David Gillingham created QPID-8403:
--------------------------------------
Summary: Configuring HTTP port for External Authentication causes
Web Management Console to throw HTTP 403 errors
Key: QPID-8403
URL: https://issues.apache.org/jira/browse/QPID-8403
Project: Qpid
Issue Type: Bug
Components: Broker-J
Affects Versions: qpid-java-broker-7.1.7, qpid-java-broker-7.1.6,
qpid-java-broker-7.1.5, qpid-java-broker-7.1.4, qpid-java-broker-7.1.3,
qpid-java-broker-7.1.2, qpid-java-broker-7.1.1
Environment: QPID 7.1.0 (also verified on 7.1.7)
CentOS 7 with kernel 3.10.0-693.2.2.el7.x86_64
JVM: OpenJDK 11+28
Reporter: David Gillingham
Attachments: config.json
I am attempting to configure QPID Broker-J's Web Management Console to operate
via HTTPS using only certificates for authentication. I created the necessary
auth provider, trust store and key store and configured the HTTP port to use
only the SSL transport and to use the auth provider, trust store and key store.
When I attempt to connect to the web management console I am present with a web
page titled HTTP ERROR 403 and message that states "Problem accessing /.
Reason: Forbidden". This happens regardless if I attempt to connect using
Firefox or cURL.
However, the REST API will allow connections using this configuration. Running
the command "curl --cacert root.crt --cert guest.crt --key guest.key
https://localhost:8080/api/latest/queue"; correctly returns "[ ]".
Changing the HTTP port to use a "Plain" or "MD5" authentication provider allows
operation of both interfaces, but I'd rather not require user/password on top
of the certificate.
Attached is the config.json I used to replicate the problem on QPID Broker-J
7.1.7.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
