This topic has 1 reply, 1 voice, and was last updated 1 year, 10 months ago by cduncan.
-
AuthorPosts
-
August 5, 2020 at 3:51 pm #28166
cduncan
ParticipantHi everbody,
I’m trying to setup AM as a Swarm Service:
$ docker service create \
–mode replicated \
–replicas 1 \
–name am-Service \
–endpoint-mode vip \
–publish published=8080,target=8080 \
am-base-test:6.5This results in spinning up one AM container for the am-Service.
When trying to access AM via the web browser on the host (http://localhost:8080/am) the AM login page is displayed. But when trying to login in using amadmin or demo users I get the following error:
“code”:401,”reason”:”Unauthorized”,”message”:”User Requires Profile to Login”Note: am-base-test:6.5 is a fully functional AM 6.5 image with embedded DS. It works fine as a standalone container when started like this: $ docker run -p 80:8080 am-base-test:6.5 -> when accessing AM via the web browser on the host (http://localhost/am) the AM login page is displayed and it is possible to login as amadmin or demo user.
The same results are displayed when using the following curls on the host:
1. Authenticate against standalone AM container -> ok
curl \
> –insecure \
> –request POST \
> –header “Content-Type: application/json” \
> –header “X-OpenAM-Username: demo” \
> –header “X-OpenAM-Password: changeit” \
> –header “Accept-API-Version: resource=2.0” \
> –data “{}” \
> ‘http://localhost/am/json/realms/root/authenticate’
{“tokenId”:”15IvFvZL2QPN3ZtscLTThx9CMJs.*AAJTSQACMDEAAlNLABxnZ29wSE5RTkxhQVk0U2wyZHhoMUJSRVNnWWc9AAR0eXBlAANDVFMAAlMxAAA.*”,”successUrl”:”/am/console”,”realm”:”/”}2. Authenticate against Swarm container -> nok
curl \
> –insecure \
> –request POST \
> –header “Content-Type: application/json” \
> –header “X-OpenAM-Username: demo” \
> –header “X-OpenAM-Password: changeit” \
> –header “Accept-API-Version: resource=2.0” \
> –data “{}” \
> ‘http://localhost:8080/am/json/realms/root/authenticate’
{“code”:401,”reason”:”Unauthorized”,”message”:”User Requires Profile to Login”}
(The same error is displayed when calling the authenticate endpoint from within the container.)In both cases the identical AM image with embedded DS (and user demo) is deployed.
Has anybody got any ideas as to what might be wrong with my service configuration?
August 10, 2020 at 1:43 pm #28171cduncan
ParticipantThe solution is to use mode global instead of replicated!
For example:
docker service create \
–name am-Service \
–endpoint-mode vip \
–mode global \
–publish mode=host,published=8081,target=8080 \
am-base-test:6.5 -
AuthorPosts
You must be logged in to reply to this topic.