UNCLASSIFIED - NO CUI

Skip to content

Anchore SSO Fail to Setup

addons:
  anchore:
    adminPassword: admin
    sso:
      enabled: true
      client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-anchore
    enterprise:
      enabled: true
      licenseYaml: |
        details:
          - version: '1.0'
          - product:
              - name: Anchore Enterprise
              - description: Anchore Enterprise Manager
              - type: enterprise
          - entitlements:
              - Third_Party_Feeds
         ...rest obfuscated

UI does not allow logging in with admin/admin username and password and the sso configuration script fails to run:

kl -n anchore configure-sso-x7fvt -f
+ cd /tmp
++ grep -oP '^\s*"name"\s*:\s*"\K(.*)(?=",?\s*$)' anchore-sso.json
+ SSO_NAME=keycloak
++ grep -oP '^\s*"idp_metadata_url"\s*:\s*"\K(.*)(?=",?\s*$)' anchore-sso.json
+ IDP_URL=https://login.dso.mil/auth/realms/baby-yoda/protocol/saml/descriptor
++ curl -sw '%{http_code}' https://login.dso.mil/auth/realms/baby-yoda/protocol/saml/descriptor -o /dev/null
+ '[' 200 -ne 200 ']'
+ echo 'IdP URL is live...'
IdP URL is live...
++ curl -sw '%{http_code}' http://anchore-anchore-engine-api:8229/v1/swagger.json -o /dev/null
+ '[' 200 -ne 200 ']'
+ echo 'Anchore Engine is live...'
Anchore Engine is live...
++ curl -sw '%{http_code}' -u admin:admin http://anchore-anchore-engine-api:8229/v1/saml/idps/keycloak -o /dev/null
+ '[' 401 -ne 200 ']'
+ echo 'Applying SAML config to Anchore...'
+ curl -vvv --fail -u admin:admin -d @anchore-sso.json -H 'Content-Type: application/json' http://anchore-anchore-engine-api:8229/v1/saml/idps
Applying SAML config to Anchore...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.43.81.170...
* TCP_NODELAY set
* Connected to anchore-anchore-engine-api (10.43.81.170) port 8229 (#0)
* Server auth using Basic with user 'admin'
> POST /v1/saml/idps HTTP/1.1
> Host: anchore-anchore-engine-api:8229
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 434
>
} [434 bytes data]
* upload completely sent off: 434 out of 434 bytes
< HTTP/1.1 401 UNAUTHORIZED
< Server: TwistedWeb/20.3.0
< Date: Wed, 17 Feb 2021 12:06:04 GMT
* Authentication problem. Ignoring this.
< WWW-Authenticate: basic realm="Authentication required"
< Content-Type: text/html; charset=utf-8
< Content-Length: 12
* The requested URL returned error: 401
 97   446    0     0  100   434      0  86800 --:--:-- --:--:-- --:--:-- 86800
* Closing connection 0
curl: (22) The requested URL returned error: 401

UNCLASSIFIED - NO CUI