How to enable the proxy authentication mode

howto

(Jimmy0628) #1

I am trying to do the authentication by my company`s authenticiation server, therefore I set the st2.config file to make the authenticaition mode from standalone to the proxy mode.
However, when I used the api to get the token, I always received the error that claimed “Invalid or missing credentials”.

curl -X POST -k https://100.112.136.139/auth/v1/tokens -u ‘elk’ -H ‘Cache-Control: no-cache’ -H ‘Postman-Token: ee4b60a5-17a9-4f39-9838-e3015eef8f48’ -H ‘remote_addr: 10.145.209.47’ -H ‘remote_user: jimmy’ --insecure
Enter host password for user ‘elk’:
{
“faultstring”: “Invalid or missing credentials”
}


(Tomaz Muraus) #2

The example you posted should work, but I believe we inadvertently introduced a regression which breaks this functionality when we moved to OpenAPI router for our API layer.

I will file and issue and look into a fix.


(Jimmy0628) #3

Thank you for your confirmation, I believe it was because the remote_user was not passed to the handling function. It maybe helpful for your debug and troubleshooting.


(Tomaz Muraus) #4

Correct - we don’t correctly read “remote_addr” and “remote_user” from the headers.

Fix is already in Fix "proxy" authentication mode by Kami · Pull Request #4224 · StackStorm/st2 · GitHub, but I still need to work on the tests.