OAuth2 authentication betwwen registry and gateway #338
Description
jhipster info for the gateway :
JHipster Version(s)
gw@0.0.0 /home/denis/testws/gw
└── generator-jhipster@5.8.2
JHipster configuration, a .yo-rc.json file generated in the root folder
.yo-rc.json file
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.ins.gw",
"nativeLanguage": "en"
},
"jhipsterVersion": "5.8.2",
"applicationType": "gateway",
"baseName": "gw",
"packageName": "com.ins.gw",
"packageFolder": "com/ins/gw",
"serverPort": "8080",
"authenticationType": "oauth2",
"cacheProvider": "hazelcast",
"enableHibernateCache": true,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Memory",
"prodDatabaseType": "postgresql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "maven",
"enableSwaggerCodegen": false,
"clientFramework": "angularX",
"useSass": true,
"clientPackageManager": "npm",
"testFrameworks": [],
"jhiPrefix": "jhi",
"entitySuffix": "",
"dtoSuffix": "DTO",
"otherModules": [],
"enableTranslation": true,
"nativeLanguage": "en",
"languages": ["en", "fr"]
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
Environment and Tools
java version "1.8.0_201"
Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)
git version 2.17.1
node: v9.0.0
npm: 5.5.1
yarn: 1.7.0
Docker version 18.09.2, build 6247962
docker-compose version 1.17.1, build unknown
Overview of the issue
This issue concerns authentication between registry and gateway with keycloak. We have to be authenticated on gateway and registry to view configuration or metrics of gateway in registry.
Motivation for or Use Case
Authentication between registry and gateway is unstable with keycloak. In some cases, registry send a 401 error on /login...
Reproduce the error
- Start a keycloak server : tested with version 5.0.0 and docker image jboss/keycloak:3.3.0.CR2-3
- Start registry, version 4.1.1
- Start gateway
- Login on registry : we are redirect on keycloak, and after authentication, we return on registry home page as admin
- We see gateway is up
- Go on Administration/configuration, select gateway
- We get a 302 redirection from gateway_url/management/env to gateway_url/login, producing a new redirect to keycloak login page
- On same browser, connect to gateway and login
- On registry, go on configuration of gateway, it works
- On registry, click on logout button : we go on home page, but still connected
- On registry, we click again on logout : we are disconnected, on page with sign in button.
- On gateway, click on sign out : we are disconnected
- On registry, try to login : we get a 401 on /login ...
- Relogin on gateway, relogin on registry, always unauthorized to get /login...
Related issues
This issue may be related to issue 292 OAuth2 Gateway Management Broken
Suggest a Fix
I don't know if the problem comes from gateway or registry, and I don't known enough OAuth2 to suggest a fix.
JHipster Registry Version(s)
Gateway has been generated with jhipster 5.8.2, and registry is in version 4.1.1
Browsers and Operating System
Tested on linux with firefox 65 and chromium 73
- Checking this box is mandatory (this is just to show you read everything)
Denis