Permission denied when using TLS Certificates authentication

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault

http://cloud.spring.io/spring-cloud-vault/

Apache License 2.0

272 stars 151 forks source link

Permission denied when using TLS Certificates authentication #590

Closed nkvaratskhelia closed 3 years ago

nkvaratskhelia commented 3 years ago

When using certificate authentication, I'm getting a org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: [{"errors":["1 error occurred:\n\t* permission denied\n\n"]} exception.

I tried logging in with Postman, using the api request described here: https://www.vaultproject.io/docs/auth/cert and it seems to work:

Minimal reproducer: https://github.com/nkvaratskhelia/vault-demo You only need to add a store.p12 file to resources.

mp911de commented 3 years ago

Please fix ACL and roles on your Vault server. The cert login itself works. Spring Cloud Vault uses the returned token and cannot do anything unless the server side is configured correctly.

nkvaratskhelia commented 3 years ago

Fixed ACL policy associated with the tokens generated during certificate auth and it helped. Thank you for the tip.