Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cant login to rabbitmq #42

Open
mdrio opened this issue Nov 19, 2024 · 0 comments
Open

Cant login to rabbitmq #42

mdrio opened this issue Nov 19, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@mdrio
Copy link

mdrio commented Nov 19, 2024
edited
Loading

Hi, I am trying to configure oauth2 on rabbitmq with keycloak as token issuer. I am following this tutorial. Anyway I am having some trouble, failing to login using both the management API and the pika example.

The management API stdout:

+ CLIENT_ID=mgt_api_client
+ CLIENT_SECRET=LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa
+ REALM=test
+ URL=https://localhost:8443/realms/test/protocol/openid-connect/token
++ curl -k https://localhost:8443/realms/test/protocol/openid-connect/token --silent --location --request POST --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode cli
ent_id=mgt_api_client --data-urlencode client_secret=LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa --data-urlencode grant_type=client_credentials
+ TOKEN='{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJHbmwyWmxiUmgzckFyNld5bWM5ODhfNWNZN1Q1R3VlUGQ1ZHBKbFhESlVrIn0.eyJleHAiOjE3MzIwMzM4OTUsImlhdCI6MTczMjAzMzU5NSwianRp
IjoiZWU4NjdkYTgtMTM5ZC00NDJlLWFiNDMtNGM2M2E1YzEyZTc3IiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0My9yZWFsbXMvdGVzdCIsImF1ZCI6InJhYmJpdG1xIiwic3ViIjoiMmUzNDllNTUtOGMyZi00NDYxLWI0NGYtMjk3N2QzYjExM2
YzIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWd0X2FwaV9jbGllbnQiLCJzY29wZSI6ImVtYWlsIHJhYmJpdG1xLnRhZzphZG1pbmlzdHJhdG9yIiwiY2xpZW50SWQiOiJtZ3RfYXBpX2NsaWVudCIsImNsaWVudEhvc3QiOiIxOTIuMTY4LjgwLjEiLCJl
bWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEFkZHJlc3MiOiIxOTIuMTY4LjgwLjEifQ.ZlQ-TTjvW1AuldIg8uAzk8xwBAVuYGTYE6AoieYpCQZHt1Sp8n6CshlOeyS7e-dg6y1McD9pz-rDt3CZXSdAgF1Jyj3Kakk15aal6Rn2zcuMmZBrr1uiRb7
QmZHBI-viAXFoXdWsmNft7J1X0iKBnXRBJFnBVcm61mf6VmPOHFhnSmjeNg9xbh-nr0BADCe1x7W0RnKlsuZyaajy1zUoVC_lFsNFJHqKEqoqaMhlrxEFof_66Z4qx85NU8xDca5NyUbokVGKq_hWb76KgYjLNmpFHqqlRIkURtI0CDmDlCYoBDopmMHEW
O507Tx2dDvTNdjVPfDNSR5RNKAWJ3DBIQ","expires_in":300,"refresh_expires_in":0,"token_type":"Bearer","not-before-policy":0,"scope":"email rabbitmq.tag:administrator"}'
+ jq -r .access_token
{"error":"not_authorized","reason":"Not_Authorized"}⏎

With this related line in the rabbitmq logs:

2024-11-19 16:26:35.554287+00:00 [warning] <0.903.0> HTTP access denied: user '' - invalid credentials

While the pika example exits with:

python pika-client/producer.py producer kbOFBXI9tANgKUq8vXHLhT6YhbivgXxn
pika version: 1.3.2
Traceback (most recent call last):
  File "/home/mauro/projects/rabbitmq-oauth2-tutorial/pika-client/producer.py", line 25, in <module>
    connection = pika.BlockingConnection(pika.ConnectionParameters(
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/mauro/projects/rabbitmq-oauth2-tutorial/venv/lib/python3.12/site-packages/pika/adapters/blocking_connection.py", line 360, in __init__
    self._impl = self._create_connection(parameters, _impl_class)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/mauro/projects/rabbitmq-oauth2-tutorial/venv/lib/python3.12/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
    raise self._reap_last_connection_workflow_error(error)
pika.exceptions.ProbableAuthenticationError: ConnectionClosedByBroker: (403) 'ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.'

With this rabbitmq log:

2024-11-19 16:30:17.566967+00:00 [info] <0.920.0> accepting AMQP connection 192.168.80.1:35990 -> 192.168.80.3:5672
2024-11-19 16:30:17.571156+00:00 [error] <0.920.0> Error on AMQP connection <0.920.0> (192.168.80.1:35990 -> 192.168.80.3:5672, state: starting):
2024-11-19 16:30:17.571156+00:00 [error] <0.920.0> PLAIN login refused: user '' - invalid credentials
2024-11-19 16:30:17.573430+00:00 [info] <0.920.0> closing AMQP connection (192.168.80.1:35990 -> 192.168.80.3:5672, duration: '7ms')

Reproduction steps

  1. add "localhost keycloak rabbitmq" to /etc/hosts
  2. make start-keycloak
  3. export MODE=keycloak
    make start-rabbitmq
  4. make curl-keycloak url=http://localhost:15672/api/overview client_id=mgt_api_client secret=LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa
  5. python3 --version
    pip install pika
    pip install requests
    python3 pika-client/producer.py producer kbOFBXI9tANgKUq8vXHLhT6YhbivgXxn

Expected behavior

Both management API call and the pika one should login and exit without errors

Additional context

No response
@mdrio mdrio added the bug Something isn't working label Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mdrio