Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-13305

Not all Artifactory Docker endpoints return the expected WWW-Authenticate header

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 4.9.1, 4.14.1
    • Fix Version/s: 5.2.1
    • Component/s: Docker
    • Labels:
      None
    • Sprint:
      Leap 7, Leap 9

      Description

      Not all Artifactory Docker endpoints return the expected WWW-Authenticate header. This means that if a client is reaching one of these endpoints and is not authenticated, he will not be given the opportunity to authenticate. This goes against the registry API specs and what DockerHub does.

      For example:

      Artifactory (4.14.1)

      curl -vvv http://localhost:32768/artifactory/api/docker/docker-local/v2/ : WWW-Authenticate: Bearer realm="http://localhost:32768/artifactory/api/docker/docker-local/v2/token",service="localhost:32768",scope="repository:docker-local:pull,push"

      curl -vvv http://localhost:32768/artifactory/api/docker/docker-local/v2/_catalog: WWW-Authenticate: Basic realm="Artifactory Realm"

      curl -vvv http://localhost:32768/artifactory/api/docker/docker-local/v2/hello-world/manifests/latest: WWW-Authenticate: Basic realm="Artifactory Realm"

      DockerHub

      curl -vvv https://index.docker.io/v2/: Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"

      curl -vvv https://index.docker.io/v2/_catalog: Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="registry:catalog:*"

      curl -vvv https://index.docker.io/v2/hello-world/manifests/latest: Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:hello-world:pull"

      For the most part, users using the Docker client will be okay since they will typically login first but other services that rely on the specs behavior may fail.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yuvalr Yuval Reches
                Reporter:
                arturoa Arturo Aparicio
                Assigned QA:
                Mor Iluz (Inactive)
              • Votes:
                3 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: