Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-7919

3scale wasm auth module does not work with HTTPS

    XMLWordPrintable

Details

    • 5
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Hide
      1. provision a 3scale instance on an OpenShift cluster which uses CA signed certificates, e.g. LetsEncrypt (RHOAM, or through RHPDS)
      2. Configure a product on 3scale for the bookinfo productpage. In the Deployment settings, choose `Istio`
      3. Create an application for the product
      4. Install service mesh on the cluster
      5. install the bookinfo application on the cluster. Add the bookinfo namespace to the service mesh
      6. Install the ServiceEntry and the ServiceMeshExtension CR's for the 3scale wasm auth module. Make sure to configure the ServiceEntry and ServiceMeshExtension CR's to use HTTPS and port 443
      7. Call the productpage of the bookinfo application with the correct user key.

      Expected Result:

      The call succeeds

      Actual result:

      The call fails and returns a HTTP 403 code.

       

      Change the configuration of the ServiceEntry and ServiceMeshExtension CR to use HTTP and port 80. Notice that now calls to the productpage with the correct user key succeed.

      QEng folks, please read the comments.

      Show
      provision a 3scale instance on an OpenShift cluster which uses CA signed certificates, e.g. LetsEncrypt (RHOAM, or through RHPDS) Configure a product on 3scale for the bookinfo productpage. In the Deployment settings, choose `Istio` Create an application for the product Install service mesh on the cluster install the bookinfo application on the cluster. Add the bookinfo namespace to the service mesh Install the ServiceEntry and the ServiceMeshExtension CR's for the 3scale wasm auth module. Make sure to configure the ServiceEntry and ServiceMeshExtension CR's to use HTTPS and port 443 Call the productpage of the bookinfo application with the correct user key. Expected Result: The call succeeds Actual result: The call fails and returns a HTTP 403 code.   Change the configuration of the ServiceEntry and ServiceMeshExtension CR to use HTTP and port 80. Notice that now calls to the productpage with the correct user key succeed. QEng folks, please read the comments.
    • API CCS Sprint 26 (3Scale), API CCS Sprint 27 (3Scale), API CCS Sprint 29 (3Scale), API CCS Sprint 30 (3Scale), API CCS Sprint 31 (3Scale), API CCS Sprint 32 (3Scale)

    Description

      When configured to connect to 3scale APIManager over HTTPS where APIManager uses CA signed certificates (LetsEncrypt), the wasm auth module does not work correctly and returns `403 Access forbidden` for every call, even with the correct user key

      Attachments

        Activity

          People

            Unassigned Unassigned
            btison Bernard Tison
            Darren Fennessy Darren Fennessy
            Alexander Zgabur Alexander Zgabur
            Rahul Anand Rahul Anand (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: