Rundeck returns a HTTP 500 when trying Password Authentication on the API

157 views
Skip to first unread message

Tulio Campos

unread,
Jun 21, 2022, 8:47:02 AM6/21/22
to rundeck-discuss
Following this tutorial:

https://docs.rundeck.com/docs/api/rundeck-api.html#password-authentication

I've had success using Python Requests and POSTMAN (form-data body) but when I try with axios (on JS, not on nodeJS) I get the following erros:
First, no actual response and then a GET to 
https://<rundeck_server>:<my_https_port>/
which returns a HTTP 500 saying
"error: "A server error occurred".

Checking /var/log/service.log I see:
 Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: XXXXXXXXXXX
[2022-06-21T09:12:04,117] DEBUG jaas.JettyCachingLdapLoginModule - Found user?: true
[2022-06-21T09:12:04,118] INFO  jaas.JettyCachingLdapLoginModule - Attempting authentication: CN=XXXXXXXXXXXXXXXXXXX
[2022-06-21T09:12:04,208] DEBUG jaas.JettyCachingLdapLoginModule - JettyCachingLdapLoginModule: User 'XXXX' has roles: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[2022-06-21T09:12:04,208] DEBUG jaas.JettyCachingLdapLoginModule - Adding XXXXXXXXX set to expire: 1655813524208300000
[2022-06-21T09:12:04,252] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.jaas.JaasAuthenticationToken@bfd11275: Principal: XXXXXXXXXXXXX; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de6: RemoteIpAddress: XXXXXXXXXXXXXXXXX; SessionId: null; Granted Authorities: Jaas Authority [XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX  ], Jaas Authority [ XXXXXXXXXXXXXXXXXX]
[2022-06-21T09:12:04,269] WARN  server.HttpChannel - handleException / java.io.IOException: Missing content for multipart request

My axios code:
import axios from "axios";

export const rundeckService = {
  authLogin: (username, password) => {
    var data = new FormData();
    data.append("j_username", username); // username= asdasdsad
    data.append("j_password", password); // password= pass...
    axios({
      method: "POST",
      url: "https://<rundeck_server>:<my_https_port>/j_security_check",
      data: data,
    }).then((response) => {
      console.log(response);
    });
  },
};

Tulio Campos

unread,
Jun 22, 2022, 9:28:05 AM6/22/22
to rundeck-discuss
Not even using parameters instead is working.

app.post("/rundeckauth", async (req, res) => {
  var config = {
    method: "post",
    url: "https:// <rundeck_server>:<my_https_port>  /j_security_check?j_username=<my_user>&j_password=<my_password>",
  };

  axios(config)
    .then(function (response) {
      res.send(response.data);
      console.log(JSON.stringify(response.data));
    })
    .catch(function (error) {
      console.log(error);
    });
});

rac...@rundeck.com

unread,
Jun 22, 2022, 9:38:02 AM6/22/22
to rundeck-discuss

Hi Tulio,

Could you test this against your instance?

#!/bin/sh
curl -s -c cookie -b cookie -d j_username=admin -d j_password=admin http://localhost:4440/j_security_check -H "Accept: application/json" http://localhost:4440/api/41/system/info

You will see this response.

Greetings.

Tulio Campos

unread,
Jun 22, 2022, 11:32:43 AM6/22/22
to rundeck-discuss
I changed the username and password in your curl. I also changed the protocolo to https and port to 4443. Since my version is 3.3.10, I downgrade the API version to 38 there as well.


```
curl -s -c cookie -b cookie -d j_username=<my_user> -d j_password=<my_pass> -k https://localhost:4443/j_security_check -H "Accept: application/json" https://localhost:4443/api/38/system/info

{"system":{"timestamp":{"epoch":1655911545999,"unit":"ms","datetime":"2022-06-22T15:25:45Z"},"rundeck":{"version":"3.3.10-20210301","build":"3.3.10-20210301","buildGit":"v3.3.10-0-g6ba03e4","node":"s<rundeck_server>","base":"/var/lib/rundeck","apiversion":38,"serverUUID":"161b8939-a3c6-4331-8b70-029cfdf40eb0"},"executions":{"active":true,"executionMode":"active"},"os":{"arch":"amd64","name":"Linux","version":"4.18.0-348.23.1.el8_5.x86_64"},"jvm":{"name":"OpenJDK 64-Bit Server VM","vendor":"Red Hat, Inc.","version":"1.8.0_332","implementationVersion":"25.332-b09"},"stats":{"uptime":{"duration":6905406,"unit":"ms","since":{"epoch":1655904640593,"unit":"ms","datetime":"2022-06-22T13:30:40Z"}},"cpu":{"loadAverage":{"unit":"percent","average":1.47},"processors":2},"memory":{"unit":"byte","max":954728448,"free":568147248,"total":795344896},"scheduler":{"running":0,"threadPoolSize":10},"threads":{"active":31}},"metrics":{"href":"https://<rundeck_server>:4443/api/38/metrics/metrics?pretty=true","contentType":"application/json"},"threadDump":{"href":"https://<rundeck_server>:4443/api/38/metrics/threads","contentType":"text/plain"},"healthcheck":{"href":"https://<rundeck_server>:4443/api/38/metrics/healthcheck","contentType":"application/json"},"ping":{"href":"https://s<rundeck_server>:4443/api/38/metrics/ping","contentType":"text/plain"}}}
```

Tulio Campos

unread,
Jun 24, 2022, 7:33:03 AM6/24/22
to rundeck-discuss
What I noticed is that whatever I type for username in the parameters and body, I get the same message that my username is empty. Even using "j_usArname" with a typo.

It seems that everything is being ignored after the actual page URL.
Reply all
Reply to author
Forward
0 new messages