Using TIB proxy Authentication with OAuth2,return Authentication Fail

lms008 · September 6, 2018, 8:15am

Hi,
I have configured a profile in TIB as given below:
{
“ActionType”: “GenerateTemporaryAuthToken”,
“ID”: “14”,
“IdentityHandlerConfig”: {
“DashboardCredential”: “16c2a8d539134aca677ef4618cbe109c”,
“DisableOneTokenPerAPI”: false,
“TokenAuth”: {
“BaseAPIID”: “16c2a8d539134aca677ef4618cbe109c”,
“Expires”: 1460549190
}
},
“MatchedPolicyID”: “5b88c1d8e138230c54c37e98”,
“OrgID”: “5b6a9a6b08fc771d8e65ac83”,
“ProviderConfig”: {
“AccessTokenField”: “access_token”,
“ExrtactUserNameFromBasicAuthHeader”: false,
“OKCode”: 200,
“OKRegex”: “”,
“OKResponse”: “”,
“ResponseIsJson”: true,
“TargetHost”: “http://xx.xx.xx.xx:8080/”,
“UsernameField”: “user_name”
},
“ProviderName”: “ProxyProvider”,
“ReturnURL”: “”,
“Type”: “passthrough”
}

the TIB log as:
INFO[0000] Tyk Identity Broker v0.3
INFO[0000] Copyright Martin Buhr 2016

DEBU[0000] [MAIN] Settings Struct: {{http://xx.xx.xx.xx 8080 352d20ee67be67f6340b4c0605b044b7} {http://xx.xx.xx.xx 3000 5b6a9a6b08fc771d8e65ac83}}
INFO[0000] [MAIN] Initialising Profile Configuration Store
INFO[0000] [IN-MEMORY STORE] Initialised
INFO[0000] [MAIN] Initialising Identity Cache
INFO[0000] [REDIS STORE] Initialised
INFO[0000] [FILE LOADER] Loaded: 15 profiles from profiles.json
INFO[0000] [MAIN] Broker Listening on :3010
DEBU[0009] [AUTH HANDLERS] → Looking up profile ID:14
ERRO[0009] [PROXY PROVIDER] Code was: 404

When test the url:
curl -X POST -H ‘Authorization: 352d20ee67be67f6340b4c0605b044b7’ -i ‘http://10.4.2.98:3010/auth/14/proxy’ (get or post request)
return status code is 401 Unauthorized, response content is: Authentication Failed

Where I have configured wrong for profiles.json and tib.conf ?

Thank you for your precious help
MeiSheng.

lms008 · September 6, 2018, 8:20am

the tib.conf as follow:
{
“Secret”: “test-secret”,
“HttpServerOptions”: {
“UseSSL”: false,
“CertFile”: “./certs/server.pem”,
“KeyFile”: “./certs/server.key”
},
“BackEnd”: {
“Name”: “in_memory”,
“ProfileBackendSettings”: {},
“IdentityBackendSettings”: {
“Hosts” : {
“localhost”: “6379”
},
“Password”: “”,
“Database”: 0,
“EnableCluster”: false,
“MaxIdle”: 1000,
“MaxActive”: 2000
}
},
“TykAPISettings”: {
“GatewayConfig”: {
“Endpoint”: “http://xx.xx.xx.xx”,
“Port”: “8080”,
“AdminSecret”: “352d20ee67be67f6340b4c0605b044b7”
},
“DashboardConfig”: {
“Endpoint”: “http://xx.xx.xx.xx”,
“Port”: “3000”,
“AdminSecret”: “5b6a9a6b08fc771d8e65ac83”
}
}
}

for the Social provider(Github) to login dashboard, it is successful, profile configure as follow:
{
“ActionType”: “GenerateOrLoginUserProfile”,
“ID”: “12”,
“IdentityHandlerConfig”: null,
“MatchedPolicyID”: “5b88c1d8e138230c54c37e98”,
“OrgID”: “5b6a9a6ae138230df675f3c0”,
“ProviderConfig”: {
“CallbackBaseURL”: “http://xx.xx.xx.xx:3010”,
“FailureRedirect”: “http://xx.xx.xx.xx:3000/?fail=true”,
“UseProviders”: [{
“Name”: “github”,
“Key”: “6c994e3e522cb12c6d8b”,
“Secret”: “e837a8efa3240ebf73110bedff0a134c4f4b0256”
}]
},
“ProviderConstraints”: {
“Domain”: “”,
“Group”: “”
},
“ProviderName”: “SocialProvider”,
“ReturnURL”: “http://xx.xx.xx.xx:3000/tap”,
“Type”: “redirect”
}

The question is that: how to control the third party user(Github,google+) Access in dashboard? I am not found the Access manage for these user.