Failed to login

[vuxuanlai]

Hi, I can not login to AKHQ UI via basic-auth. The following is my configure:

micronaut:
  security:
    enabled: false
    # Ldap authentificaton configuration
    ldap:
      default:
        enabled: true
        context:
          server: 'ldap://ldap.forumsys.com:389'
          managerDn: 'cn=read-only-admin,dc=example,dc=com'
          managerPassword: 'password'
        search:
          base: "dc=example,dc=com"
        groups:
          enabled: true
          base: "dc=example,dc=com"
    # OIDC authentification configuration
    oauth2:
      enabled: true
      clients:
        oidc:
          client-id: "<client-id>"
          client-secret: "<client-secret>"
          openid:
            issuer: "<issuer-url>"
    token:
      jwt:
        signatures:
          secret:
            generator:
              secret: pleasechangeme

  server:
    context-path: "/" # if behind a reverse proxy, path to akhq without trailing slash (optional). Example: akhq is
                     # behind a reverse proxy with url http://my-server/akhq, set base-path: "/akhq".
                     # Not needed if you're behind a reverse proxy with subdomain http://akhq.my-server/
akhq:
  server:
    access-log: # Access log configuration (optional)
      enabled: true # true by default
      name: org.akhq.log.access # Logger name
      format: "[Date: {}] [Duration: {} ms] [Url: {} {}] [Status: {}] [Ip: {}] [User: {}]" # Logger format

  # default kafka properties for each clients, available for admin / producer / consumer (optional)
  clients-defaults:
    consumer:
      properties:
        isolation.level: read_committed

  # list of kafka cluster available for akhq
  connections:
    my-cluster-plain-text: # url friendly name for the cluster (letter, number, _, -, ... dot are not allowed here)
      properties: # standard kafka properties (optional)
        bootstrap.servers: "<server1>:9092,<server2>:9092,<server3>:9092"

  pagination:
    page-size: 25 # number of elements per page (default : 25)
    threads: 16 # Number of parallel threads to resolve page

  # Topic list display options (optional)
  topic:
    retention: 172800000 # default retention period when creating topic
    partition: 3 #  default number of partition when creating topic
    replication: 3 # default number of replicas when creating topic
    default-view: HIDE_INTERNAL # default list view (ALL, HIDE_INTERNAL, HIDE_INTERNAL_STREAM, HIDE_STREAM)
    internal-regexps: # list of regexp to be considered as internal (internal topic can't be deleted or updated)
      - "^_.*$"
      - "^.*_schemas$"
      - "^.*connect-config$"
      - "^.*connect-offsets$1"
      - "^.*connect-status$"
    stream-regexps: # list of regexp to be considered as internal stream topic
      - "^.*-changelog$"
      - "^.*-repartition$"
      - "^.*-rekey$"

  # Topic display data options (optional)
  topic-data:
    sort: OLDEST # default sort order (OLDEST, NEWEST) (default: OLDEST)
    size: 50 # max record per page (default: 50)
    poll-timeout: 1000 # The time, in milliseconds, spent waiting in poll if data is not available in the buffer.

  # Auth & Roles (optional)
  security:
    default-group: admin # Default groups for all the user even unlogged user
    # Groups definition
    groups:
      - name: admin # Group name
        roles:  # roles for the group
          - topic/read
          - topic/insert
          - topic/delete
          - topic/config/update
          - node/read
          - node/config/update
          - topic/data/read
          - topic/data/insert
          - topic/data/delete
          - group/read
          - group/delete
          - group/offsets/update
          - registry/read
          - registry/insert
          - registry/update
          - registry/delete
          - registry/version/delete
          - acls/read
          - connect/read
          - connect/insert
          - connect/update
          - connect/delete
          - connect/state/update
        attributes:
          # Regexp to filter topic available for group
          topics-filter-regexp: "test.*"
      - name: topic-reader # Other group
        roles:
          - topic/read
        attributes:
          topics-filter-regexp: "test\\.reader.*"

    # Basic auth configuration
    basic-auth:
      - username: user
        password: d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1
        groups: # Groups for the user
          - admin
          - topic-reader

    # Ldap Groups configuration (when using ldap)
    ldap:
      default-group: topic-reader
      groups:
        - name: group-ldap-1
          groups: # Akhq groups list
            - topic-reader
        - name: group-ldap-2
          groups:
            - admin
      users:
        - username: riemann # ldap user id
          groups: # Akhq groups list
            - topic-reader
        - username: einstein
          groups:
            - admin

    # OIDC configuration
    oidc:
      enabled: false
      providers:
        oidc:
          label: "Login with OIDC"
          username-field: preferred_username
          groups-field: roles
          default-group: topic-reader
          groups:
            - name: oidc-admin-group
              groups:
                - admin
          users:
            - username: einstein
              groups:
                - admin

[vuxuanlai]

@tchiotludo please help me to resolve this issue. Thanks.

[tchiotludo]

It don't work don't help a lot :) What is exactly your issue.

First thing I see, you need to enable security :

micronaut:
  security:
    enabled: true

[vuxuanlai]

The same status. I used user/pass to login on UI page. However I still can't login.

[tchiotludo]

must be the configuration files that is invalid. Please remove all the default value from the yaml and post here the only thing you update. Please provide also information that can help : deployment method (docker, jar, ...), akhq version, ....

You should understand that I'm blindness and only a big yaml with all defaults values can't be help me ...

[vuxuanlai]

I changed file application.yml as below:

micronaut:
  ...
  server:
    context-path: "/"
    ...
akhq:
   ...
   connections:
    my-cluster-plain-text: 
      properties: 
        bootstrap.servers: "kafka-server:9092"
    ...
   security:
    ...
      basic-auth:
      - username: user
        password: d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1
       ...
       ...
      oidc:
        enabled: false
      ...

and I run it on docker with cmd:

docker run -d \
    -p 8080:8080 \
    -v /tmp/application.yml:/app/application.yml \
    tchiotludo/akhq:latest

[vuxuanlai]

Hi, I resolved the problem. I updated my configure as below

micronaut:
  security:
    enabled: true
    endpoints:
      login:
        enabled: true
      logout:
        enabled: true
akhq:
  connections:
    kafkanonprod:
      properties:
        bootstrap.servers: kafka-server:9092"
  security:
    default-group: default 
    groups:
      - name: admin
        roles:
          - topic/read
          - topic/insert
          - topic/delete
          - topic/config/update
          - node/read
          - node/config/update
          - topic/data/read
          - topic/data/insert
          - topic/data/delete
          - group/read
          - group/delete
          - group/offsets/update
          - registry/read
          - registry/insert
          - registry/update
          - registry/delete
          - registry/version/delete
          - acls/read
          - connect/read
          - connect/insert
          - connect/update
          - connect/delete
          - connect/state/update
        attributes:
          topics-filter-regexp: ".*"
      - name: default
    basic-auth:
      - username: admin # Username
        password: d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1 # Password in sha256
        groups: # Groups for the user
          - admin