search

cyberark / conjur-quickstart

Start securing your secrets and infrastructure by installing Conjur, using Docker and the official Conjur containers on DockerHub.
Apache License 2.0
33 stars 36 forks source link

API key for admin as password - password not accepted. #58

Closed Janr2 closed 6 months ago

Janr2 commented 6 months ago

Summary

Hi

We are trying the Conjur quickstart found here: https://github.com/cyberark/conjur-quickstart# Please assist in finding an acceptable password.

Thanks so much.

Steps to Reproduce

  1. Set up a Conjur Open Source environment step 1-6
  2. Step 1 at Define policy - password not accepted.

Expected Results

password to be accepted.

Actual Results

All the steps in "Set up a Conjur Open Source environment" works fine.

podman compose exec conjur conjurctl account create myConjurAccount > admin_data

Created new account 'myConjurAccount' Token-Signing Public Key: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8uSbwrtzOsNQB7/WkpzV E0ccjESrkAnDXZ+R2I+A0TERbYyfB6thKtW1uk97HvdCjC56SfN7aFaQhKxIoh+w TabCERyW1GA2yD5NOE4PMce2D9yWMRrOY2aGd19Z1KnzmIwVYjojyZb1DXcBgl6K 80d0B4a/N5ahBo4ZAMhhGVDQ8Hxp9t3VIeCh+E8QxDwVHIDsKOQEYdGXflSrFwC2 D4tWhY4ljH1+Btdk1VWME1qqdqNjaozA1acUu01TYgDOQ1LmqH373yI4pwyln02M Kb+GJrLOlvviGg8pmOF1vIKqa1IDnOs/n5Jzqs8ngfoqm2/pi/1E84JTvCCbGKFi 7QIDAQAB -----END PUBLIC KEY----- API key for admin: 364hdyy3j0xk6x1d895nn78hmaw2t6ebqx22tse3av4nb1g2zepcg9

Warning: Using self-signed certificates is not recommended and could lead to exposure of sensitive data

The server's certificate fingerprint is BFCB5A7B089F587E55DE5F1234AD14C78B5499F1. Please verify this certificate on the appliance using command: openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem

? Trust this certificate? Yes Wrote certificate to /root/conjur-server.pem Wrote configuration to /root/.conjurrc

The problem starts here: https://github.com/cyberark/conjur-quickstart#define-policy At point 1.

Enter the API key for admin as password for this step.

podman compose exec client conjur login -i admin

? Please enter your password (it will not be echoed): ******************************************************
Error: Unable to authenticate with Conjur. Please check your credentials.
Error: executing /usr/bin/docker-compose exec client conjur login -i admin: exit status 1

Reproducible

Version/Tag number

nexus.bmwgroup.net/postgres                        15          7fd3f745e3f1  3 weeks ago   433 MB
nexus.bmwgroup.net/nginx                           latest      e4720093a3c1  4 weeks ago   191 MB
nexus.bmwgroup.net/dpage/pgadmin4                  latest      a0786aa69feb  5 weeks ago   489 MB
nexus.bmwgroup.net/cyberark/conjur-cli             8           d62cfa549ec9  4 months ago  14.8 MB
nexus.bmwgroup.net/cyberark/conjur                 latest      3e50a4ba543b  5 months ago  375 MB
nexus.bmwgroup.net/cfmanteiga/alpine-bash-curl-jq  latest      3b21d4d5b512  6 years ago   12.3 MB
CONTAINER ID  IMAGE                                                     COMMAND               CREATED         STATUS         PORTS                                                     NAMES
307019ab0089  nexus.bmwgroup.net/cfmanteiga/alpine-bash-curl-jq:latest  tail -F anything      20 minutes ago  Up 20 minutes                                                            bot_app
438bf20e4144  nexus.bmwgroup.net/postgres:15                            postgres              20 minutes ago  Up 20 minutes  0.0.0.0:8432->5432/tcp                                    postgres_database
0f22cad1de93  nexus.bmwgroup.net/dpage/pgadmin4:latest                                        20 minutes ago  Up 20 minutes  0.0.0.0:8081->80/tcp                                      conjur-quickstart-pgadmin-1
205161aa916f  nexus.bmwgroup.net/cyberark/conjur:latest                 server                20 minutes ago  Up 20 minutes  0.0.0.0:8080->80/tcp                                      conjur_server
5cb5e8087d5d  nexus.bmwgroup.net/nginx:latest                           nginx -g daemon o...  20 minutes ago  Up 20 minutes  0.0.0.0:8443->443/tcp                                     nginx_proxy
bbeafe80bdeb  nexus.bmwgroup.net/cyberark/conjur-cli:8                  infinity              20 minutes ago  Up 20 minutes                                                            conjur_client

Environment setup

VERSION="15-SP5" podman-4.8.3-150500.3.6.1.x86_64 docker-compose-switch-1.0.5-bp155.1.10.x86_64 docker-compose-2.14.2-bp155.1.6.x86_64

Additional Information

Add any other context about the problem here.

szh commented 6 months ago

Can you please confirm that for the password you're entering the API key exactly (in this case 364hdyy3j0xk6x1d895nn78hmaw2t6ebqx22tse3av4nb1g2zepcg9)? Please also retry the login command with the -d flag to include debug logging and post that here.

Janr2 commented 6 months ago

Hi szh

Thank you for the -d x509: certificate is valid for localhost, proxy, not srv01vm.group.net

Added to the tls.conf and is now logged in.

Janr2 commented 6 months ago

VERSION="SLES15-SP5"

Resolved, thank you.