Re: Trouble enabling diego ssh in cf-release:222 diego:0.1437

Home Messages Hashtags Subgroups

#2496

Re: Trouble enabling diego ssh in cf-release:222 diego:0.1437

Mike Youngstrom <youngm@...> #2496 In case it helps this is the CF_TRACE of the UAA call that the ssh plugin is expecting to be a redirect. REQUEST: [2015-10-28T17:25:11-06:00] POST /oauth/token HTTP/1.1 Host: uaa.{redacted} Accept: application/json Authorization: [PRIVATE DATA HIDDEN] Content-Type: application/x-www-form-urlencoded User-Agent: go-cli 6.12.3-5364935 / linux grant_type=refresh_token&refresh_token={token redacted}&scope= RESPONSE: [2015-10-28T17:25:12-06:00] HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store Content-Type: application/json;charset=UTF-8 Date: Wed, 28 Oct 2015 23:25:12 GMT Expires: 0 Pragma: no-cache Pragma: no-cache Server: Apache-Coyote/1.1 X-Cf-Requestid: 4a6ad262-07e6-48a8-4640-271996e9bf64 X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block a20 {"access_token":"[PRIVATE DATA HIDDEN]","token_type":"bearer","refresh_token":"[PRIVATE DATA HIDDEN]","expires_in":3599,"scope":"scim.userids cloud_controller.read password.write cloud_controller.write openid doppler.firehose scim.read cloud_controller.admin","jti":"00e07ad7-5090-42e9-8096-a542dffd6026"} 0 This is the ssh-proxy client info returned from a call to uaac clients: ssh-proxy scope: cloud_controller.read cloud_controller.write openid resource_ids: none authorized_grant_types: authorization_code refresh_token redirect_uri: /login autoapprove: true action: none authorities: uaa.none lastmodified: 1446074693000 Mike toggle quoted message Show quoted text On Wed, Oct 28, 2015 at 6:47 PM, Mike Youngstrom <youngm(a)gmail.com> wrote: Yes /v2/info contains "app_ssh_oauth_client: "ssh-proxy"". Though I didn't set it. It appears CC sets it by default now. https://github.com/cloudfoundry/cf-release/blob/master/jobs/cloud_controller_ng/spec#L81 Any other ideas? Mike On Oct 28, 2015 6:16 PM, "Matthew Sykes" <matthew.sykes(a)gmail.com> wrote: Does /v2/info contain the `app_ssh_auth_client` key? If not, it should be set to the client ID of the ssh proxy. If it's not set, I think that's one of the symptom. https://github.com/cloudfoundry-incubator/diego-release/blob/develop/stubs-for-cf-release/enable_diego_ssh_in_cf.yml#L4 On Wed, Oct 28, 2015 at 7:36 PM, Mike Youngstrom <youngm(a)gmail.com> wrote: I'm working on upgrading to latest cf-release+diego and I'm having trouble getting ssh working. When attempting to ssh with the latest cli I get the error: "Authorization server did not redirect with one time code" The relevant config is: ssh_proxy.uaa_token_url=https://{uaa server}/oauth/token uaa.clients.ssh-proxy: authorized-grant-types: authorization_code autoapprove: true override: true redirect-uri: /login scope: openid,cloud_controller.read,cloud_controller.write secret: secret When tracing the CLI I see a call to "POST /oauth/token" and a 200. It appears that the CLI is expecting a redirect and not a 200. Is "oauth/token" the correct uaa_token_url endpoint? Any idea why UAA wouldn't be sending a redirect response from /oauth/token when the plugin is expecting it? Mike -- Matthew Sykes matthew.sykes(a)gmail.com attachment.html attachment.html
More All Messages By This Member

View All 11 Messages In Topic

#2496

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms