Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-31558

Perform client cert auth for requests originating from UI

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Mad-Hatter, 6.0.0, 5.5.0, 5.5.1, 5.5.2
    • Fix Version/s: Mad-Hatter, 6.0.1
    • Component/s: ns_server, UI
    • Labels:
    • Triage:
      Untriaged
    • Is this a Regression?:
      Unknown

      Description

      Currently, we always choose to perform token based auth for all the requests originating from the UI even if client certificate is configured in the browser and client certificate auth is enabled on the server. The expectation is that UI requests be authenticated based on client certificate when client certificate auth is enabled.

        Attachments

        1. certs.tar
          60 kB
        2. CertText.txt
          5 kB

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            ritam.sharma Ritam Sharma added a comment -

            Here are observation with IE and Chrome Browser:

            a) Client auth work works the way described above with different client cert options
            b) For IE and Chrome Browser, in order to access other nodes as new tab, user is presented with login screen again (depending on what the client cert is set to be working)

            For FF the issue of duplicate cert still exists - I have recorded it here of what happens - https://couchbase.zoom.us/recording/share/Y5rwicRFgqQU-vO8FQP8GBdCL9Uxv-zHsLALGB3cxNqwIumekTziMw

            Ajit Yagaty- can you please validate if behavior for IE and Chrome is correct. and let me know how to get the FF to work the same way as chrome and IE.

            Show
            ritam.sharma Ritam Sharma added a comment - Here are observation with IE and Chrome Browser: a) Client auth work works the way described above with different client cert options b) For IE and Chrome Browser, in order to access other nodes as new tab, user is presented with login screen again (depending on what the client cert is set to be working) For FF the issue of duplicate cert still exists - I have recorded it here of what happens - https://couchbase.zoom.us/recording/share/Y5rwicRFgqQU-vO8FQP8GBdCL9Uxv-zHsLALGB3cxNqwIumekTziMw Ajit Yagaty - can you please validate if behavior for IE and Chrome is correct. and let me know how to get the FF to work the same way as chrome and IE.
            Hide
            ritam.sharma Ritam Sharma added a comment -

            Reopening the ticket for issue with FF browser for MacOS and Windows platform.

            Show
            ritam.sharma Ritam Sharma added a comment - Reopening the ticket for issue with FF browser for MacOS and Windows platform.
            Hide
            ajit.yagaty Ajit Yagaty added a comment -

            I am still not able to reproduce this on my macbook. I tried the following:

            • Opened new tab to access the second node in the cluster.
            • Tried to access query node on nodeA (where query was not installed). The UI prompted a link that points to query workbench on nodeB. Upon clicking it I was presented with the query workbench.

            Tried the above on Mihir's laptop and there too it worked fine.
            Ritam Sharma - Can you please share the scripts you are using to generate the certs?

            Show
            ajit.yagaty Ajit Yagaty added a comment - I am still not able to reproduce this on my macbook. I tried the following: Opened new tab to access the second node in the cluster. Tried to access query node on nodeA (where query was not installed). The UI prompted a link that points to query workbench on nodeB. Upon clicking it I was presented with the query workbench. Tried the above on Mihir's laptop and there too it worked fine. Ritam Sharma - Can you please share the scripts you are using to generate the certs?
            Hide
            ritam.sharma Ritam Sharma added a comment -

            Closing out the issue, using the certs by Ajit and fixing serial number with my scripts, dont see the issue anymore. I am going to close out the issue.

            Show
            ritam.sharma Ritam Sharma added a comment - Closing out the issue, using the certs by Ajit and fixing serial number with my scripts, dont see the issue anymore. I am going to close out the issue.
            Hide
            wayne Wayne Siu added a comment -

            Closing per Ritam's comment.

            Show
            wayne Wayne Siu added a comment - Closing per Ritam's comment.

              People

              • Assignee:
                ritam.sharma Ritam Sharma
                Reporter:
                ajit.yagaty Ajit Yagaty
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.