Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11134

Amster: Remove the 'from' option in authorized_keys

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 14.0.0
    • Fix Version/s: 7.0.0
    • Component/s: Amster
    • Labels:
    • Support Ticket IDs:

      Description

      "Procedure 2.2. To Connect Locally With the Default Key Pair" should mention that the "from" parameter in the authorized_keys file may need to be edited, depending on network configuration.
      https://backstage.forgerock.com/docs/amster/5/user-guide/chap-user-getting-started#default-private-login

      Connecting locally with the default keypair, e.g.
      connect --private-key /home/fr/openam/amster_rsa http://am5.example.com:8080/openam

      Works fine as long as the connection takes place through the loopback interface since OpenAM creates an authorized_keys entry with "from="127.0.0.1/24,::1"

      If another interface is used, the "from" needs to be edited to take this into account, otherwise amster fails with:
      [code:401, reason:Unauthorized, message:Authentication Failed]

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                emma.rumsey Emma Rumsey
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                5 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: