gpopp
July 27, 2022, 12:57pm
#1
I’ve set up a sandbox environment using the instructions I found here:
https://stash.forgerock.org/projects/PROSERV/repos/platform-compose/browse
I am able to use the browser to manage identities and set up new realms and journeys. I read the docs on the REST api and began experimenting with some test commands using curl.
However, when I attempt to access any REST endpoints, I get a “connection refused” error:
curl: (7) Failed to connect to <myfqdn> port 8443: Connection refused
The curl command looks like:
curl -k --request POST --header "Content-Type: application/json" --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: Ch4ng31t" --header "Accept-API-Version: resource=2.0, protocol=1.0" 'https://<myfqdn>:8443/openam/json/realms/root/2faLogin'
There seems to be nothing in the AM debug.log file relative to this request, nor do I see any other log message indicating the request even hit the server. I also don’t see any process listening on port 8443 on my server using netstat.
Is there something I need to enable in the sandbox environment to allow REST endpoints to function?
Hi, gpopp !
The curl command shows a placeholder <myfqdn>
instead of the Fully Qualified Name for your system, such as openam.example.com.
curl -k --request POST --header “Content-Type: application/json” --header “X-OpenAM-Username: demo” --header “X-OpenAM-Password: Ch4ng31t” --header “Accept-API-Version: resource=2.0, protocol=1.0” ‘https://` `:8443/openam/json/realms/root/2faLogin’
curl: (7) Failed to connect to <myfqdn>
port 8443: Connection refused
Possibly just an oversite from copy/paste of the instructions?
I hope this helps!
Cheers
Sheila
gpopp
July 27, 2022, 8:54pm
#3
Hi Sheila,
That was just my way of not giving out my FQDN. I assure you, the actual curl command has my actual fqdn in it.
Thanks anyway!
Greg
1 Like
Hi Greg!
Ah, that makes perfect sense! Thank you for that clarification.
I find it interesting that the README for the sandbox env . and the instructions (below) which clone the platform-compose samples repository https://stash.forgerock.org/projects/PROSERV/repos/platform-compose ,
do not reference the REST API except when speaking of other deployment types.
It’s also interesting that netstat
doesn’t show a process listening on port 8443.
Perhaps @patrickdiligent could confirm if additional settings are needed for the sandbox environment to allow REST endpoints to function?
[image]
Introduction
The ForgeRock documentation provides guidance in deploying the ForgeRock Identity Platform (Platform Setup Guide ). A platform deployment is demonstrated with the ForgeOps project for Kubernetes, and the main cloud providers. The repository is hosted at https://github.com/ForgeRock/forgeops , and the project documented at DevOps 7.1 . The project provides the tool for deploying the ForgeRock Platform in a simple way. However, especially for novices in the DevOps field, goi…
Many thanks!
Sheila
Hi Greg,
No service is serving 8443, all docker containers respond to http; however, the nginx container is terminating SSL. Please inspect this file, Source of default.conf.template - platform-compose - ForgeRock Stash for the nginx configuration. For example, to access AM, the URL is https://FQDN/am . But you could also directly access the container on HTTP port 8080 (examine this file: Source of docker-compose.yml - platform-compose - ForgeRock Stash ):
am:
build: $DOCKER/am/am
image: ${REGISTRY}/am:${VERSION}
container_name: ${AM_CONTAINER}
ports:
- 8080:8080
depends_on:
and for the nginx configuration:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl-key.pem;
server_name ${SERVER_NAME};
access_log /var/log/nginx/access.log useragent;
rewrite ^(/enduser)$ $1/ redirect;
rewrite ^(/login)$ $1/ redirect;
rewrite ^(/am/XUI)$ $1/ redirect;
rewrite ^(/platform)$ $1/ redirect;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location /am/XUI/ {
proxy_pass http://loginUI:8080/;
}
location /am/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://am:8080;
}
...
Therefore the correct cURL command is :
curl -k --request POST --header "Content-Type: application/json" --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: Ch4ng31t" --header "Accept-API-Version: resource=2.0, protocol=1.0" 'https://<myfqdn>/am/json/realms/root/2faLogin
I hope this helps,
Kind regards
Patrick
1 Like
gpopp
July 29, 2022, 2:17pm
#6
Thank you, Patrick!
This was incredibly helpful!
1 Like