Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Swauth authentication #5892

Closed
cyberduck opened this issue Apr 10, 2011 · 1 comment
Closed

Swauth authentication #5892

cyberduck opened this issue Apr 10, 2011 · 1 comment
Assignees
@dkocher
Labels
bug duplicate openstack OpenStack Swift Protocol Implementation

Comments

@cyberduck
Copy link
Collaborator

285fddd created the issue

First of, thank you very much for all the hard work you have put into this awesome app. I've had many people approach me asking for help with cyberduck and openstack-swift so I decided to try it out myself. It always worked in the past with our devauth authentication system.

I've tried the following with openstack-swift 1.2.0 using swauth. When using devauth, the authentication step works fine but I believe devauth is getting deprecated on 1.3.0.

What I have noticed from the cyberduck logs and my swift logs is that, When trying to swauth, cyberduck is passing only /v1.0 and not the whole "Path" value that is used in the connection configuration (Path = /auth/v1.0) therefore the swift precondition fails.

GET /v1.0 HTTP/1.1
x-auth-user: external:marcelo
x-auth-key: XXXXXXXXX
Host: auth.swift.domain.com:8443
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.1 412 Precondition Failed
Content-Type: text/html; charset=UTF-8
Content-Length: 7
Date: Sun, 10 Apr 2011 14:02:03 GMT
Connection: keep-alive

swift logs:

Apr 10 14:02:03 swtester1 proxy-server %3A%3Affff%3A71.11.14.124 127.0.0.1 10/Apr/2011/14/02/03 GET /v1.0 HTTP/1.0 412 - Cyberduck/4.0.2%20%28Mac%20OS%20X/10.5.8%29%20%28i386%29 - - - - tx5be478af-99b4-4df9-bf15-209b07e7daf6 - 0.0004

When I change my swift system to use DevAuth, the authentication works but when trying to perform a GET on the StorageUrl that it receives back from auth, cyberduck seems to be using the same connection that it already has open on port 8443.

On my environment I see that the GET request on the account is actually going to the DevAuth service when it should be going to https://swift.domain.com . I have also noticed that it also adds the /v1.0 at the end of the StorageUrl but on the second try it removes that which means it would have probably worked if the request had been sent to 443 and not 8443.

GET /v1.0 HTTP/1.1
x-auth-user: external:marcelo
x-auth-key: XXXXXX
Host: auth.swift.domain.com:8443
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.1 204 No Content
X-Storage-Url: https://swift.domain.com/v1/AUTH_50a8dbc55fb14808a3770b2e19599997
X-Storage-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Content-Length: 0
Date: Sun, 10 Apr 2011 14:22:01 GMT
Connection: keep-alive

GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F HTTP/1.1
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Host: swift.domain.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-control: no-cache,no-store

GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Host: swift.domain.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-control: no-cache,no-store

Apr 10 15:03:05 swtester1 pound: 12.11.13.24 GET /v1.0 HTTP/1.1 - HTTP/1.1 204 No Content

Apr 10 15:03:05 swtester1 pound: (7fa851125700) e503 no service "GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F HTTP/1.1" from 12.11.13.24

Apr 10 15:04:07 swtester1 pound: (7fa851125700) e503 no service "GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F HTTP/1.1" from 12.11.13.24

Apr 10 15:04:08 swtester1 pound: (7fa851125700) e503 no service "GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1" from 12.11.13.24

In order to make sure that the request was indeed going to the auth system on port 8443, I had pound listen on 8443 and nginx listen on 443. Just to be double sure. The requests work fine when using curl to authenticate and retrieve account data/information.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Duplicate of #5735. Not that the optional setting for the Path in the bookmark settings refers to a path in the directory layout of the storage account and is not used for the authentication URL. Refer to the wiki to change the context path for the authentication.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug duplicate openstack OpenStack Swift Protocol Implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkocher @cyberduck