Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-16533

Access Federation - Tokens - from * is not working

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.0.0
    • Component/s: Access Tokens
    • Labels:
      None

      Description

      1) Define service mapping in the target artifactory with from *:

      curl -uaccess-admin:password "http://localhost:8082/access/api/v1/config" -XPATCH -H "Content-Type: application/json" -v -d '{"config":"federation:\n  inbound:\n    service-id-mapping: \n    - from: jfrt@*\n      to: jfrt@01cc8k2raa3pkq1bna3rkw0exf"}'

      2) create a token at the source artifactory (e.g. a token that belongs to a group with admin privileges)

      curl -uadmin:password -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=rotemk" -d "scope=member-of-groups:GroupDeleteRepo"

      3) try to use it at the target artifactory (e.g. delete a repo)

      curl -urotemk:eyJ2Z... -XDELETE "http://localhost:8082/artifactory/api/repositories/maven-local2"

       

      Expected: Repository maven-local2 and all its content have been removed successfully.

      Actual: {
      "errors" : [

      { "status" : 401, "message" : "Token failed verification: audience" }

      ]
      }

       

      Note that when the service mapping is from a specific service id, the above works fine.

       

       

        Attachments

          Activity

            People

            • Assignee:
              noams Noam Shemesh
              Reporter:
              rotemk Rotem Kfir
              Assigned QA:
              Rotem Kfir
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: