I generated selfsigned domain certificate and then started Keycloak:
docker run \
--name keycloak \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=password \
-e KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem \
-e KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem \
-v $PWD/server.crt.pem:/opt/keycloak/conf/server.crt.pem \
-v $PWD/server.key.pem:/opt/keycloak/conf/server.key.pem \
-p 8443:8443 \
quay.io/keycloak/keycloak \
start-dev
But I can't access auth page https://<IP>:8443/auth/. There is always "Page not found" error.
What is wrong?
Starting with Keycloak 17 for the Quarkus distribution:
The new distribution introduces a number of breaking changes,
including:
Configuring Keycloak has significantly changed
Quarkus is not an application server, but rather a framework to build applications
/auth removed from the default context path
Custom providers are packaged and deployed differently
Because of the third bullet point you are getting
But I can't access auth page https://:8443/auth/. There is always
"Page not found" error.
You can get around this issue with one of two solutions:
Use the previous endpoints, but now removing /auth from them or;
as pointed on in the documentation:
By default, the new Quarkus distribution removes /auth from the
context-path. To re-introduce the /auth use the http-relative-path
build option. For example: bin/kc.[sh|bat] start-dev --http-relative-path /auth
There is no more auth. It is now called admin
Access page with: https://<IP>:8443/admin/
Related
In our enterprise, we use Azure AD for the authentification.
I want now to do some curl commands for testing, but the command:
curl -u myuser:mypassword https://www.thewebsite.com -L
doesn't do the trick. Apparently, I'm stuck at the login windows.
Has anyone else a solution to do the Azure authentification from curl?
EDIT: as suggested by #SaiSakethGuduru-MT, adding --ntlm didn't work
Following is the curl export of the API call which is failing -
curl -X GET \
'http://endpoint.in/dummy/path?mobile=777777777' \
-H 'Content-Type: application/json' \
-H 'auth_token: iubsaicbsaicbasiucbsa'
The header param auth_token is not available at all in the server side, as checked from logs.
The same curl however works when directly issued as a command. I have the latest postman version v6.2.3 installed.
Also, the same API end point works when requested via other tools like Advanced REST client of chrome.
Previously, I had also checked read this thread http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers
Many servers, like nginx, have a config which if set, discards headers with underscore in name.
However, I could not verify the same because I could not find out exactly how is the server deployed in this. It is a node application and we run this command to run the application -
nohup /bin/forever start -o logs/out.log -e logs/err.log app.js
ps -ef | grep node shows the following -
root 5981 1 0 Jul19 ? 00:00:00 /root/.nvm/v7.2.1/bin/node /usr/lib/node_modules/forever/bin/monitor app.js
root 5991 5981 0 Jul19 ? 00:00:04 /root/.nvm/v7.2.1/bin/node /usr/local/another/path/to/app.js
Update
This is interfering in our automated testing as well, via Jmeter.
Update
We have nginx running on the server and it seems to be calling node process. We observed that on the server where this is working fine, the nginx config file has this setting -
underscores_in_headers on;
But this is not present in the config file of the server where it is not working.
Another observation - I am using latest postman version - 6.2.5, where the issue is there. However, when I sent the same postman collection to another teammate and he hit it after installing postman, it worked for him. I am still not sure whether the issue is with postman or the server setup.
Underscores are not explicitly forbidden in headers, but in the past for CGI underscores were converted to dashes. Because of this legacy NGINX and Apache HTTPD treat underscores in headers as potentially problematic.
https://stackoverflow.com/a/22856867/2955337
You can explicitly set underscores_in_headers on;, but the default is off, so by default NGINX does not accept underscores
http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers
curl apparently converts underscores to dashes to circumvent this issue.
https://github.com/requests/requests/issues/1292#issuecomment-15997612
Is there any way that I can create or modify an AzureAD App to allow the OAuth 2.0 Implicit flow via the Azure CLI 2.0?
I'm able to create app registrations without issue using az ad app create
It does not look like the Azure CLI 2.0 exposes the OAuth2AllowImplicitFlow property to be set, however the Azure Active Directory PowerShell 2.0 does expose this property:
-Oauth2AllowImplicitFlow
Specifies whether this web application can request OAuth2.0 implicit
flow tokens. The default is false.
Type: Boolean
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Let me know if this helps.
You can use CLI to call Graph API to do achieve that. This method needs to create service principal in your AAD Tenant, and assign Company Admin role to it.
Get an authentication token
curl -X "POST" "https://login.microsoftonline.com/$TENANTID/oauth2/token" \
-H "Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productionb; stsservicecookie=ests" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$APPID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$PASSWORD" \
--data-urlencode "resource=https://graph.windows.net/"
Set the AAD applicaiton Oauth2AllowImplicitFlow to be true:
curl -X "PATCH" "https://graph.windows.net/$TENANTID/applications/$ObjectId?api-version=1.6" \
-H "Authorization: Bearer $ACCESSTOKEN" \
-H "Content-Type: application/json" \
-d $'{"oauth2AllowImplicitFlow":true}'
After few seconds, Oauth2AllowImplicitFlow of your application has been set to be true.
Additional, as #Shawn said that Azure CLI doesn't have this cmdlet to set AAD Application,but Azure Powershell have. However Azure CLI is an important tool for Linux platform to use Azure. I think we can post this feature feedback in this Page. Azure Team will review it.
Hope this helps!
I have a linux system where I have installed dockers. I also have a registry on azure for which I have the user name and password. To get a list of docker images from a private registry we can simply use curl command like below:
curl localhost:5000/v2/_catalog
This command I tested when I installed private registry on my machine and it was giving me the list of images which I have in the registry. Now I have azure registry. I can login to it successfully but don't know what command I can run to get the list of docker images. Is this possible.? For example, if I run:
curl myregistry.azurecr.io/v2/_catalog
It shows:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
How do I get the list of images stored in azure registry from my linux machine
Thanks
You can use the container registry cli for azure:
az acr repository list --name <acrName> --output table
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-azure-cli
It is important to understand how docker lists the images in the registry.
Docker CLI provides command to pull/push/delete images from a private Azure Registry like myprivate.azurecr.io after the user authenticates itself using docker login command but the docker CLI does not provide any command to list the images in the private registry.
It is important to understand that the docker image ls only lists the images present on the local machine and not in a registry.
There are multiple answers that describe the Docker HTTP API V2 (Refer here) to list the images present in the registry. The HTTP v2 API v2/_catalog and other only work with local registry created on-premise but when user wants to list the images present in the Private Azure Registry one needs to use Azure CLI
What is Local Registry ?
The Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license. Local Registry can be created to store and distribute images in house or on-premise.
Refer here : https://docs.docker.com/registry/ . One can create a private registry,push and pull image from there using Dokcker HTTP API V2.
Azure CR is a special type and inorder to list the images there is no other option to Azure CLI.
Use Case
- List the top three images present in the registry
The command for the same can be
az acr repository show-tags -n <RegistryName> --repository <RepositoryName> --orderby time_desc --output table | select -First 5
Not used to Azure I accidentally got stuck on the idea that I needed the Azure credentials to access the API, these answers strengthening that perception, but given you have the u/p you should be able to access it with curl in a simple:
curl -L --user <username>:<password> myregistry.azurecr.io/v2/_catalog
{"repositories":["name1", "name2", "nameN"]}
As yamenk said, you could use Azure CLI 2.0 to get your registry on azure.
Azure Cli 2.0 works on linux and docker, so I think it could work your linux machine.
Also, you could use Azure Rest APi to get registry on azure.
GET https://management.azure.com/subscriptions/<subscription id>/resourceGroups/<rg>/providers/Microsoft.ContainerRegistry/registries/<registry name>?api-version=2017-10-01
For get token, please refer to this link.
Using API like below:
curl -X "GET" "https://management.azure.com/subscriptions/********/resourceGroups/shuiapp/providers/Microsoft.ContainerRegistry/registries/shuitest?api-version=2017-10-01" \
-H "Authorization: Bearer $token" \
-H "Content-Type: application/json"
Has anyone tried successfully the search command with Docker 1.6 and the new registry 2.0?
I've set mine up behind Nginx with SSL, and so far it is working fine. I can push and pull images without problems. But when I try to search for them all the following command give a 404 response:
curl -k -s -X GET https://username:password#my-docker-registry.com/v1/search
404 page not found
curl -k -s -X GET https://username:password#my-docker-registry.com/v2/search
404 page not found
root#ip-10-232-0-191:~# docker search username:password#my-docker-registry.com/hello-world
FATA[0000] Invalid repository name (admin:admin), only [a-z0-9-_.] are allowed
root#ip-10-232-0-191:~# docker search my-docker-registry.com/hello-world
FATA[0000] Error response from daemon: Unexpected status code 404
I wanted to ask if anyone has any ideas why and what is the correct way to use the Docker client to search the registry for images.
Looking at the API v2.0 documentation, do they simply not support a search function? Seems a bit strange to omit such functionality.
At least something works :)
root#ip-10-232-0-191:~# curl -k -s -X GET https://username:password#my-docker-registry.com/v2/hello-world/tags/list
{"name":"hello-world","tags":["latest"]}
To Date - the search api is lacking from registry v2.0.1 and this issue is under discussion here. I believe search api is intended to land in v2.1.
EDIT: /v2/catalog endpoint is available in distribution/registry:master
Before new registry api:
If you are using REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY you may list the contents of that directory
user#host:~# tree $REGISTRY_FS_ROOTDIR/docker/registry/v2/repositories -L 2
***/docker/registry/v2/repositories
└── repository1
└── image1
This may be useful to make a quick web ui you can call to do this or if you have ssh access to the host storing the repositories:
ssh -T user#host -p <port> tree $REGISTRY_FS_ROOTDIR/docker/registry/ -L 2
Do look at the compose example which deploys both v1 & v2 registry behind an nginx reverse proxy
The latest version of Docker Registry available from https://github.com/docker/distribution supports Catalog API. (v2/_catalog). This allows for capability to search repositories.
If interested, you can try docker image registry CLI I built to make it easy for using the search features in the new Docker Registry v2 distribution : (https://github.com/vivekjuneja/docker_registry_cli)
if you're on windows, here's a Powershell script to query the v2/_catalog from windows with basic http auth.
https://gist.github.com/so0k/b59382ea7fd959cf7040
FYI, to use this you have to docker pull distribution/registry:master instead of docker pull registry:2. the registry:2 image version is currently 2.0.1 which does not come with the catalog endpoint.