?
  4. If CUD is needed at mirror sites, how do we set up it at mirror site?
  5. If CUD is not needed at mirror site, which config we should change to it points to icgc.org CUD server?

Sorry for asking so many questions. Hopefully it will be useful for others in the future.

Thanks,

Brady

There is a document about security in ICGC DCC portal in portal source code https://github.com/icgc-dcc/dcc-portal/blob/develop/SECURITY.md.

Based on the document, it seems mirror site is required to configure a user with login id at icgc.org. And its IP need to be added at icgc.org for login. That is ok if mirror site has to access some private data in icgc.org.

What I don’t understand is why a visitor of mirror site gets this error message. The access to icgc.org should be handled in backend. Unless vistor click “login” button on the top of page, there is no reason for this error to happen in the context of an visitor. I think this is a bug in portal code.

When a user first hits the portal, a request is sent to the /verify endpoint. This in turn queries the CUD. If the backend cannot communicate with the CUD then the user will see this message. I believe the CUD integration can be disabled in application.yml with the following:

auth:
  enabled: false

Thanks for the config change suggested by Bob, the error banner on the top page is gone! The mirror site now looks much better.

However, this config change doesn’t solve the issue on data release page. On data release page, it seems the API call “/download/info” requires authentication. If the authentication is unsuccessful or disabled, the page will be stuck in “Loading”. It seems to me the authentication happens too early. Authentication should only be required for downloading data.