Anchore SSO Fail to Setup
addons:
anchore:
adminPassword: admin
sso:
enabled: true
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-anchore
enterprise:
enabled: true
licenseYaml: |
details:
- version: '1.0'
- product:
- name: Anchore Enterprise
- description: Anchore Enterprise Manager
- type: enterprise
- entitlements:
- Third_Party_Feeds
...rest obfuscated
UI does not allow logging in with admin/admin username and password and the sso configuration script fails to run:
kl -n anchore configure-sso-x7fvt -f
+ cd /tmp
++ grep -oP '^\s*"name"\s*:\s*"\K(.*)(?=",?\s*$)' anchore-sso.json
+ SSO_NAME=keycloak
++ grep -oP '^\s*"idp_metadata_url"\s*:\s*"\K(.*)(?=",?\s*$)' anchore-sso.json
+ IDP_URL=https://login.dso.mil/auth/realms/baby-yoda/protocol/saml/descriptor
++ curl -sw '%{http_code}' https://login.dso.mil/auth/realms/baby-yoda/protocol/saml/descriptor -o /dev/null
+ '[' 200 -ne 200 ']'
+ echo 'IdP URL is live...'
IdP URL is live...
++ curl -sw '%{http_code}' http://anchore-anchore-engine-api:8229/v1/swagger.json -o /dev/null
+ '[' 200 -ne 200 ']'
+ echo 'Anchore Engine is live...'
Anchore Engine is live...
++ curl -sw '%{http_code}' -u admin:admin http://anchore-anchore-engine-api:8229/v1/saml/idps/keycloak -o /dev/null
+ '[' 401 -ne 200 ']'
+ echo 'Applying SAML config to Anchore...'
+ curl -vvv --fail -u admin:admin -d @anchore-sso.json -H 'Content-Type: application/json' http://anchore-anchore-engine-api:8229/v1/saml/idps
Applying SAML config to Anchore...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.43.81.170...
* TCP_NODELAY set
* Connected to anchore-anchore-engine-api (10.43.81.170) port 8229 (#0)
* Server auth using Basic with user 'admin'
> POST /v1/saml/idps HTTP/1.1
> Host: anchore-anchore-engine-api:8229
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 434
>
} [434 bytes data]
* upload completely sent off: 434 out of 434 bytes
< HTTP/1.1 401 UNAUTHORIZED
< Server: TwistedWeb/20.3.0
< Date: Wed, 17 Feb 2021 12:06:04 GMT
* Authentication problem. Ignoring this.
< WWW-Authenticate: basic realm="Authentication required"
< Content-Type: text/html; charset=utf-8
< Content-Length: 12
* The requested URL returned error: 401
97 446 0 0 100 434 0 86800 --:--:-- --:--:-- --:--:-- 86800
* Closing connection 0
curl: (22) The requested URL returned error: 401