I have configured everything (Tyk and OpenLDAP) fresh on an Ubuntu 14.04.02 VM since my previous configuration apparently had some issues.
Tyk works fine. OpenLDAP works fine too. Now I need to get the OpenLDAP work with Tyk (the simplest scenario). However, currently I am unable to perform any Identity Management Actions.
Every time I click the “Identity Management Profiles” option
http://dashboard.tyk-local.com:3000/#/tib/profiles
I get the below error in TIB:
ERRO[0004] [API] Authorization failed: Header mismatch
I also get the error:
[May 18 16:39:30] ERROR TIB: Request failed: Did not receive code:200 got: 401
in the dashboard log.
The Dashboard always indicates,
!Error
TIB: Request failed.
The TIB start-up logs indicate the below:
^Cpradeeban@pradeeban-VirtualBox:~/programs/tib-v0.1$ ./tib
toth/tothic: no SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.
INFO[0000] Tyk Identity Broker v0.1
INFO[0000] Copyright Martin Buhr 2016
INFO[0000] [MAIN] Initialising Profile Configuration Store
INFO[0000] [IN-MEMORY STORE] Initialised
INFO[0000] [MAIN] Initialising Identity Cache
INFO[0000] [REDIS STORE] Initialised
INFO[0000] [FILE LOADER] Loaded: 1 profiles from profiles.json
INFO[0000] [MAIN] Broker Listening on :3010
Probably, I do not even understand what are a few of these parameters.
profiles.json
I got the OrgID from a curl response, such as,
curl -H “Authorization: e6d2926b358f43a0497850012c373b90” \ …
So I assume I got that right.
LDAP port and LDAP server are OpenLDAP default, and are correct.
I am not sure about the ProviderConstraints. So I left them unchanged - empty domain and group.
“ReturnURL”: “http://portal.tyk-local.com:3000/portal/sso/”,
here,
portal.tyk-local.com is reserved in /etc/hosts as
127.0.0.1 portal.tyk-local.com
But never used anywhere else.
changing it to,
“ReturnURL”: “http://dashboard.tyk-local.com:3000/portal/sso/”,
made no difference.
"LDAPUserDN": "cn=*USERNAME*,cn=admin,ou=Groups,dc=my-domain,dc=com"
should be correct, as ,cn=admin,ou=Groups,dc=my-domain,dc=com is fine.
My complete profiles.json is,
[{
“ActionType”: “GenerateOrLoginDeveloperProfile”,
“ID”: “5”,
“IdentityHandlerConfig”: {
“DashboardCredential”: “573cb5c7a57deb1f78000001198fa5db868d42ff47dc56fa4a8080fd”
},
“OrgID”: “573cb5c7a57deb1f78000001”,
“ProviderConfig”: {
“FailureRedirect”: “http://portal.tyk-local.com:3000/portal/login/”,
“LDAPAttributes”: [],
“LDAPPort”: “389”,
“LDAPServer”: “localhost”,
“LDAPUserDN”: “cn=USERNAME,cn=admin,ou=Groups,dc=my-domain,dc=com”
},
“ProviderConstraints”: {
“Domain”: “”,
“Group”: “”
},
“ProviderName”: “ADProvider”,
“ReturnURL”: “http://portal.tyk-local.com:3000/portal/sso/”,
“Type”: “passthrough”
}
]
#tib.conf
I have left “Secret” to be “secret” (My OpenLDAP secret). Which is this secret?
I do not have server.pem, server.key, or even .certs folder.
I left the Backend configurations to be default.
I have done the relevant TykAPISettings. However, I have left the “AdminSecret” entries to their default, as I am not sure what are these two admin secrets.
My complete tib.conf is,
{
“Secret”: “secret”,
“HttpServerOptions”: {
“UseSSL”: false,
“CertFile”: “./certs/server.pem”,
“KeyFile”: “./certs/server.key”
},
“BackEnd”: {
“Name”: “in_memory”,
“ProfileBackendSettings”: {},
“IdentityBackendSettings”: {
“Hosts” : {
“localhost”: “6379”
},
“Password”: “”,
“Database”: 0,
“EnableCluster”: false,
“MaxIdle”: 1000,
“MaxActive”: 2000
}
},
“TykAPISettings”: {
“GatewayConfig”: {
“Endpoint”: “http://dashboard.tyk-local.com”,
“Port”: “8080”,
“AdminSecret”: “54321”
},
“DashboardConfig”: {
“Endpoint”: “http://dashboard.tyk-local.com”,
“Port”: “3000”,
“AdminSecret”: “12345”
}
}
}
Please let me know where am I going wrong.
Thank you.
Regards,
Pradeeban.