Issue #5898
closedcert authentication is not working properly
Description
When performing cert authentication with pulp3, it does not appear to be working:
- curl https://`hostname`/pulp/api/v3/tasks/ --cert /etc/pki/katello/certs/pulp-client.crt --key /etc/pki/katello/private/pulp-client.key
{"detail":"Authentication credentials were not provided."}
I've configured my apache with:
<Location /pulp/api>
SSLUsername SSL_CLIENT_S_DN_CN
</Location>
which is working with pulp2, and has worked in the past
Updated by fao89 over 4 years ago
- Triaged changed from No to Yes
- Sprint set to Sprint 63
Updated by jsherril@redhat.com over 4 years ago
- Tags Katello-P1 added
- Tags deleted (
Katello-P2)
Updated by bmbouter over 4 years ago
@jsherrill have you tried setting REMOTE_USER_ENVIRON_NAME to 'HTTP_REMOTE_USER' and having apache forward that as using the apache equivalent to nginx's proxy_set_header. This is described some here: https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy
I can help debug together on a system also. Maybe we can get on your test system? I had tested this when I wrote these docs earlier so I had gotten it working before.
Updated by jsherril@redhat.com over 4 years ago
- Status changed from NEW to CLOSED - NOTABUG
Closing this as that was the missing piece of the puzzle (plus some web server magic i was missing)!
Updated by ggainey almost 4 years ago
- Tags Katello added
- Tags deleted (
Katello-P1)