APIM-cli import breaks feAPIs with basic auth w/out password #470
Comments
|
@rathnapandi this is fixed in 1.14.4 right? |
|
Hi @emmanuel-galindo, Can you test it with latest relelase? |
|
I am having this issue with 1.14.9 yet. Actually, my issue may be different. The password in the file is not getting set at all and it is wiping out the existing one. I will have to test without a password to see if that also breaks it. Ok, after testing it appears that a blank password does not break it, but setting the password in the api config file does not work. |
|
Hi @jschutte27, I can reproduce the issue; will let you know once it is fixed. |
|
Hi @jschutte27, I have fixed the issue. please test it with |
|
Fixed in 1.14.11 |
|
@rathnapandi, Sorry I wasn't able to test before the 1.14.11 release. I did some testing now with it and it still seems to cause issues with basic auth. I ran api get and then api import of one api with a password in the file (authenticationProfiles) and one without the password and they both result in error 500s when being accessed. Api gateway gives: java.lang.NullPointerException: no password specified It seems like apim is removing the password either way and it we need it to ignore the password when missing or set it when provided. Thanks. |
|
Hi @jschutte27, Due to security reasons APIM removes the password field from response for basic and 2-way SSL backend authentication. There are couple of options
Thanks |
|
Sorry, I wasn't clear. I tried importing the file that was exported directly without the password field "authenticationProfiles": [ and by adding the password field. "authenticationProfiles": [ Both ways seem to remove the password from the API so it returns error 500 with the null password stack trace. |
|
I fixed the second item. Can you enable the traffic monitor and see whats being sent from CLI? |
|
I am no longer able to reproduce the first issue (no password)... I don't know what happened this morning but it worked on two different API's now. |
|
I misunderstood your previous comment. It does appear that the import is working correctly now if you specify the password in the api config file. Thanks! |
APIM-CLI version
1.14.2
API-Management version
7.7.3
Bug description
For a feAPI that has an outbound backend servier with BASIC auth, and only username defined and password is empty, "apim api get" retrieves:
" [...]
"authenticationProfiles" : [ {
"name" : "_default",
"isDefault" : true,
"parameters" : {
"username" : "user",
"id" : 0
},
[...]"
Doing an import with this, breaks the feAPI and user gets 500. Exception in logs reads:
"
[...]
nested fault: no password specified
java.lang.NullPointerException: no password specified
at com.vordel.dwe.http.ClientTransaction.basicAuthString(Native Method)
at com.vordel.circuit.net.BasicAuthNConnectionHandler$BasicState.getAuthToken(BasicAuthNConnectionHandler.java:152)
at com.vordel.circuit.net.BasicAuthNConnectionHandler$BasicState.expectContinue(BasicAuthNConnectionHandler.java:191)
[...]"
When setting this basic (user with no password) via API Manager UI, the PUT request body reads as:
" [...]
"authenticationProfiles": [
{
"name": "_default",
"isDefault": true,
"parameters": {
"username": "username",
"id": 0,
"password": ""
},
"type": "http_basic"
}
[...]"
Steps to reproduce
No response
Relevant log output
No response
The text was updated successfully, but these errors were encountered: