Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Duplicate
-
Affects Version/s: 6.0.0
-
Fix Version/s: None
-
Component/s: Amster
-
Labels:
-
Environment:Amster 6.0.0
Openam 6.0.0
-
Rank:1|hzw4uf:
-
Support Ticket IDs:
Description
Bug description
To use the https://backstage.forgerock.com/docs/amster/6/user-guide/#private-login you must edit the /path/to/openam/authorized_keys and /path/to/openam/amster_rsa.pub
to use your actual ip instead of localhost.127.0.0.0/24
Documentation could add a step to clarify this requirement.
How to reproduce the issue
To Recreate In a fresh AM 6.0
- Run Amster.sh
- try connect -k /data/openam/amster_rsa https://XXX/openam
- You will fail with a 401 error
- Edit the /path/to/openam/authorized_keys and /path/to/openam/amster_rsa.pub to use your current IP such as:
from="172.16.207.107,::1" ssh-rsa - Now you can connect
Expected behaviour
Documenation list this as no steps required, They do say: "The private key must be available to the Amster client, and the AM instance must trust the client IP address and have the public key in its authorized_keys file." but could be clarified as a required step
Current behaviour
Key#cidrMatches: checking IPv4 address 172.16.207.107 is in range 127.0.0.0/24
amLoginModule:06/14/2018 05:03:06:422 PM CDT: Thread[http-nio-8080-exec-11,5,main]: TransactionId[14c31976-9642-4f2d-9395-15564144faa9-7685529]
SETTING Failure Module name.... :Amster{...}
From Amster:
Unexpected response from OpenAM
[code:401, reason:Unauthorized, message:Authentication Failed]
Work around
Edit the /path/to/openam/authorized_keys and /path/to/openam/amster_rsa.pub to use your current IP
Attachments
Issue Links
- duplicates
-
OPENAM-11134 Amster: Remove the 'from' option in authorized_keys
-
- Resolved
-