[OPENAM-11134] Amster: Remove the 'from' option in authorized_keys - ForgeRock JIRA

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 14.0.0
Fix Version/s: 7.0.0
Component/s: Amster
Labels:
- AME
- MAXWELL

Rank:
1|hzu06f:

Sprint:
AM 2019.10 - Cast Iron
Epic Link:
AMster (Phase III)

Support Ticket IDs:

Description

"Procedure 2.2. To Connect Locally With the Default Key Pair" should mention that the "from" parameter in the authorized_keys file may need to be edited, depending on network configuration.
https://backstage.forgerock.com/docs/amster/5/user-guide/chap-user-getting-started#default-private-login

Connecting locally with the default keypair, e.g.
connect --private-key /home/fr/openam/amster_rsa http://am5.example.com:8080/openam

Works fine as long as the connection takes place through the loopback interface since OpenAM creates an authorized_keys entry with "from="127.0.0.1/24,::1"

If another interface is used, the "from" needs to be edited to take this into account, otherwise amster fails with:
[code:401, reason:Unauthorized, message:Authentication Failed]

Attachments

Issue Links

is duplicated by

OPENAM-13215 Step Required for Amster Private Key Connections

Closed

relates to

OPENAM-11881 Document from issue in Amster 5.5

Resolved

Activity

People

Assignee:

Emma Rumsey

Reporter:

Andrew Dunn [X] (Inactive)

Votes:

5 Vote for this issue

Watchers:

9 Start watching this issue

Dates

Created:

09/May/17 11:21 AM

Updated:

06/Dec/19 12:20 AM

Resolved:

31/Jul/19 1:50 PM