Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

uaac curl works but uaa curl does not. #86

Open
jppitout opened this issue Apr 20, 2021 · 2 comments
Open

uaac curl works but uaa curl does not. #86

jppitout opened this issue Apr 20, 2021 · 2 comments

Comments

@jppitout
Copy link

jppitout commented Apr 20, 2021

Good day, I am trying to figure out the difference between the Ruby uaac and Go uaa when using curl to update OpsMan authentication settings.
Below env vars are used in both cases:

# Env Vars
ENV_NAME=sandbox
opsman_password=$(credhub get -n "/concourse/${ENV_NAME}/opsman_password" -q)
decryption_passphrase=$(credhub get -n "/concourse/${ENV_NAME}/opsman_decryption_passphrase" -q)
unlock_user_password=$(credhub get -n "/concourse/${ENV_NAME}/opsman_unlock_user_password" -q)
payload="{
  \"authentication\": {
    \"decryption_passphrase\": \"${decryption_passphrase}\",
    \"identity_provider\": \"internal\",
    \"admin_user_name\": \"admin\",
    \"admin_password\": \"${opsman_password}\",
    \"admin_password_confirmation\": \"${opsman_password}\"
  }
}"

This works (Ruby uaac):

uaac target https://pcf.${ENV_NAME}.westeurope.api.mtn.com/uaa
uaac token owner get opsman unlock_user -s '' -p "${unlock_user_password}"

uaac curl -X PUT -H "Content-type: application/json" https://pcf.${ENV_NAME}.westeurope.api.mtn.com/api/v0/settings/authentication -d "${payload}"

I get:

--snip--
200 OK
--snip--

and in the OpsMan access.log:

155.93.175.238 - opsman [20/Apr/2021:10:09:35 +0000] "POST /uaa/oauth/token HTTP/1.1" 200 2532 "-" "HTTPClient/1.0 (2.8.3, ruby 2.5.1 (2018-03-29))"
155.93.175.238 - - [20/Apr/2021:10:09:51 +0000] "PUT /api/v0/settings/authentication HTTP/1.1" 200 12 "-" "Ruby"

This does not work (Go uaac):

./uaa target https://pcf.${ENV_NAME}.westeurope.api.mtn.com/uaa
./uaa get-password-token opsman -s '' -u unlock_user -p "${unlock_user_password}"

./uaa curl -X PUT -H "Content-type: application/json" https://pcf.${ENV_NAME}.westeurope.api.mtn.com/api/v0/settings/authentication -d "${payload}"

I get:

--snip--
        <div class="alert alert-error">
            <p>Invalid login attempt, the request does not meet our security standards and may indicate that the action was not originated by you. Please try again.</p>
        </div>
--snip--

and in the OpsMan access.log:

155.93.175.238 - opsman [20/Apr/2021:09:55:09 +0000] "POST /uaa/oauth/token HTTP/1.1" 200 2516 "-" "Go-http-client/1.1"
155.93.175.238 - - [20/Apr/2021:09:57:41 +0000] "PUT /uaa/https:/pcf.sandbox.westeurope.api.mtn.com/api/v0/settings/authentication HTTP/1.1" 302 0 "-" "Go-http-client/1.1"
155.93.175.238 - - [20/Apr/2021:09:57:41 +0000] "GET /uaa/login?error=invalid_login_request HTTP/1.1" 200 49404 "https://pcf.sandbox.westeurope.api.mtn.com/uaa/https:/pcf.sandbox.westeurope.api.mtn.com/api/v0/settings/authentication" "Go-http-client/1.1"
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/177834374

The labels on this github issue will be updated when the story is started.

@jppitout
Copy link
Author

jppitout commented Apr 20, 2021

Additional info:

  • Ruby uaac version: UAA client 4.2.0
  • Go uaa version: 0.10.0 8626b94

The most obvious difference from the OpsMan access.log is:

#go 
155.93.175.238 - - [20/Apr/2021:10:43:28 +0000] "PUT /uaa/https:/pcf.sandbox.westeurope.api.mtn.com/api/v0/settings/authentication HTTP/1.1" 302 0 "-" "Go-http-client/1.1"
#ruby 
155.93.175.238 - - [20/Apr/2021:10:40:47 +0000] "PUT /api/v0/settings/authentication HTTP/1.1" 200 12 "-" "Ruby"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests

2 participants