rd fails to authenticate using password when server URL is modified and a non-default api version is used #465
Labels
Comments
|
Confirmed. Against Rundeck behind SSL proxy server. USER/PASSWORD authentication:
TOKEN authentication (it works):
|
gschueler
added a commit
that referenced
this issue
Oct 9, 2023
gschueler
added a commit
that referenced
this issue
Oct 9, 2023
fix #465: user+pass auth url incorrect if API version specified in URL
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The installation is Rundeck 4.3.0-20220602 and RD cli 2.0.0 on Ubuntu 18.04 LTS. Without any customization, rd cli tool works if RD_URL points to http://localhost:4440/api/41 to get job forecast information. Web UI works as expected too.
However, after a customization to the server URL for sitting behind an https reverse proxy, this approach stopped working.
The highlight of the customization includes:
grails.serverURL=https://servername/rundeck framework.server.url = https://servername/rundeckBy putting an Apache web server in the front, users can access the server with https://servername/rundeck. This part works as expected.
But, rd does not seem to like it. With RD_URL=https://servername/rundeck/api/41, it complains:
$ rd projects list -v java.lang.IllegalStateException: Password Authentication failed, expected a successful response. at org.rundeck.client.util.FormAuthInterceptor.authenticate(FormAuthInterceptor.java:82) at org.rundeck.client.util.FormAuthInterceptor.intercept(FormAuthInterceptor.java:59) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at retrofit2.OkHttpCall.execute(OkHttpCall.java:204) at org.rundeck.client.util.Client.checkErrorDowngradable(Client.java:166) at org.rundeck.client.util.Client.apiCallDowngradable(Client.java:606) at org.rundeck.client.tool.commands.RdToolImpl.apiCallDowngradable(RdToolImpl.java:107) at org.rundeck.client.tool.commands.RdToolImpl.apiCall(RdToolImpl.java:78) at org.rundeck.client.tool.extension.BaseCommand.apiCall(BaseCommand.java:24) at org.rundeck.client.tool.commands.Projects.list(Projects.java:58) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at picocli.CommandLine.executeUserObject(CommandLine.java:1972) at picocli.CommandLine.access$1300(CommandLine.java:145) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) at picocli.CommandLine.execute(CommandLine.java:2078) at org.rundeck.client.tool.Main.main(Main.java:154)Apache is configured as:
ProxyPass /rundeck http://localhost:4440/rundeck ProxyPassReverse /rundeck http://localhost:4440/rundeckApache log shows a 403 error
"POST /rundeck/api/41/j_security_check HTTP/1.1" 403 534 "-" "rd-cli-tool/2.0.0 (rundeck-cli/2.0.0)"Rundeck log shows:
ERROR interceptors.AuthorizationInterceptor - (unauthenticated) UNAUTHORIZED for api/invalid
It works if use RD_TOKEN instead of RD_USERNAME/RD_PASSWORD.
Other details in https://groups.google.com/g/rundeck-discuss/c/T56Ccghczjk/m/-ScroauADAAJ?utm_medium=email&utm_source=footer
The text was updated successfully, but these errors were encountered: