[jira] [Commented] (QPID-8403) Configuring HTTP port for External Authentication causes Web Management Console to throw HTTP 403 errors

[Alex Rudyy (Jira)]

    [ 
https://issues.apache.org/jira/browse/QPID-8403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17021654#comment-17021654
 ] 

Alex Rudyy commented on QPID-8403:
----------------------------------

An interactive authenticator functionality is missing for certificate based 
authentication. I attached a patch with a quick implementation of such 
authenticator delegating  the authentication to preemptive authenticator 
implementation.

> Configuring HTTP port for External Authentication causes Web Management 
> Console to throw HTTP 403 errors 
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8403
>                 URL: https://issues.apache.org/jira/browse/QPID-8403
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-7.1.1, qpid-java-broker-7.1.2, 
> qpid-java-broker-7.1.3, qpid-java-broker-7.1.4, qpid-java-broker-7.1.5, 
> qpid-java-broker-7.1.6, qpid-java-broker-7.1.7
>         Environment: QPID 7.1.0 (also verified on 7.1.7)
> CentOS 7 with kernel 3.10.0-693.2.2.el7.x86_64
> JVM: OpenJDK 11+28
>            Reporter: David Gillingham
>            Priority: Major
>         Attachments: 
> 0001-QPID-8403-Broker-J-WMC-Add-interactive-authenticator.patch, config.json
>
>
> I am attempting to configure QPID Broker-J's Web Management Console to 
> operate via HTTPS using only certificates for authentication. I created the 
> necessary auth provider, trust store and key store and configured the HTTP 
> port to use only the SSL transport and to use the auth provider, trust store 
> and key store.
> When I attempt to connect to the web management console I am present with a 
> web page titled HTTP ERROR 403 and message that states "Problem accessing /. 
> Reason:    Forbidden". This happens regardless if I attempt to connect using 
> Firefox or cURL.
> However, the REST API will allow connections using this configuration. 
> Running the command "curl --cacert root.crt --cert guest.crt --key guest.key 
> https://localhost:8080/api/latest/queue"; correctly returns "[ ]".
> Changing the HTTP port to use a "Plain" or "MD5" authentication provider 
> allows operation of both interfaces, but I'd rather not require user/password 
> on top of the certificate.
> Attached is the config.json I used to replicate the problem on QPID Broker-J 
> 7.1.7.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org