Closed baszoetekouw closed 1 year ago
Confirmed! this call
╰─▶ curl -v -H "Authorization: Bearer abcde_fout" -H "Content-Type: application/json" -X POST -d '{"hallo": "bla"}' https://test.sram.surf.nl/pam-weblogin/start
gives this error:
Feb 27 15:07:25 app1-tf1 nginx[616]: 10.24.0.20 145.90.230.170 - [27/Feb/2023:15:07:25 +0000] "test.sram.surf.nl" "POST /pam-weblogin/start HTTP/1.1" 401 121 "-" "curl/7.86.0"
Feb 27 15:07:39 app1-tf1 python[448032]: WARNI [validate_service_token] user: ext_api, Invalid service_token: {'hallo': 'bla'}
Feb 27 15:07:39 app1-tf1 python[448032]: ERROR [base] user: ext_api, <Response 121 bytes [401 UNAUTHORIZED]>
Feb 27 15:07:39 app1-tf1 python[448032]: Traceback (most recent call last):
Feb 27 15:07:39 app1-tf1 python[448032]: File "/opt/sbs/sbs/server/api/base.py", line 161, in wrapper
Feb 27 15:07:39 app1-tf1 python[448032]: body, status = f(*args, **kwargs)
Feb 27 15:07:39 app1-tf1 python[448032]: File "/opt/sbs/sbs/server/api/pam_websso.py", line 75, in start
Feb 27 15:07:39 app1-tf1 python[448032]: service = validate_service_token("pam_web_sso_enabled")
Feb 27 15:07:39 app1-tf1 python[448032]: File "/opt/sbs/sbs/server/auth/tokens.py", line 29, in validate_service_token
Feb 27 15:07:39 app1-tf1 python[448032]: raise Unauthorized()
Feb 27 15:07:39 app1-tf1 python[448032]: werkzeug.exceptions.Unauthorized: 401 Unauthorized: Unauthorized 401: http://test.sram.surf.nl/pam-weblogin/start. IP: 145.90.230.170, 10.24.0.20
When a pam-weblogin service uses a wrong config, it is currently hard to debug what exactly is going wrong.
For example, we only see errors like:
In such a case, it would make sense to see the json body of the request to debug the error.