Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[portal] Impossible to login when login form is hidden and no idp define #2007

Closed
db3net opened this issue Mar 5, 2019 · 9 comments

Comments

@db3net
Copy link

commented Mar 5, 2019

Expected Behavior

Expecting the admin UI portal to present either a login pane (or be 100% authenticated when setting http auth to none). Image attached.

Current Behavior

The login pane is blank (no username / password fields) and looking at the development inspector for the page, it's showing that management/user is unable to load.

[Error] Failed to load resource: the server responded with a status of 401 (Unauthorized) (user, line 0)
http://fqdn_to_server:8083/management/user

Solution

Not sure how to get around this.

Steps to Reproduce (for bugs)

  1. Follow the instructions for installing entire platform - gateway, mgmt-api, ui on a remote server (not local...not a docker container)
  2. Set the baseURL in constants.json to the fully-qualified domain name
  3. Run all 3 services per instructions (after successfully getting Mongo and Elasticsearch running)
  4. Browse to the url:port
  5. Click "Login" & view inspector to see error

Context

We're evaluating various API Gateways and this looks promising with it's admin UI.

Your Environment

CentOS7
openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)

#Elastic Search Config
http.port: 9200
network.host: 0

alt text

@brasseld

This comment has been minimized.

Copy link
Member

commented Mar 6, 2019

The only way to get an empty login form is by configuring "authentication" from settings:

capture d ecran 2019-03-06 a 07 22 32

Show login form must be checked.

I suppose you've done something here...

@brasseld brasseld self-assigned this Mar 6, 2019

@brasseld brasseld changed the title Management Portal UI web-inspector showing 401 Unauthorized for management/user [portal] Management Portal UI web-inspector showing 401 Unauthorized for management/user Mar 6, 2019

@aelamrani

This comment has been minimized.

Copy link
Member

commented Mar 6, 2019

We keep this issue opened to make impossible to be in this state

@aelamrani aelamrani added this to the APIM - 1.24.0 milestone Mar 6, 2019

@db3net

This comment has been minimized.

Copy link
Author

commented Mar 6, 2019

@brasseld, where is this screen you've attached? This appears nowhere in the portal - I assume one needs to be authenticated to see this? Sorry if I'm being dense...is the equivalent setting available via config file or at the very least, a CURL Post into the management-api to deactivate authentication and put it into some sort of temporarily wide-open state?

@brasseld

This comment has been minimized.

Copy link
Member

commented Mar 7, 2019

@db3net don't know which version of gravitee you're running but this screen is available since 1.21.x and is accessible from Settings > Authentication

Yes it is equivalent to the old config file for oauth2 security provider but now you can manage them from UI / API and you can add as many oauth provider as you need.

@db3net

This comment has been minimized.

Copy link
Author

commented Mar 12, 2019

Maybe I'm misunderstanding something, but what screen contains 'Settings > Authentication' ? I'm not seeing this anywhere. Do I need to start in Dev mode? Do I need to bootstrap an app? My config is set to auto create first app but no joy. I might start from scratch and do a better documenting the steps I'm taking to launch it. I followed the instructions for install each of the apps.

@brasseld

This comment has been minimized.

Copy link
Member

commented Mar 12, 2019

Here are some screenshots, hope it helps!

Capture d’écran 2019-03-12 à 18 04 30

Capture d’écran 2019-03-12 à 18 04 39

Capture d’écran 2019-03-12 à 18 04 45

@db3net

This comment has been minimized.

Copy link
Author

commented Mar 13, 2019

Did you miss the point that I can't log in because I'm missing username and password fields? If you click "Sign Out" then pretend you don't have username and password fields to log back in, you'll be in the state I'm in.

@brasseld

This comment has been minimized.

Copy link
Member

commented Mar 13, 2019

Yes, I've missed it.... too much issues and comments...

You didn't have any login form because you configure settings to not "Show login form" in the past.

Now, the workaround to escape from this is to update MongoDB to enable again the "Show login form" flag.

@brasseld brasseld modified the milestones: APIM - 1.24.0, APIM - 1.25.0 Mar 16, 2019

@brasseld

This comment has been minimized.

Copy link
Member

commented Mar 28, 2019

Hi @db3net

Any news here?

@brasseld brasseld modified the milestones: APIM - 1.25.0, APIM - 1.26.0 Apr 18, 2019

@aelamrani aelamrani changed the title [portal] Management Portal UI web-inspector showing 401 Unauthorized for management/user [portal] Impossible to login when login form is hidden and no idp define Apr 18, 2019

phiz71 added a commit to gravitee-io/gravitee-management-webui that referenced this issue May 14, 2019

fix(): login form is now displayed when no provider is configured, ev…
…ent is the LocalLogin parameter is set to false in the configuration.

Moreover, it is now impossible to uncheck LocalLogin parameter when no identity provider has been configured.

Fix gravitee-io/issues#2007

NicolasGeraud added a commit to gravitee-io/gravitee-management-webui that referenced this issue May 20, 2019

fix(): login form is now displayed when no provider is configured, ev…
…ent is the LocalLogin parameter is set to false in the configuration.

Moreover, it is now impossible to uncheck LocalLogin parameter when no identity provider has been configured.

Fix gravitee-io/issues#2007
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.