ArgusWeb can't login

[numbnut]

Hi,
I want to launch the Argus platform without ldap support. I did this by adding

service.binding.auth=com.salesforce.dva.argus.service.auth.NoAuthService

to the argus.properties file. For the argus.properties I used the blueprint in the Getting Started Section for the integration tests. I hope that's ok. When I open the website a login prompt shows up.
Is this behavior correct? Which credentials do I have to enter?
If I enter some credentials and hit the submit button a toast message 'Login failed' shows up.
Confusing to me is that the only request which is sent after hitting the submit button is an OPTIONS request, which gets a response code of 200 and returns the verbs POST and OPTIONS.
I would expect a POST request, which should trigger a message like 'Login failed'.

Basically I have two questions.
How do I enable the NoAuthService and how can I check that it is working?
Is the login behavior described above as expected?

Thanks for your help!

[saaja-sfdc]

Hey @numbnut, Apologies for the delayed response, but we've just been a tad busy. Argus will always require a login via the /auth webservice endpoint. The default UI is wired to that endpoint. If you're accessing it through the web UI, you will always get a login form.

Now, you can effectively turn off authentication, by binding the NoAuthService implementation. You'll still get the login form, but you can type in any username and password. To enable the NoAuthService implementation use the following configuration:

In the main configuration file

service.binding.auth=com.salesforce.dva.argus.service.auth.NoAuthService
service.config.auth=<path/to/auth/service/specific/configuration/file>

In the auth specific configuration file add this property

If set to true, all users will get privileged access. If omitted, it defaults to 'false'

service.property.auth.noauthservice.privileged=false

A couple of things to consider:

1. If you are deploying over https, you should build Argus so that it requires secure cookies. You do that by setting the build.property.secure.cookies=true in argus-build.properties and rebuild.
2. If you're hosting the UI and web services on separate hosts, make sure your web service hosts allow cross site traffic. E.g. for Tomcat, make sure you have the CORS filter installed and configured to allow cross site POST, PUT, DELETE, GET, HEAD & OPTIONS.

http://stackoverflow.com/questions/16296145/set-cors-header-in-tomcat

[numbnut]

Hi @saaja-sfdc, thanks for your response. Just to let you know the context. I am only trying to setup a non production system. Security related topics are not relevant for me at the moment, but I will keep them in mind.
I adapted the configuration as you mentioned. According to the getting started documentation I did it in one configuration file and not as you mentioned a second one for the auth service. I hope that's ok.
The behavior of the application is still the same and I am still wondering why the frontend app only sends an Http Options query on pushing the Login button. The following image shows the behavior.

There is no Post request to the /auth endpoint, which I don't understand. Can you explain that?
Is there somewhere a documentation about the REST Api?

[aertoria]

@numbnut
From your screenshot basically there are some possibilities. You may want to rule out one by one. (I just ran through a similar issues)
1, Seeing ArgusUI login page doesn't mean ArgusWS is up. Go to http://localhost:8080/argusws/help
see if you are able to see a json return. If not, go check tomcat start logs, there might be a error there.
2. CROS is usually a cause. But it should showed up on your browser console.

[numbnut]

@aertoria thanks for your reply! I will check that on Monday, because I can't access my development environment at the moment.
I think 1. can be excluded since I checked that, but I will check it again. 2. is a good point. I excluded it because the REST service and the client app are both deployed on the same host, but they are listening on different ports. Maybe CORS is the problem. I will share the results of my further investigation.

[numbnut]

Thank you very much! It was the CORS problem. Now everything works as expected.