🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
How do I configure autentication properly for locally hosted docker container
I've downloaded the docker container and have it running locally, with Postman I managed to send messages to localhost:9000 just fine as well.
But now, through Access Control I enabled basic authentication with the internal database, created a user in User Mgmt, gave that user a password, but with that user I can't POST messages, using Postman, like I could before I enabled authentication. What am I missing here?
Best Answer
-
Ari is correct. In your screenshot of activating the Internal Database 2 posts ago, notice the "Client Usernames" tab. This is where you would add your user for messaging access and assign a password.
1
Answers
-
Hi @wraldpyk
What's the error you're seeing?
Also, after you enabled basic auth, why don't you try with the default user first. This is how I do it in my Postman.
And also, creating client users is done by adding "client usernames" via the Access Control menu as well, be careful not to mistake it with the Administrator users management from the bottom of the left menu.
1 -
With both my new user and the default user I get the following response:
<solace-error-response> <code>403</code> <reason> <![CDATA[Unauthorized]]> </reason> <detail> <![CDATA[ SMF ClientCtrl response error ]]> </detail> <internal-use>2:13398</internal-use> </solace-error-response>
I have enabled basic authentication in Postman, while sending a POST.
My curl export from Postman is:
curl --location --request POST 'localhost:9000/amazing/message' \ --header 'Authorization: Basic ZGVmYXVsdDpkZWZhdWx0' \ --header 'Content-Type: text/plain' \ --header 'Cookie: TSID=44606607e086e888' \ --data-raw 'awesome 2'
With auth disabled on the server this same request works (without basic auth obviously)
0 -
Can you post a screenshot of your postman? It's difficult to know if you entered the correct fields with just the base64 value for username:password (blur the password is fine).
Also, can you show your list of Client Usernames from Broker Manager gui?
0 -
Hmm this looks like admin or management users and not application or client users.
You should use the client usernames menu from Access Control menu on the left for apps user.
Or, just use default:default for testing as the default user has most access open.
0 -
Ok interesting, I assumed it would take usernames from the User Mgmt (bottom section in the sidebar). I have found the "default" user, but it doesn't work for me with the API calls that worked before I enabled basic auth.
Also with clients I can't specify a password, is that correct?
0 -
Ari is correct. In your screenshot of activating the Internal Database 2 posts ago, notice the "Client Usernames" tab. This is where you would add your user for messaging access and assign a password.
1 -
Glad that helped.
Management users and messaging users are completely separate in PubSub+. This is for security reasons where a management user cannot view potentially sensitive message payloads and messaging users cannot change broker configuration, etc.
2