REST endpoints not functioning in sandbox env

I’ve set up a sandbox environment using the instructions I found here:
https://stash.forgerock.org/projects/PROSERV/repos/platform-compose/browse

I am able to use the browser to manage identities and set up new realms and journeys. I read the docs on the REST api and began experimenting with some test commands using curl.

However, when I attempt to access any REST endpoints, I get a “connection refused” error:
curl: (7) Failed to connect to <myfqdn> port 8443: Connection refused
The curl command looks like:
curl -k --request POST --header "Content-Type: application/json" --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: Ch4ng31t" --header "Accept-API-Version: resource=2.0, protocol=1.0" 'https://<myfqdn>:8443/openam/json/realms/root/2faLogin'

There seems to be nothing in the AM debug.log file relative to this request, nor do I see any other log message indicating the request even hit the server. I also don’t see any process listening on port 8443 on my server using netstat.

Is there something I need to enable in the sandbox environment to allow REST endpoints to function?

Hi, gpopp!

The curl command shows a placeholder <myfqdn> instead of the Fully Qualified Name for your system, such as openam.example.com.

curl -k --request POST --header “Content-Type: application/json” --header “X-OpenAM-Username: demo” --header “X-OpenAM-Password: Ch4ng31t” --header “Accept-API-Version: resource=2.0, protocol=1.0” ‘https://``:8443/openam/json/realms/root/2faLogin’

curl: (7) Failed to connect to <myfqdn> port 8443: Connection refused

Possibly just an oversite from copy/paste of the instructions?

I hope this helps!

Cheers

Sheila

Hi Sheila,

That was just my way of not giving out my FQDN. I assure you, the actual curl command has my actual fqdn in it.

Thanks anyway!

Greg

1 Like

Hi Greg!

Ah, that makes perfect sense! Thank you for that clarification.

I find it interesting that the README for the sandbox env. and the instructions (below) which clone the platform-compose samples repository https://stash.forgerock.org/projects/PROSERV/repos/platform-compose,
do not reference the REST API except when speaking of other deployment types.

It’s also interesting that netstat doesn’t show a process listening on port 8443.

Perhaps @patrickdiligent could confirm if additional settings are needed for the sandbox environment to allow REST endpoints to function?

Many thanks!

Sheila

Hi Greg,

No service is serving 8443, all docker containers respond to http; however, the nginx container is terminating SSL. Please inspect this file, Source of default.conf.template - platform-compose - ForgeRock Stash for the nginx configuration. For example, to access AM, the URL is https://FQDN/am. But you could also directly access the container on HTTP port 8080 (examine this file: Source of docker-compose.yml - platform-compose - ForgeRock Stash):

am:
    build: $DOCKER/am/am
    image: ${REGISTRY}/am:${VERSION}
    container_name: ${AM_CONTAINER}
    ports:
      - 8080:8080
    depends_on:

and for the nginx configuration:

server {
    
    listen 80;
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl.crt;
    ssl_certificate_key /etc/nginx/ssl-key.pem;

    server_name  ${SERVER_NAME};
    
    access_log  /var/log/nginx/access.log  useragent;

    rewrite ^(/enduser)$ $1/ redirect;
    rewrite ^(/login)$ $1/ redirect;
    rewrite ^(/am/XUI)$ $1/ redirect;
    rewrite ^(/platform)$ $1/ redirect;

    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size    256k;

    location /am/XUI/ {
        proxy_pass http://loginUI:8080/;
    }

    location /am/ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass http://am:8080;
    }
...

Therefore the correct cURL command is :

curl -k --request POST --header "Content-Type: application/json" --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: Ch4ng31t" --header "Accept-API-Version: resource=2.0, protocol=1.0" 'https://<myfqdn>/am/json/realms/root/2faLogin

I hope this helps,

Kind regards
Patrick

1 Like

Thank you, Patrick!
This was incredibly helpful!

1 Like