This site is in read only mode. Please continue to browse, but replying, likes, and other actions are disabled for now.

⚠️ We've moved!

Hi there!

To reduce project dependency on 3rd party paid services the StackStorm TSC has decided to move the Q/A from this forum to Github Discussions. This will make user experience better integrated with the native Github flow, as well as the questions closer to the community where they can provide answers.

Use 🔗 Github Discussions to ask your questions.

How to enable the proxy authentication mode

Platform API
#1

I am trying to do the authentication by my company`s authenticiation server, therefore I set the st2.config file to make the authenticaition mode from standalone to the proxy mode.
However, when I used the api to get the token, I always received the error that claimed “Invalid or missing credentials”.

curl -X POST -k https://100.112.136.139/auth/v1/tokens -u ‘elk’ -H ‘Cache-Control: no-cache’ -H ‘Postman-Token: ee4b60a5-17a9-4f39-9838-e3015eef8f48’ -H ‘remote_addr: 10.145.209.47’ -H ‘remote_user: jimmy’ --insecure
Enter host password for user ‘elk’:
{
“faultstring”: “Invalid or missing credentials”
}

#2

The example you posted should work, but I believe we inadvertently introduced a regression which breaks this functionality when we moved to OpenAPI router for our API layer.

I will file and issue and look into a fix.

#3

Thank you for your confirmation, I believe it was because the remote_user was not passed to the handling function. It maybe helpful for your debug and troubleshooting.

#4

Correct - we don’t correctly read “remote_addr” and “remote_user” from the headers.

Fix is already in Fix "proxy" authentication mode by Kami · Pull Request #4224 · StackStorm/st2 · GitHub, but I still need to work on the tests.