Comments (15)
I can login now however I do not see any option to change password for admin and/or user. How do we or rather from where do we change the default credentials and how to create additional new users?
from pacbot.
Hello,
I am also facing the exact same issue. Installation went well and at the end it gives the ALB name and the default login credentials but I am unable to login. Is there a mechanism we can reset the password within the database (RDS). If yes, any help on the exact DB/tablename?
from pacbot.
If the install script ran then the username and password should be there and would correct.
Have you looked into the CloudWatch Logs.
Also have you checked ec2/load balancers to make sure the api lb was provisioned.
When i was installing, i bumped into errors related to the api not being there,
although i was fiddling with the tf.
Table Info can be found in DB_With_Values.sql and the tables are oauth_user, oauth_user_credentials
from pacbot.
While installing in the install log, I see the following:
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] api-commons ....................................... SUCCESS [6.039s]
[INFO] commons ........................................... SUCCESS [1.944s]
[INFO] PacMan Commons Projects ........................... SUCCESS [0.006s]
[INFO] admin-service ..................................... SUCCESS [7.911s]
[INFO] asset-service ..................................... SUCCESS [6.058s]
[INFO] config ............................................ SUCCESS [2.932s]
[INFO] compliance-service ................................ SUCCESS [6.590s]
[INFO] notification-service .............................. SUCCESS [3.322s]
[INFO] statistics-service ................................ SUCCESS [5.190s]
[INFO] auth-service ...................................... SUCCESS [2.730s]
[INFO] PacMan Api Projects ............................... SUCCESS [0.101s]
[INFO] inventoryFetch .................................... SUCCESS [26.968s]
[INFO] data-shipper ...................................... SUCCESS [4:40.602s]
[INFO] awsrules .......................................... SUCCESS [4:16.718s]
[INFO] pacman-rule-engine ................................ SUCCESS [6:35.476s]
[INFO] PacMan Jobs Projects .............................. SUCCESS [0.007s]
[INFO] PacBot UI ......................................... SUCCESS [1:28.322s]
[INFO] PacMan ............................................ SUCCESS [0.006s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 18:11.729s
[INFO] Finished at: Sun Oct 21 11:36:48 UTC 2018
[INFO] Final Memory: 367M/689M
[INFO] ------------------------------------------------------------------------
And at last I see the login details:
********** Login Domain: pacman-alb-uijobs-123456789.eu-central-1.elb.amazonaws.com
***************** Admin: [email protected] / pacman
****************** User: [email protected] / user
Now when I hit the ELB, I get "Authentication Failed. Please check your credentials". In the Cloudwatch logs, I see the following:
10.145.1.68 - - [21/Oct/2018:14:12:46 +0000] "HEAD /favicon.ico?_=1540131166427 HTTP/1.1" 200 0 "http://pacman-alb-uijobs-123456789.eu-central-1.elb.amazonaws.com/home/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
I checked the oauth_user table in RDS and it has properly created the entries:
MySQL [pacmandata]> select * from oauth_user;
+----+------------------+-----------+------------+-----------+------------------+---------------------+---------------------+
| id | user_id | user_name | first_name | last_name | email | created_date | modified_date |
+----+------------------+-----------+------------+-----------+------------------+---------------------+---------------------+
| 1 | [email protected] | user | user | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
| 2 | [email protected] | admin | admin | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
+----+------------------+-----------+------------+-----------+------------------+---------------------+---------------------+
2 rows in set (0.00 sec)
I tried to update passwords for both the IDs but the problem remains the same:
MySQL [pacmandata]> UPDATE oauth_user_credentials SET password=PASSWORD('pacmanadminandadmin') WHERE id='2';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MySQL [pacmandata]> UPDATE oauth_user_credentials SET password=PASSWORD('pacmanuseranduser') WHERE id='1';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
I even tried to add a new user, assign it a password, rebooted the RDS couple of times but no change:
MySQL [pacmandata]> select * from oauth_user;
+----+------------------+-----------+------------+-----------+----------------------------+---------------------+---------------------+
| id | user_id | user_name | first_name | last_name | email | created_date | modified_date |
+----+------------------+-----------+------------+-----------+----------------------------+---------------------+---------------------+
| 1 | [email protected] | user | user | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
| 2 | [email protected] | admin | admin | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
| 3 | vasasas | vasasas | uisasas | dfdfd | [email protected] | 0000-00-00 00:00:00 | 0000-00-00 00:00:00 |
+----+------------------+-----------+------------+-----------+----------------------------+---------------------+---------------------+
3 rows in set (0.00 sec)
MySQL [pacmandata]> select * from oauth_user_credentials;
+------+-------------------------------------------+------+
| id | password | type |
+------+-------------------------------------------+------+
| 1 | *3B70875611725DBBEC28C0DD7E3F158484AE0088 | db |
| 2 | *FCA43DB90052EB7A11E499EFE490726FC59A1BE6 | db |
| 3 | *C9F5269B533E90C89B405D1058ADBBC7FEF14595 | db |
+------+-------------------------------------------+------+
3 rows in set (0.00 sec)
Also I have both the Load Balancers in place. One for application (oss-api) and one for UI (oss-ui). Application LB is an internal one whereas I wanted to have the UI LB as Internet facing so I changed the value of internal as false to the file /tmp/usr/src/pacbot/1540131500.32/installer/terraform/oss-ui/ecs-ui.tf and hence the UI LB is internet facing.
Also the APP LB had 7 to 8 target groups whereas the UI LB had 1 target group pointing to the nginx containter hosted in ECS.
I am not getting where is the issue.
from pacbot.
If you look at my original message you would see the error is not with the user credentials rather it says "Client Validation Failed". This is the response you see upon failed login.
{"success":false,"message":"Client Validation Failed!!!"}
The error message almost seems like an issue with OAuth authentication where the Client is not getting recognized. (not sure whether pacbot is using OAuth for local authentication). If indeed if its using OAuth then this could be due to 2 reasons.
- Either the client is not sending the clientID/client secret in the request. I haven't checked that closely. (Then it is an UI issue).
- The client is not getting recognized by the OAuth provider (meaning the client is not registered properly).
from pacbot.
I had this problem because the UI service was sending me to an incorrect API service endpoint. You can confirm this by using the Developer Tools in your browser and look for failed network requests in the console. In my case there was a Cross Site Scripting error.
The URL will look something like 'http://internal-pacman-alb-apijobs-661475303.ap-so….amazonaws.com' - make sure this is the same URL as your load balancer.
I had to run the destroy command, then manually (RDS, Redshift, ES ,Batch) check that everything has been properly removed (including Subnet Groups, Option Groups, Security Groups etc). I think (but am not sure) the root cause may have been that I tried to run the installation twice when it was interrupted the first time.
from pacbot.
{"success":false,"message":"Client Validation Failed!!!"}
The above issue mostly comes if there is no client credentials details registered under oauth_client_details table.
You can find the details in the below location
https://github.com/tmobile/pacbot/blob/installer/installer/terraform/oss-api/DB.sql#L955
Please ensure this is done correctly from your part
from pacbot.
OK. I checked the database oauth_client_details
and I could see the entry you referred above.
select * from oauth_client_details;
+--------------------------------------+--------------+-----------------------------------------------+-----------------+-----------------------------------------------------------------------+-------------------------+-----------------------+-----------------------+------------------------+------------------------+-------------+
| client_id | resource_ids | client_secret | scope | authorized_grant_types | web_server_redirect_uri | authorities | access_token_validity | refresh_token_validity | additional_information | autoapprove |
+--------------------------------------+--------------+-----------------------------------------------+-----------------+-----------------------------------------------------------------------+-------------------------+-----------------------+-----------------------+------------------------+------------------------+-------------+
| 22e14922-87d7-4ee4-a470-da0bb10d45d3 | NULL | csrWpc5p7JFF4vEZBkwGCAh67kGQGwXv46qug7v5ZwtKg | resource-access | implicit,authorization_code,refresh_token,password,client_credentials | NULL | ROLE_CLIENT,ROLE_USER | NULL | NULL | NULL | |
+--------------------------------------+--------------+-----------------------------------------------+-----------------+-----------------------------------------------------------------------+-------------------------+-----------------------+-----------------------+------------------------+------------------------+-------------+
I also checked the tables oauth_user
and oauth_user_credentials
and could see the admin and the user records on those tables.
I again checked the developer console in the browser to look at the request being sent during the login. (/api/auth/user/login)
clientId: pacman2_api_client
password: pacman
username: [email protected]
I don't see any reference of clientId pacman2_api_client
in any of the oauth tables. Is the clientId mapped in your JS at the UI.
from pacbot.
Though I have destroyed the setup, I do remember the table oauth_client_details contained all the required entries as shown above by ramamoob. I strongly feel the clientId is mapped in your JS and that is not getting called properly.
from pacbot.
i just had a similar issue
I reproduced by having a working environment, destroying and re-building it.
I was getting a 502 Bad Gateway when calling the auth service
I checked the api and it was calling the correct alb address.
I looked into the Cloudwatch logs for the auth service and noticed this line
2018-10-28 14:52:01.208 INFO 40 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at: http://pacman-alb-apijobs-237502625.us-east-1.elb.amazonaws.com/api/config
java.lang.IllegalStateException: Could not locate PropertySource and the fail fast property is set, failing
And then i looked into the Config Service Cloud watch and noticed this
Fatal error: An error occurred (404) when calling the HeadObject operation: Key "config.jar" does not exist
I think there are some cases on a redeploy where the services do not fully deploy, and for me i have had to destroy and recreate in order to fix.
from pacbot.
We have added it as feature request and will be rolling out it on upcoming releases.
from pacbot.
FAQ available for adding a new user
https://github.com/tmobile/pacbot/wiki/FAQS#how-can-i-add-a-new-user-
from pacbot.
Why the issue is closed ?
What's the solutions for this Issue #20 ?
I have been trying to install the Pacbot and the whole infrastructure deployed without any failures but when trying to login it shows authentication failed ?
from pacbot.
did you followed steps mentioned here.
https://github.com/tmobile/pacbot/wiki/FAQS#how-can-i-add-a-new-user-
from pacbot.
Yes, I have followed the above steps:
from pacbot.
Related Issues (20)
- Data is not reflecting in dashboard
- Installer hangs on ECS tasks HOT 2
- Not able to Login in PacBot Dashboard
- Installation issues HOT 2
- Compliance Mapping
- How to run java spring backend auth api locally? HOT 1
- For year 2021 onward what is the approximate AWS cost per month
- No argument or block type is named "values". HOT 2
- Dependency org.apache.httpcomponents:httpclient, leading to CVE problem HOT 1
- Does Pacbot scan the cloud or the cloud infrastructure code (eg, like TF scripts) HOT 3
- Does Pacbot use AWS API and Azure APIs to fetch assets? HOT 1
- Can we add AWS account from UI HOT 1
- How is compliance grouped?
- Does PacBot do workload scanning
- Installation issue HOT 7
- Lambda full access role issue
- Is PacBot still getting updated or is it deprecated? if yes is there a reason for depreciating pacbot?
- Is this project active? HOT 1
- PacBot Installation Error on Ubuntu Checking user-attached policies ...................................................... [Not Present]
- Use of string instead of byte[]
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pacbot.