I'm testing Apicurio in a AKS cluster where I have deployed Strimzi Kafka. Right now I'm just trying to secure Apicurio using EntraID, so that it's not completely open.
I tried with roles enabled as well and configured them in the App registration as mentioned in the documentation above.
Expected vs Actual Behaviour
The expected behaviour is that I'm able to login using EntraID in the UI, but it doesn't work and I get a page with the following details:
"message": "Request failed with status code 401",
"status": 401,
"error": {
"message": "User is not authenticated.",
"error_code": 401,
"detail": "UnauthorizedException: User is not authenticated.",
"name": "UnauthorizedException"
},
"jaxrsResponse": null
}
Logs
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.registry.ui.URLUtil] (executor-thread-3) Generating absolute URL: Using X-Forwarded-Host header value for the host.
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.registry.ui.URLUtil] (executor-thread-3) Generating absolute URL: http://my-hostname.com/ui/config.js -> https://my-hostname.com/apis/registry
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for registry.ui.features.readOnly in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for registry.ui.features.readOnly in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for registry.auth.owner-only-authorization in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for registry.auth.owner-only-authorization in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.SynchronousDispatcher] (executor-thread-3) RESTEASY002315: PathInfo: /apis/registry/v2/search/artifacts
2024-06-14 15:17:55 DEBUG <> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for app.authn.basic-auth-client-credentials.enabled in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for app.authn.basic-auth-client-credentials.enabled in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for registry.auth.anonymous-read-access.enabled in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 DEBUG <_> [io.apicurio.common.apps.config.impl.DynamicConfigSource] (executor-thread-3) Could not get dynamic configuration value for registry.auth.anonymous-read-access.enabled in thread executor-thread-3. Storage returned null.
2024-06-14 15:17:55 WARN <_> [io.apicurio.registry.auth.AuthorizedInterceptor] (executor-thread-3) Authentication credentials missing and required for protected endpoint.
2024-06-14 15:17:55 INFO <_> [io.apicurio.common.apps.logging.audit.AuditLogService] (executor-thread-3) apicurio.audit action="request" result="failure" src_ip="x.x.x.x" x_forwarded_for="x.x.x.x" path="/apis/registry/v2/search/artifacts" response_code="401" method="GET" user=""
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl] (executor-thread-3) MessageBodyWriter: org.jboss.resteasy.core.providerfactory.SortedKey
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl] (executor-thread-3) MessageBodyWriter: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.ServerResponseWriter] (executor-thread-3) MessageBodyWriter: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl] (executor-thread-3) MessageBodyWriter: org.jboss.resteasy.core.providerfactory.SortedKey
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext] (executor-thread-3) Interceptor Context: org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext, Method : proceed
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl] (executor-thread-3) MessageBodyWriter: org.jboss.resteasy.core.providerfactory.SortedKey
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext] (executor-thread-3) MessageBodyWriter: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
2024-06-14 15:17:55 DEBUG <_> [org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider] (executor-thread-3) Provider : org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider, Method : writeTo
Description
Registry Version: 2.5.11 Persistence type: in-memory
Environment
I'm testing Apicurio in a AKS cluster where I have deployed Strimzi Kafka. Right now I'm just trying to secure Apicurio using EntraID, so that it's not completely open.
Steps to Reproduce
I tried with roles enabled as well and configured them in the App registration as mentioned in the documentation above.
Expected vs Actual Behaviour
The expected behaviour is that I'm able to login using EntraID in the UI, but it doesn't work and I get a page with the following details:
Logs