Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-7919

3scale wasm auth module does not work with HTTPS

XMLWordPrintable

    • 5
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Hide
      1. provision a 3scale instance on an OpenShift cluster which uses CA signed certificates, e.g. LetsEncrypt (RHOAM, or through RHPDS)
      2. Configure a product on 3scale for the bookinfo productpage. In the Deployment settings, choose `Istio`
      3. Create an application for the product
      4. Install service mesh on the cluster
      5. install the bookinfo application on the cluster. Add the bookinfo namespace to the service mesh
      6. Install the ServiceEntry and the ServiceMeshExtension CR's for the 3scale wasm auth module. Make sure to configure the ServiceEntry and ServiceMeshExtension CR's to use HTTPS and port 443
      7. Call the productpage of the bookinfo application with the correct user key.

      Expected Result:

      The call succeeds

      Actual result:

      The call fails and returns a HTTP 403 code.

       

      Change the configuration of the ServiceEntry and ServiceMeshExtension CR to use HTTP and port 80. Notice that now calls to the productpage with the correct user key succeed.

      QEng folks, please read the comments.

      Show
      provision a 3scale instance on an OpenShift cluster which uses CA signed certificates, e.g. LetsEncrypt (RHOAM, or through RHPDS) Configure a product on 3scale for the bookinfo productpage. In the Deployment settings, choose `Istio` Create an application for the product Install service mesh on the cluster install the bookinfo application on the cluster. Add the bookinfo namespace to the service mesh Install the ServiceEntry and the ServiceMeshExtension CR's for the 3scale wasm auth module. Make sure to configure the ServiceEntry and ServiceMeshExtension CR's to use HTTPS and port 443 Call the productpage of the bookinfo application with the correct user key. Expected Result: The call succeeds Actual result: The call fails and returns a HTTP 403 code.   Change the configuration of the ServiceEntry and ServiceMeshExtension CR to use HTTP and port 80. Notice that now calls to the productpage with the correct user key succeed. QEng folks, please read the comments.
    • API CCS Sprint 26 (3Scale), API CCS Sprint 27 (3Scale), API CCS Sprint 29 (3Scale), API CCS Sprint 30 (3Scale), API CCS Sprint 31 (3Scale), API CCS Sprint 32 (3Scale)

      When configured to connect to 3scale APIManager over HTTPS where APIManager uses CA signed certificates (LetsEncrypt), the wasm auth module does not work correctly and returns `403 Access forbidden` for every call, even with the correct user key

              Unassigned Unassigned
              btison Bernard Tison (Inactive)
              Darren Fennessy Darren Fennessy
              Alexander Zgabur Alexander Zgabur
              Rahul Anand Rahul Anand (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: