New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to get basic auth accepted (Credential) pop-up when connecting to the ui #192

Closed
royremi opened this Issue May 12, 2016 · 9 comments

Comments

Projects
None yet
3 participants
@royremi

royremi commented May 12, 2016

Latest Snapshot version with brixton.release

I have 1 of my spring boot apps that is secure with basic auth. When I enter my credential it's never accept it. I tried to rollback to 1.3.2 and that is working.

I'm working with Eureka Brixton.Release too.

If you think it's absolutly not on your side I will dig more.

Thanks

@joshiste

This comment has been minimized.

Member

joshiste commented May 12, 2016

With Spring Cloud Brixton sensitive headers (like authorization, cookie, set-cookie) are by default not passed along to the downstream server.
Please update to the latest Spring Boot Admin snapshot. With this version you can disable the filtering of the authorization header by setting zuul.sensitiveHeaders= in your application.properties.

For more information on this topic:
http://cloud.spring.io/spring-cloud-static/spring-cloud.html#_cookies_and_sensitive_headers

@joshiste joshiste closed this May 12, 2016

@royremi

This comment has been minimized.

royremi commented May 13, 2016

Sorry Johanne, i may be slow but i'm not sure to understand.

I tried to put
zuul:
sensitive-headers: Authorization
or
zuul:
sensitive-headers:

in my project that admin-server is running but it's not doing anything more. Still not let me login to my service, What I'm missing?

Thanks for the help

@joshiste

This comment has been minimized.

Member

joshiste commented May 13, 2016

Did you fetch the latest snapshot? (mvn clean install -U)

setting this in my application.yml works for me.

zuul:
   sensitiveHeaders:

So no header is filtered.

If you specify Authorization it won't work, cause it will get filtered.

@royremi

This comment has been minimized.

royremi commented May 13, 2016

I run from the command line instead of intellij and it works! Sorry for that!

@StephenGoodall

This comment has been minimized.

StephenGoodall commented Jun 6, 2016

Hi @joshiste,
When using security for the clients, do they have to use the same username/password as the spring boot admin security?

I've been trying to get the user/passwords to pass from spring boot and the only way I've gotten it to work is by setting:

zuul.sensitiveHeaders=

in application.properties and by setting the security.user.name and security.user.password the same for my client application and the spring boot admin application.
If i use different credentials thent he box just keeps popping up until i click cancel, where it gets a 401 response.

Is there a way to have the username and password on a "per client" basis? Would it be possible to add some properties like:

spring.boot.admin.client.username
spring.boot.admin.client.password

Which spring boot admin could then use to create an Authorization header when sending the request to the client endpoint?

@joshiste

This comment has been minimized.

Member

joshiste commented Jun 6, 2016

When using security for the clients, do they have to use the same username/password as the spring boot admin security?

When using basic auth, yes. Here are some samples using a different approach: https://github.com/joshiste/spring-boot-admin-samples

Is there a way to have the username and password on a "per client" basis?

There isn't. Currently credentials aren't submitted to the admin server when registering. At the moment I refuse to have the credentials inside the admin server, cause the need extra protection.

@StephenGoodall

This comment has been minimized.

StephenGoodall commented Jun 7, 2016

Thanks for the reply @joshiste I'm going to spend some time today having a look at the possibility of adding an "in memory" ADMIN user for each application, that could read the spring.boot.admin.user and password properties from the application.properties file.

I'll let you know if I make any progress :)

@ghost

This comment has been minimized.

ghost commented Jan 27, 2017

Your example doesn't work for me.

  1. The property spring.boot.admin.auth.* doesn't exist in the class AdminServerProperties
  2. When I type in the credentials into the HTTP basis auth prompt, just one single request is forwarded to the client app including an Authorization header. But the admin server app replies with a HTTP code 401 and the HTTP basic auth is prompted again immediately.
@StephenGoodall

This comment has been minimized.

StephenGoodall commented Jan 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment