Im tring to access ODL, but I got this error
** I've installed all the features**
Error message
Code
can you do:
curl -u admin:admin http://$ODL_IP:8181/restconf/streams
that is user admin, password admin (the default). The screen shot you
posted is just an unauthorized so I can guess that you didn't give the
right credentials when you were asked. Doing the curl above will verify
if that part is working or not.
Related
I am having some issue with having Keycloak 20.0.2 working for my web application.
I have my keycloak URL accessible at:
https://example.com/white-graduation/keycloak/auth
This is designed for backend application to work with keycloak. It fundamentally usse haproxy as a reverse proxy to connect the https address to my internal keycloak.
So far, all frontend login has been working, without any issue. I can also have access to the keycloak control console UI.
The internal keycloak address is at:
http://loginservice:8080/white-graudation/keycloak/auth
This is designed for backend application to work with keycloak.
However, the backend login is facing a 401 issue.
By experimenting with different curl call in the container that's running the backend, I found that:
curl -I -X GET https://example.com/white-graduation/keycloak/auth/realms/shirasaki-academy/protocol/openid-connect/userinfo -H "Authorization: Bearer Example-Bearer-Token"
This API call gives 200, but
curl -I -X GET https://loginservice:8080/white-graduation/keycloak/auth/realms/shirasaki-academy/protocol/openid-connect/userinfo -H "Authorization: Bearer Example-Bearer-Token"
This gives 401. i.e. back-channel didn't work.
I did an expansion of Example-Bearer-Token, it does show that the iss is indeed only https://example.com/white-graduation/keycloak/auth/realms/shirasaki-academy, because the backend still uses frontend to login. But it should still work.
My Keycloak 20.0.2's setting:
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=whatever
KC_HTTP_RELATIVE_PATH=/white-graduation/keycloak/auth
KC_HOSTNAME_ADMIN_URL=https://example.com/white-graduation/keycloak/auth
KC_HOSTNAME_STRICT=false
KC_HTTP_ENABLED=true
KC_HTTP_PORT=8080
KC_HOSTNAME_STRICT_HTTPS=false
KC_PROXY=edge
The Keycloak 20.0.2's Quarkus is run through:
/opt/keycloak/bin/kc.sh start-dev --import-realm --log-level=org.keycloak.events:debug --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
Note that I did not set KC_HOSTNAME_STRICT_BACKCHANNEL but this is by default already false, which under such case should allow back-channel connection to work.
Note that this isn't the recommended setting for production environment. But this isn't a production environment after all.
Problem solved by setting:
KC_HOSTNAME_URL=https://example.com/white-graduation/keycloak/auth
which means, KC_HOSTNAME_URL == KC_HOSTNAME_ADMIN_URL
After such, the internal API point starts working.
Not really sure why...but at least this solves my problem.
I created a public repository within my personal account, created a PAT w/ the workflow permissions checked, but am unable to disable the workflow via the API as I receive a message stating that I must have admin rights to the repository. I believe the PAT has the correct permissions so I’m unsure as to why this isn’t working.
Here is the command I am attempting to use (based on the documentation):
curl -s christronyxyocum:MY-PAT -X PUT -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/MY-USERNAME/MY-REPO/actions/workflows/workflow.yml/disable
I can retrieve information about the workflow without any issues so I believe that I have the correct URL and formatting, etc. I have even tried creating a new PAT with the same permissions and that one experiences the same error.
I have figured this out. Rather than using the username:token format like they show repeatedly in their documentation, you must use the -H "Authorization: bearer TOKEN" header with the curl command.
When i try to connect to my Api with basic authentification on my Jenkinsfile after successfully running my container: (toto is the username/python is the password)
curl -u toto:python -X GET http://0.0.0.0:8080/pozos/api/v1.0/get_student_ages
i received this error in my console Output on my Jenkins server:
Error 401 Invalid password/token for user: toto
HTTP ERROR 401
Problem accessing /pozos/api/v1.0/get_student_ages. Reason:
Invalid password/token for user: toto
Jenkins successfully builds my dockerfile and runs my container on the port 8080,i don't understand why it doesn't work...everything works normally when i don't use Jenkins,
Thanks so much for your help
I think the password will not work. You will need to create an API Token for the user. And then use that token as the password in the call.
So your call will be changed to
curl -u toto:<token> -X GET http://0.0.0.0:8080/pozos/api/v1.0/get_student_ages
Here is the link on how to generate and use the token
https://wiki.jenkins.io/display/JENKINS/Authenticating+scripted+clients
The API token is available in your personal configuration page. Click your name on the top right corner on every page, then click
"Configure" to see your API token. (The URL $root/me/configure is a
good shortcut.) You can also change your API token from here.
I have a jenkins server using the Github OAuth plugin and authorized in the "Authorized applications" section of github, it works fine from my browser, i can access to the jenkins server as long as i'm authenticated with github.
Is there a way to access to the jenkins server api using oauth credentials/token from CURL or a ruby client?
I've generated a token in https://github.com/settings/applications -> Personal access tokens -> Generate new token (there is no option to scope it to a third party application)
that token works fine to access github :
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://api.github.com/user
however, that token is not valid for jenkins-server:
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://jenkins-server/user/restebanez/api/json/\?pretty\=true
It generates this error:
<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
```
the jenkins server has installed GitHub API Plugin 1.58 and Github Authentication plugin 0.19
I'm probably missing some fundamentals of oauth b/c i have googled this for a while and i haven't found anything
I'm not sure if you ever got to the bottom of this, but after trying several routes I finally got a scripted build using Github OAuth on Jenkins. The trick is that the API token is not one for GitHub but rather one from Jenkins.
For my setup I have a machine user on github, I logged in normally via the web with that user, then clicked on the username in the upper right corner. From there I clicked "Configure" on the left-hand menu, and finally "Show API Token" in the main content area.
Once I had that I could run:
curl --user <username>:<api_token> https://jenkins-server/user/<username>/api/json/?pretty=true
More information.
You should just use a Jenkins API token. This is configurable per user. See $JENKINS_URL/me
This will allow your scripted client to access Jenkins regardless of whatever authentication strategy is being used.
You should use "Basic" rather than "token"
For example:
curl -H "Authorization: Basic cfbcff42e6a8a52a1076dd9fcxx"
https://jenkins-server/user/restebanez/api/json
This worked for me (using getting commit statuses as an example):
url=https://api.github.com/repos/myowner/myrepo/commits/f40ddce88593482919761f74910f42f4b84c004b/statuses
curl -X GET -u :${GITHUB_TOKEN} ${url}
I am trying to get access_token using the instructions here developers.google.com/accounts/docs/OAuth2InstalledApp (which I have followed very diligently) but keep hitting the redirect_uri_mismatch error. What am I doing wrong?
First I create a installed app/other using the console (
Client ID for native application
Client ID ...
Client secret ...
Redirect URIs
urn:ietf:wg:oauth:2.0:oob
local host url
Got the authorization code successfully using the browser using
https://
accounts.google.com/o/oauth2/auth?client_id=818722811109-8ak0a1l3ooqqt3bd97bktr33ghenlptk.apps.googleusercontent.com&redirect_uri=http://:51551/Callback&response_type=code&scope=https://www.googleapis.com/auth/adexchange.seller.readonly&access_type=offline
curl -d "code=...&client_id=...&client_secret=...&grant_type=authorization_code&redirect_uri=urn:ietf:wg:oauth:2.0:oob" -X POST https://
accounts.google.com/o/oauth2/token
gives me error "redirect_uri_mismatch"
I'm at a loss what I am doing wrong. I use the redirect_uri from the console which is for the non-domain one, but can't get past this error.
Any pointers would be appreciated.
Thanks.
http://:51551/Callback is not a valid redirect_uri, so the link you mentioned can not get authorization code. So I doubt that the authorization code you get in this way.
Use this one:
https://accounts.google.com/o/oauth2/auth?client_id=818722811109-8ak0a1l3ooqqt3bd97bktr33ghenlptk.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/adexchange.seller.readonly&access_type=offline
Sorry the problem is not in code. stackoverflow does not allow localhost in urls, hence I had to delete that domain to get the post to go through. The code works fine after clicking the accept button I do see the code= in the redirect url in localhost.
The problem is in the curl POST.