-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't login into UI #42
Comments
But, when i try create new account, user is created in freeipa |
Hi Mate! This happens due to the Host mismatch. When you are trying this tool on a staging server, please ensure For the production usage, host Mokey on the same server where the FreeIPA master is hosted. You can achieve it by writing the following lines in <Location "/mokey">
ProxyPass "http://127.0.0.1:8081/mokey"
</Location> To make the above config file usable, don't forget to ensure the following lines at port: 8081
bind: "127.0.0.1"
path_prefix: "/mokey"
develop: false |
I'm having the same issue as this. Mokey is running on the FreeIPA server, config file is the same as above for the httpd conf and the yaml file. Running in debug mode, new user is created absolutely fine but when an existing user attempts to log in they are redirected back to /mokey with no session created.
When running with develop as true and intercepting with Burp I can see that no session cookies are being created as I would have expected. Tested the /ipa/session/login_password api with the user and getting the 200 response so would have expected " setSessionID" to be called in ubccr/goIPA/ipa.go FreeIPA, version: 4.6.5 Is there anything you could advise as it looks perfect for our needs. Thanks |
I would not advise running mokey on the same server as FreeIPA. Can you try running on a different server and remove the |
Same issue on an Ubuntu 18.04 host that is registered with the domain with and without the path prefix. I moved it to the freeipa server based on the above comment but didn't help. httpd Logs: 172.16.1.4 - - [10/Jan/2020:10:37:51 +0000] "GET /mokey/static/css/styles.css?v=6 HTTP/1.1" 200 518
172.16.1.4 - - [10/Jan/2020:10:37:51 +0000] "GET /mokey/static/css/font-awesome.min.css?v=6 HTTP/1.1" 200 7053
172.16.1.4 - - [10/Jan/2020:10:37:52 +0000] "GET /mokey/static/js/bootstrap.min.js?v=6 HTTP/1.1" 200 9833
172.16.1.4 - - [10/Jan/2020:10:37:52 +0000] "GET /mokey/static/js/jquery.min.js?v=6 HTTP/1.1" 200 33369
172.16.1.4 - - [10/Jan/2020:10:37:52 +0000] "GET /mokey/static/css/bootstrap.min.css?v=6 HTTP/1.1" 200 19744
172.16.1.4 - - [10/Jan/2020:10:38:12 +0000] "GET /mokey/auth/login HTTP/1.1" 200 1124
172.16.1.4 - - [10/Jan/2020:10:38:18 +0000] "GET /mokey/auth/signup HTTP/1.1" 200 1591
172.16.1.4 - - [10/Jan/2020:10:38:18 +0000] "GET /mokey/auth/captcha/4dzjU28ju96R8KbfG8mq.png HTTP/1.1" 200 1352
172.16.3.4 - mokey/gatewayfreeipa.EXAMPLE.LOCAL@EXAMPLE.LOCAL [10/Jan/2020:10:38:49 +0000] "POST /ipa/json HTTP/1.1" 200 609
172.16.3.4 - - [10/Jan/2020:10:38:49 +0000] "POST /ipa/session/change_password HTTP/1.1" 200 125
172.16.1.4 - - [10/Jan/2020:10:38:49 +0000] "POST /mokey/auth/signup HTTP/1.1" 200 785
172.16.1.4 - - [10/Jan/2020:10:38:54 +0000] "GET /mokey/auth/login HTTP/1.1" 200 1124
172.16.3.4 - - [10/Jan/2020:10:39:04 +0000] "GET /ipa/session/cookie HTTP/1.1" 301 263 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.21.3.el7.x86_64"
172.16.3.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:39:04 +0000] "GET /ipa/session/cookie HTTP/1.1" 200 -
172.16.3.4 - - [10/Jan/2020:10:39:04 +0000] "POST /ipa/session/login_password HTTP/1.1" 200 -
172.16.3.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:39:04 +0000] "POST /ipa/session/json HTTP/1.1" 200 142
172.16.1.4 - - [10/Jan/2020:10:39:04 +0000] "POST /mokey/auth/login HTTP/1.1" 302 -
172.16.1.4 - - [10/Jan/2020:10:39:05 +0000] "GET /mokey HTTP/1.1" 302 -
172.16.1.4 - - [10/Jan/2020:10:39:05 +0000] "GET /mokey/auth/login HTTP/1.1" 200 1124
172.16.1.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:51:03 +0000] "POST /ipa/session/json HTTP/1.1" 200 297
172.16.1.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:51:03 +0000] "POST /ipa/session/json HTTP/1.1" 200 403
172.16.1.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:51:04 +0000] "POST /ipa/session/json HTTP/1.1" 200 1123
172.16.1.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:51:05 +0000] "POST /ipa/session/json HTTP/1.1" 200 349
172.16.1.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:51:05 +0000] "POST /ipa/session/json HTTP/1.1" 200 242
172.16.1.4 - - [10/Jan/2020:10:58:17 +0000] "GET /mokey/auth/login HTTP/1.1" 200 1124
172.16.3.4 - - [10/Jan/2020:10:58:26 +0000] "GET /ipa/session/cookie HTTP/1.1" 301 263 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.21.3.el7.x86_64"
172.16.3.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:58:26 +0000] "GET /ipa/session/cookie HTTP/1.1" 200 -
172.16.3.4 - - [10/Jan/2020:10:58:26 +0000] "POST /ipa/session/login_password HTTP/1.1" 200 -
172.16.3.4 - user@EXAMPLE.LOCAL [10/Jan/2020:10:58:26 +0000] "POST /ipa/session/json HTTP/1.1" 200 142
172.16.1.4 - - [10/Jan/2020:10:58:26 +0000] "POST /mokey/auth/login HTTP/1.1" 302 -
172.16.1.4 - - [10/Jan/2020:10:58:26 +0000] "GET /mokey HTTP/1.1" 302 -
172.16.1.4 - - [10/Jan/2020:10:58:27 +0000] "GET /mokey/auth/login HTTP/1.1" 200 1124 |
Here's a few more things to check. Can you verify the ipa server is set correctly in |
Server appears to be set correctly in the defaults, however server.go only seems to pick it up from the mokey.yaml using "log.Printf("IPA server: %s", viper.GetString("ipahost"))" /etc/ipa/default.conf
two 32bit keys have been set using:
develop: is set to true. As HTTPOnly attribute isn't being set I would expect to see them being created but none are when intercepting with burp. |
Requests and responses
The issue seems to be here, where the expected cookie isn't being set.
|
The issue is with the |
The |
Just downloaded and recompiled and works spot on now. Few issues with hydra sdk and urfav/cli changes but that's a problem for another day. Thanks for your help and your good work! |
"version": mokey-0.5.3-1.el7.x86_64 rpm
When i enter valid credential, nothing happend, page reloads and offers to enter the credential again.
In log:
in browser:
The text was updated successfully, but these errors were encountered: