Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13215

Step Required for Amster Private Key Connections

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 6.0.0
    • Fix Version/s: None
    • Component/s: Amster
    • Labels:
    • Environment:
      Amster 6.0.0
      Openam 6.0.0
    • Support Ticket IDs:

      Description

      Bug description

      To use the https://backstage.forgerock.com/docs/amster/6/user-guide/#private-login you must edit the /path/to/openam/authorized_keys and  /path/to/openam/amster_rsa.pub
      to use your actual ip instead of localhost.127.0.0.0/24 

      Documentation could add a step to clarify this requirement.

      How to reproduce the issue

      To Recreate In a fresh AM 6.0

      1. Run Amster.sh
      2. try connect -k /data/openam/amster_rsa https://XXX/openam
      3. You will fail with a 401 error
      4. Edit the /path/to/openam/authorized_keys and  /path/to/openam/amster_rsa.pub to use your current IP such as:
        from="172.16.207.107,::1" ssh-rsa
      5. Now you can connect
      Expected behaviour
      Documenation list this as no steps required, They do say: "The private key must be available to the Amster client, and the AM instance must trust the client IP address and have the public key in its authorized_keys file." but could be clarified as a required step
      Current behaviour
      Key#cidrMatches: checking IPv4 address 172.16.207.107 is in range 127.0.0.0/24
      amLoginModule:06/14/2018 05:03:06:422 PM CDT: Thread[http-nio-8080-exec-11,5,main]: TransactionId[14c31976-9642-4f2d-9395-15564144faa9-7685529]
      SETTING Failure Module name.... :Amster{...}
      

      From Amster:

      Unexpected response from OpenAM 
      [code:401, reason:Unauthorized, message:Authentication Failed]

      Work around

      Edit the /path/to/openam/authorized_keys and  /path/to/openam/amster_rsa.pub to use your current IP

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                william.hepler William Hepler
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: