I have set up docker auth server using cesanta and used mongodb for ACL everything works fine. Only issue is when I am doging curl to my registry catalog I got UNAUTHORIZED.
curl -Lk https://example.docker.com:5000/v2/_catalog
I am getting below error:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication
required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
You need to acquire a bearer token to be used as header for authentication. Here is a detail doc on how to get it https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md
Related
Trying to login from docker to gitlab using the command:
sudo docker login registry.gitlab.com?private_token=XXX
But I still have the following error message:
Error response from daemon: Get https://registry.gitlab.com/v2/: unauthorized: HTTP Basic: Access denied\nYou must use a personal access token with 'api' scope for Git over HTTP.\nYou can generate one at https://gitlab.com/-/profile/personal_access_tokens
The token has the right access I doubled checked... I am rather new to docker, any hint/help? thanks!
The correct command line (that works in my case at least) was:
docker login registry.example.com -u <your_username> -p <your_personal_access_token>
If you are using 2 factor authentication, then personal access tokens are required.
More information on the following webpage,
https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
According to https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html, your username actually gets ignored:
Though required, GitLab usernames are ignored when authenticating with a personal access token. There is an issue for tracking to make GitLab use the username.
So, if you're not able to connect, it might not be because of the username.
I have a private sonatype nexus repository manager OSS 3.25.1-04 container running on a vm (with nginx routing from docker.io to repo manager url) that contains a few repositories, one of them is a docker registry.
I want to use the docker registry v2 api from a react app to get a listing for the docker images in the repository and maybe some more metrics about the repo and its contents.
I tried calling the api directly: https://nexus3:8083/v2/_catalog but got 401 UnAuthorized in the response when checking the devtools network tab
Then to login to the api I tried using https://auth.docker.io/token?service=registry.docker.io&scope=repository:samalba/my-app:pull,push when substituting samalba/my-app with my own registry and example docker image. I know this link is to get token for only this image couldn't find one for the entire api (it didn't work anyway)
Could use some help on how to connect to the api\get jwt token and using it or how to use the api with http instead
A few things may be going on. First, try just using basic authentication and seeing if that works. Additionally, you may need to set some additional headers to connect to nexus / sonatype. Here is an example with curl:
curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Content-Type: application/json" -H "User-Agent: docker/20.10.14" -u username:password -i https://nexus3:8083/v2/_catalog
Note the user agent field -- i've run into issues where the authentication layer is filtering out for the docker user agent.
If that still doesn't work, then the next thing you can look for is to see if the registry response with the header www-authenticate. This means you will need to first authenticate with that service to retrieve a Bearer token, and then you can pass that back to the registry using the Authorization header instead of basic auth.
Hope that helps.
Q1:
I'm running a Hawkbit server on localhost in a docker container and activated the option "Allow a gateway to authenticate and manage multiple targets through a gateway security token" in the settings of the web UI that I access via http://localhost:8080/.
Now I'm using Postman to send a GET request to http://localhost:8080/default/controller/v1/25 with the header
key: GatewayToken, value: <The gateway token shown in the Hawkbit web UI>
Using this header, I'm supposed to be able to authenticate my Postman client against the Hawkbit server (compare e.g. https://www.eclipse.org/hawkbit/concepts/authentication/), however I'm always getting a "401 Unauthorized" response.
Even if I enable "Allow targets to download artifacts without security credentials" which should enable any client to get a ressource even without authentification, I get a 401.
What am I doing wrong?
Q2:
The Hawkbit server is running in Docker started via "docker-compse up -d" as described here: https://www.eclipse.org/hawkbit/gettingstarted/
In order to solve the problem of Q1, I wanted to check the output of Hawkbit inside the container, but I'm not too familiar with docker and couldn't find out how. I was able to get inside the conainer using
docker exec -it docker_hawkbit_1 /bin/sh
which bring me into the container's file system at /opt/hawkbit. But that's not what I was looking for. How can I see the log/output of the Hawkbit/Spring Boot application running inside the container?
Q1:
The key of the request should not be GatewayToken, but Authorization. The header of the request will then look as follows:
key: Authorization, value: GatewayToken <token>
Q2:
Try the following command to see the logs:
docker logs -f docker_hawkbit_1
I am using nexus as a Docker container, with tag sonatype/nexus3:3.14.0. Also, I connect nexus with LDAP for user better user management it is helpful for group and role management.
For my case, I create a blog-store and create two docker registry repository, one hosted and one group. I try to log in, on hosted and it works fine. But when I tried to connect into the grouped repository I get
401 Unauthorized. I also tried to connect with admin credentials but I get the same error too,
Error response from daemon: login attempt to https:///v2/ failed with status: 401 Unauthorized.
Suggestions are welcome
PParthenis
Enable the Docker Bearer Token Realm in Nexus Security->Realms Tab.
As stated in here
In my case Docker Bearer Token Realm security realm was already enabled. But prioritizing this realm did the trick.
If Docker Bearer Token Realm is already enabled in Nexus Security->Realms Tab, Increase its priority.
For more info https://help.sonatype.com/repomanager3/system-configuration/access-control/realms
I am doing playground2 sample of wso2 from this post. It is generating access token but having problem when I am accessing UserInfo.
It's saying connection refused. I am using wso2is-5.0.0
thank you
You can also use below curl command for call userinfo endpoint and if you need more details you can use this URL.
curl -k -H "Authorization: Bearer <paste_access_token>" https://localhost:9443/oauth2/userinfo?schema=openid
Plus you need to adding claims in OAuth service provider side and get more details in this offcial WSO2 document.