Rundeck returns a HTTP 500 when trying Password Authentication on the API
157 views
Skip to first unread message
Tulio Campos
Jun 21, 2022, 8:47:02 AM6/21/22
to rundeck-discuss
Following this tutorial:
https://docs.rundeck.com/docs/api/rundeck-api.html#password-authentication
I've had success using Python Requests and POSTMAN (form-data body) but when I try with axios (on JS, not on nodeJS) I get the following erros:
First, no actual response and then a GET to
https://<rundeck_server>:<my_https_port>/
which returns a HTTP 500 saying
"error: "A server error occurred".
Checking /var/log/service.log I see:
I've had success using Python Requests and POSTMAN (form-data body) but when I try with axios (on JS, not on nodeJS) I get the following erros:
First, no actual response and then a GET to
https://<rundeck_server>:<my_https_port>/
which returns a HTTP 500 saying
"error: "A server error occurred".
Checking /var/log/service.log I see:
Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: XXXXXXXXXXX
[2022-06-21T09:12:04,117] DEBUG jaas.JettyCachingLdapLoginModule - Found user?: true
[2022-06-21T09:12:04,118] INFO jaas.JettyCachingLdapLoginModule - Attempting authentication: CN=XXXXXXXXXXXXXXXXXXX
[2022-06-21T09:12:04,208] DEBUG jaas.JettyCachingLdapLoginModule - JettyCachingLdapLoginModule: User 'XXXX' has roles: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[2022-06-21T09:12:04,208] DEBUG jaas.JettyCachingLdapLoginModule - Adding XXXXXXXXX set to expire: 1655813524208300000
[2022-06-21T09:12:04,252] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.jaas.JaasAuthenticationToken@bfd11275: Principal: XXXXXXXXXXXXX; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de6: RemoteIpAddress: XXXXXXXXXXXXXXXXX; SessionId: null; Granted Authorities: Jaas Authority [XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX]
[2022-06-21T09:12:04,269] WARN server.HttpChannel - handleException / java.io.IOException: Missing content for multipart request
My axios code:
[2022-06-21T09:12:04,117] DEBUG jaas.JettyCachingLdapLoginModule - Found user?: true
[2022-06-21T09:12:04,118] INFO jaas.JettyCachingLdapLoginModule - Attempting authentication: CN=XXXXXXXXXXXXXXXXXXX
[2022-06-21T09:12:04,208] DEBUG jaas.JettyCachingLdapLoginModule - JettyCachingLdapLoginModule: User 'XXXX' has roles: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[2022-06-21T09:12:04,208] DEBUG jaas.JettyCachingLdapLoginModule - Adding XXXXXXXXX set to expire: 1655813524208300000
[2022-06-21T09:12:04,252] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.jaas.JaasAuthenticationToken@bfd11275: Principal: XXXXXXXXXXXXX; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de6: RemoteIpAddress: XXXXXXXXXXXXXXXXX; SessionId: null; Granted Authorities: Jaas Authority [XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX], Jaas Authority [ XXXXXXXXXXXXXXXXXX ], Jaas Authority [ XXXXXXXXXXXXXXXXXX]
[2022-06-21T09:12:04,269] WARN server.HttpChannel - handleException / java.io.IOException: Missing content for multipart request
My axios code:
import axios from "axios";
export const rundeckService = {
authLogin: (username, password) => {
var data = new FormData();
data.append("j_username", username); // username= asdasdsad
data.append("j_password", password); // password= pass...
axios({
method: "POST",
url: "https://<rundeck_server>:<my_https_port>/j_security_check",
data: data,
}).then((response) => {
console.log(response);
});
},
};
Tulio Campos
Jun 22, 2022, 9:28:05 AM6/22/22
to rundeck-discuss
Not even using parameters instead is working.
var config = {
method: "post",
url: "https://
<rundeck_server>:<my_https_port> /j_security_check?j_username=<my_user>&j_password=<my_password>",
};
axios(config)
.then(function (response) {
res.send(response.data);
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
});
rac...@rundeck.com
Jun 22, 2022, 9:38:02 AM6/22/22
to rundeck-discuss
Hi Tulio,
Could you test this against your instance?
#!/bin/sh
curl -s -c cookie -b cookie -d j_username=admin -d j_password=admin http://localhost:4440/j_security_check -H "Accept: application/json" http://localhost:4440/api/41/system/info
You will see this response.
Greetings.
Tulio Campos
Jun 22, 2022, 11:32:43 AM6/22/22
to rundeck-discuss
I changed the username and password in your curl. I also changed the protocolo to https and port to 4443. Since my version is 3.3.10, I downgrade the API version to 38 there as well.
```
curl -s -c cookie -b cookie -d j_username=<my_user> -d j_password=<my_pass> -k https://localhost:4443/j_security_check -H "Accept: application/json" https://localhost:4443/api/38/system/info
{"system":{"timestamp":{"epoch":1655911545999,"unit":"ms","datetime":"2022-06-22T15:25:45Z"},"rundeck":{"version":"3.3.10-20210301","build":"3.3.10-20210301","buildGit":"v3.3.10-0-g6ba03e4","node":"s<rundeck_server>","base":"/var/lib/rundeck","apiversion":38,"serverUUID":"161b8939-a3c6-4331-8b70-029cfdf40eb0"},"executions":{"active":true,"executionMode":"active"},"os":{"arch":"amd64","name":"Linux","version":"4.18.0-348.23.1.el8_5.x86_64"},"jvm":{"name":"OpenJDK 64-Bit Server VM","vendor":"Red Hat, Inc.","version":"1.8.0_332","implementationVersion":"25.332-b09"},"stats":{"uptime":{"duration":6905406,"unit":"ms","since":{"epoch":1655904640593,"unit":"ms","datetime":"2022-06-22T13:30:40Z"}},"cpu":{"loadAverage":{"unit":"percent","average":1.47},"processors":2},"memory":{"unit":"byte","max":954728448,"free":568147248,"total":795344896},"scheduler":{"running":0,"threadPoolSize":10},"threads":{"active":31}},"metrics":{"href":"https://<rundeck_server>:4443/api/38/metrics/metrics?pretty=true","contentType":"application/json"},"threadDump":{"href":"https://<rundeck_server>:4443/api/38/metrics/threads","contentType":"text/plain"},"healthcheck":{"href":"https://<rundeck_server>:4443/api/38/metrics/healthcheck","contentType":"application/json"},"ping":{"href":"https://s<rundeck_server>:4443/api/38/metrics/ping","contentType":"text/plain"}}}
```
```
curl -s -c cookie -b cookie -d j_username=<my_user> -d j_password=<my_pass> -k https://localhost:4443/j_security_check -H "Accept: application/json" https://localhost:4443/api/38/system/info
{"system":{"timestamp":{"epoch":1655911545999,"unit":"ms","datetime":"2022-06-22T15:25:45Z"},"rundeck":{"version":"3.3.10-20210301","build":"3.3.10-20210301","buildGit":"v3.3.10-0-g6ba03e4","node":"s<rundeck_server>","base":"/var/lib/rundeck","apiversion":38,"serverUUID":"161b8939-a3c6-4331-8b70-029cfdf40eb0"},"executions":{"active":true,"executionMode":"active"},"os":{"arch":"amd64","name":"Linux","version":"4.18.0-348.23.1.el8_5.x86_64"},"jvm":{"name":"OpenJDK 64-Bit Server VM","vendor":"Red Hat, Inc.","version":"1.8.0_332","implementationVersion":"25.332-b09"},"stats":{"uptime":{"duration":6905406,"unit":"ms","since":{"epoch":1655904640593,"unit":"ms","datetime":"2022-06-22T13:30:40Z"}},"cpu":{"loadAverage":{"unit":"percent","average":1.47},"processors":2},"memory":{"unit":"byte","max":954728448,"free":568147248,"total":795344896},"scheduler":{"running":0,"threadPoolSize":10},"threads":{"active":31}},"metrics":{"href":"https://<rundeck_server>:4443/api/38/metrics/metrics?pretty=true","contentType":"application/json"},"threadDump":{"href":"https://<rundeck_server>:4443/api/38/metrics/threads","contentType":"text/plain"},"healthcheck":{"href":"https://<rundeck_server>:4443/api/38/metrics/healthcheck","contentType":"application/json"},"ping":{"href":"https://s<rundeck_server>:4443/api/38/metrics/ping","contentType":"text/plain"}}}
```
Tulio Campos
Jun 24, 2022, 7:33:03 AM6/24/22
to rundeck-discuss
What I noticed is that whatever I type for username in the parameters and body, I get the same message that my username is empty. Even using "j_usArname" with a typo.
It seems that everything is being ignored after the actual page URL.
It seems that everything is being ignored after the actual page URL.
Reply all
Reply to author
Forward
0 new messages