[RTFACT-16533] Access Federation - Tokens - from * is not working Created: 29/Apr/18  Updated: 30/Apr/18  Resolved: 30/Apr/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Access Tokens
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0

Type: Bug Priority: Normal
Reporter: Rotem Kfir Assignee: Noam Shemesh
Resolution: Fixed Votes: 0
Labels: None

Assigned QA: Rotem Kfir
Sprint: Leap 30

 Description   

1) Define service mapping in the target artifactory with from *:

curl -uaccess-admin:password "http://localhost:8082/access/api/v1/config" -XPATCH -H "Content-Type: application/json" -v -d '{"config":"federation:\n  inbound:\n    service-id-mapping: \n    - from: jfrt@*\n      to: jfrt@01cc8k2raa3pkq1bna3rkw0exf"}'

2) create a token at the source artifactory (e.g. a token that belongs to a group with admin privileges)

curl -uadmin:password -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=rotemk" -d "scope=member-of-groups:GroupDeleteRepo"

3) try to use it at the target artifactory (e.g. delete a repo)

curl -urotemk:eyJ2Z... -XDELETE "http://localhost:8082/artifactory/api/repositories/maven-local2"

 

Expected: Repository maven-local2 and all its content have been removed successfully.

Actual: {
"errors" : [

{ "status" : 401, "message" : "Token failed verification: audience" }

]
}

 

Note that when the service mapping is from a specific service id, the above works fine.

 

 


Generated at Wed Oct 23 00:10:06 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.