Rundeck API with LDAP Auth - 401 Authorization Required - api

I am attempting to connect to the Rundeck API using CURL but I am getting a 401 Unauthorized error:
curl --insecure --location --request GET 'https://rundeck.example.com' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: xyz'
401 Authorization Required
Authorization Required This server could not verify that
you are authorized to access the document requested. Either you
supplied the wrong credentials (e.g., bad password), or your browser
doesn't understand how to supply the credentials required.
Apache/2.2.15 (Oracle) Server at rundeck.example.com Port
80
If I try it using my username, it works.
curl --insecure --location -u 123456789 -p password --request GET 'https://rundeck.example.com' --header 'Accept: application/json' --header 'X-Rundeck-Auth-Token: xyz'
I created the auth token on Rundeck using my personal user that has admin privileges.
Please note that I have set up LDAP at web server level (httpd.conf) and control user access from there.

To access API you need to specify some action (for example: run a job, get metrics, etc.)
For example, get the instance metrics:
curl --location --request GET "http://yourhost:4440/api/34/metrics/metrics" --header "Accept: application/json" --header "X-Rundeck-Auth-Token: C8nVU5AhdzpQ8ucBeMG1ITFvSfaKCw6u"
Here you have a lot of examples.

Related

How do I perform this type of authentication in the postman

Good afternoon, everyone! Guys I'm going through a problem with basic authentication in Postman, I'll leave below details of what's going on. I need to send a Post so I can perform authentication and the server will return me a token bearer, but I'm taking a 400 error. I'll leave attached images of the Curl request and how I'm setting up in Postman.
Auth:
enter image description here
Body:
enter image description here
Reading the documentation I'm using I realized that I needed to perform a basic authentication using client_id and client_secret for me to be returned a token bearer, the same error is returned to me when I perform a request in curl. Could you help me with this mistake? Could you tell me where I'm going wrong?
Segue requisição curl:
curl -X 'POST' \
'https://portoapicloud-hml.portoseguro.com.br/oauth/v2/access-token' \
-H 'accept: application/json' \
-H 'Authorization: Basic NjZiNWJmMWI4MDE0NDExMWE1MGYwMWMyYmUxZjFiZDY6YzIwMGEwNzZlNmFkNDBkYThkYTkwODQ2YWI4OTI3MjU=' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "client_credentials"
}'

Auth0: Unauthorized - 401 error, when I connect to a guarded endpoint with a deployed API

I have created a GraphQL API with NestJS. Some endpoints are guarded by an access token. I use Auth0 to authenticate the user and get the access token.
I get the access token by running this command:
curl --request POST \
--url 'https://dev-9fo2g1ve.us.auth0.com/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=password \
--data username=test2#test.com \
--data password=123456789Test \
--data audience=MY_AUDIENCE \
--data scope=read:sample \
--data 'client_id=MY_CLIENT_ID' \
--data client_secret=MY_CLIENT_SECRET-
When I pass the bearer token's access_token value in the HTTP header, and call a guarded endpoint, it works fine when the API is running on localhost. However, when I deploy the API, it returns an Unauthorized 401 error.
Thanks for your help!

aws cognito get jwt token in single api call

How to get jwt token in single step(api call) from aws cognito oauth2/token endpoint passing username and password
curl --location --request POST 'https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic a......k' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=t34...nu'
--Authorization base64ecoded username:password
Response- "error": "invalid_client"
App client settings :
Allowed OAuth Flows : Authorization code grant, Implicit Grant
Allowed OAuth scope : email , openid
App clients : ALLOW_USER_PASSWORD_AUTH
I tried oauth2/authorize too but getting html page in response
There's no need to add the Authorization header. Instead, use the code you see in the URL. This worked for me.
curl --location --request POST 'https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_id=t34...nu'
--data-urlencode 'code=afa78ac6-..-b8dd-5b'
--data-urlencode 'redirect_uri=path'
The client credentials flow to the token endpoint is to receive an access token for machine to machine communication. It is not based on a given user so no user name and password is required.
See 'Exchanging Client Credentials for an Access Token'
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
To sign in with the oauth endpoints it is intended to do this via the HostedUI or an external IDP. However, you can do it pro-grammatically but will require a call to authorize and login endpoint.. You can see an example in python here:
https://github.com/starkshaw/aws-cognito-user-pool-custom-scope
This is a late answer, but following worked for me nicely with a client_credentials workflow.
curl --request POST \
--url 'https://XYZ.auth.us-west-2.amazoncognito.com/oauth2/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=7*******e \
--data client_secret=2*****5pjk9valn
Here is the response I got:
{"access_token":"eyJra*****eA","expires_in":3600,"token_type":"Bearer"}

user authentication in wso2 via curl

I need to authenticate admin user via curl command so I can pragmatically add,delete, modify users in wso2
I can call the api end points for user add/mod/delete no problem. But without being able to first authenticate to wso2 it is all for naught. When I send the curl command I get no response back, and nothing shows in the logs.
This is my basic curl command, right out of the books:
curl -X POST "https://xxxxxxx.com:9443/login/portal" -H "Content-Type: application/x-form-urlencoded" -d "username=uid&password=foo&grantType=password"
You can use SCIM APIs with basic authentication to manage users.
If you want to use OAuth2 tokens, you can get them like this.
curl -k -d "grant_type=password&username=<username>&password=<password>"
-u <Consumer_key>:<Consumer_secret>
-H "Content-Type: application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token
[1] https://docs.wso2.com/display/IS530/SCIM+1.1+APIs

How to change Host header request via APIMAN Policy

I have a question about how can I configure -H "Host: my.host.com" from gateway to my api.
I have the following logic:
I try to cover, for example, my-api.net via apiman-gateway.
For example, I can do the following direct call to my api like 'curl -X GET --header 'Accept: */*' -H "Host: www.google.com" 'http://my-api.net/accounts?accountNumber=12314123'.
Based on this call, my api will know, that my consumer is google for example. But once I try to make a call via apiman-gateway 'curl -X GET --header 'Accept: */*' -H "Host: www.google.com" 'http://apiman-gateway/GoogleOrganization/API/V1/accounts?accountNumber=12314123', the host is not possible to pass, and implementation of my api tells me that it does not know any host name like already deployed my-api.net. Probably someone can tell me how can I set up for example via policy, probably just to make a call from apiman-gateway to my api with the host parameters like above?