Setup AM as Swarm Service

Tagged: , ,

This topic has 1 reply, 1 voice, and was last updated 3 months, 3 weeks ago by cduncan.

  • Author
    Posts
  • #28166
     cduncan
    Participant

    Hi everbody,

    I’m trying to setup AM as a Swarm Service:
    $ docker service create \
    –mode replicated \
    –replicas 1 \
    –name am-Service \
    –endpoint-mode vip \
    –publish published=8080,target=8080 \
    am-base-test:6.5

    This results in spinning up one AM container for the am-Service.
    When trying to access AM via the web browser on the host (http://localhost:8080/am) the AM login page is displayed. But when trying to login in using amadmin or demo users I get the following error:
    “code”:401,”reason”:”Unauthorized”,”message”:”User Requires Profile to Login”

    Note: am-base-test:6.5 is a fully functional AM 6.5 image with embedded DS. It works fine as a standalone container when started like this: $ docker run -p 80:8080 am-base-test:6.5 -> when accessing AM via the web browser on the host (http://localhost/am) the AM login page is displayed and it is possible to login as amadmin or demo user.

    The same results are displayed when using the following curls on the host:

    1. Authenticate against standalone AM container -> ok
    curl \
    > –insecure \
    > –request POST \
    > –header “Content-Type: application/json” \
    > –header “X-OpenAM-Username: demo” \
    > –header “X-OpenAM-Password: changeit” \
    > –header “Accept-API-Version: resource=2.0” \
    > –data “{}” \
    > ‘http://localhost/am/json/realms/root/authenticate’
    {“tokenId”:”15IvFvZL2QPN3ZtscLTThx9CMJs.*AAJTSQACMDEAAlNLABxnZ29wSE5RTkxhQVk0U2wyZHhoMUJSRVNnWWc9AAR0eXBlAANDVFMAAlMxAAA.*”,”successUrl”:”/am/console”,”realm”:”/”}

    2. Authenticate against Swarm container -> nok
    curl \
    > –insecure \
    > –request POST \
    > –header “Content-Type: application/json” \
    > –header “X-OpenAM-Username: demo” \
    > –header “X-OpenAM-Password: changeit” \
    > –header “Accept-API-Version: resource=2.0” \
    > –data “{}” \
    > ‘http://localhost:8080/am/json/realms/root/authenticate’
    {“code”:401,”reason”:”Unauthorized”,”message”:”User Requires Profile to Login”}
    (The same error is displayed when calling the authenticate endpoint from within the container.)

    In both cases the identical AM image with embedded DS (and user demo) is deployed.

    Has anybody got any ideas as to what might be wrong with my service configuration?

    #28171
     cduncan
    Participant

    The solution is to use mode global instead of replicated!

    For example:
    docker service create \
    –name am-Service \
    –endpoint-mode vip \
    –mode global \
    –publish mode=host,published=8081,target=8080 \
    am-base-test:6.5

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?