Sipi/Knora authorization failed

Question

Sipi/Knora authorization failed

Closed this issue 6 years ago · 8 comments

Hi,
After updating Knora and relaunching the compose stack, I now have a bad credentials error due to a call from Sipi: http://0.0.0.0:3333/v1/files/4WvEDjDw0dB-FziE8v9BK16.jpx :

{
status: 2,
error: "org.knora.webapi.BadCredentialsException: bad credentials: not valid"
}

While it works with localhost : http://localhost:3333/v1/files/4WvEDjDw0dB-FziE8v9BK16.jpx:

{
permissionCode: 1,
status: 0
}

Don't know if the problem comes from my machine or from Sipi/Knora ? is it related to #1128 ?

Sipi container logs: (note the weird error : Failed to connect to 0.0.0.0 port 3333: Connection refused while it works in my browser...)

sipi_1     | Sipi: Accepted connection from 172.31.0.1
sipi_1     | Sipi: Accepted connection from 172.31.0.1
sipi_1     | Sipi: Accepted connection from 172.31.0.1
graphdb_1  | [INFO ] 2018-12-14 15:48:31,942 [repositories/knora-test | c.o.f.s.RepositoryController] POST query 1650529536
sipi_1     | Sipi: IIIF-Server Region:  Coordinate type: 0 | rx = 0.000000 | ry = 0.000000 | rw = 0.000000 | rh = 0.000000
sipi_1     | Sipi: IIIF-Server Size parameter:  Size type: 0 | percent = 0.000000 | nx = 0 | ny = 0 | reduce = 0
sipi_1     | Sipi: IIIF-Server Rotation parameter:  Mirror 0 | rotation = 0.000000
sipi_1     | Sipi: IIIF-Server QualityFormat parameter:   Quality: 0 | Format: 1
sipi_1     | Sipi: webapi_hostname: 0.0.0.0
sipi_1     | Sipi: webapi_port: 3333
sipi_1     | Sipi: pre_flight - knora_url: http://0.0.0.0:3333/v1/files/4WvEDjDw0dB-FziE8v9BK16.jpx
sipi_1     | Sipi: pre_flight - knora_cookie_header: nil
sipi_1     | Sipi: Server.http() failed: Error #1368: HTTP GET request to http://0.0.0.0:3333/v1/files/4WvEDjDw0dB-FziE8v9BK16.jpx failed: Failed to connect to 0.0.0.0 port 3333: Connection refused
sipi_1     | Sipi: GET /knora/4WvEDjDw0dB-FziE8v9BK16.jpx/full/full/0/default.jpg failed (Unauthorized): Unauthorized access
sipi_1     | Sipi: IIIF-Server Region:  Coordinate type: 0 | rx = 0.000000 | ry = 0.000000 | rw = 0.000000 | rh = 0.000000
sipi_1     | Sipi: IIIF-Server Size parameter:  Size type: 0 | percent = 0.000000 | nx = 0 | ny = 0 | reduce = 0
sipi_1     | Sipi: IIIF-Server Rotation parameter:  Mirror 0 | rotation = 0.000000
sipi_1     | Sipi: IIIF-Server QualityFormat parameter:   Quality: 0 | Format: 1
sipi_1     | Sipi: webapi_hostname: 0.0.0.0
sipi_1     | Sipi: webapi_port: 3333
sipi_1     | Sipi: pre_flight - knora_url: http://0.0.0.0:3333/v1/files/EBTWyfnquFD-BgxfzyRG3GH.jpx
sipi_1     | Sipi: pre_flight - knora_cookie_header: nil
sipi_1     | Sipi: Server.http() failed: Error #1368: HTTP GET request to http://0.0.0.0:3333/v1/files/EBTWyfnquFD-BgxfzyRG3GH.jpx failed: Failed to connect to 0.0.0.0 port 3333: Connection refused
sipi_1     | Sipi: GET /knora/EBTWyfnquFD-BgxfzyRG3GH.jpx/full/full/0/default.jpg failed (Unauthorized): Unauthorized access
sipi_1     | Sipi: IIIF-Server Region:  Coordinate type: 0 | rx = 0.000000 | ry = 0.000000 | rw = 0.000000 | rh = 0.000000
sipi_1     | Sipi: IIIF-Server Size parameter:  Size type: 0 | percent = 0.000000 | nx = 0 | ny = 0 | reduce = 0
sipi_1     | Sipi: IIIF-Server Rotation parameter:  Mirror 0 | rotation = 0.000000
sipi_1     | Sipi: IIIF-Server QualityFormat parameter:   Quality: 0 | Format: 1
sipi_1     | Sipi: webapi_hostname: 0.0.0.0
sipi_1     | Sipi: webapi_port: 3333
sipi_1     | Sipi: pre_flight - knora_url: http://0.0.0.0:3333/v1/files/7yFQ2rVK4SZ-CRP2I9IV94z.jpx
sipi_1     | Sipi: pre_flight - knora_cookie_header: nil
sipi_1     | Sipi: Server.http() failed: Error #1368: HTTP GET request to http://0.0.0.0:3333/v1/files/7yFQ2rVK4SZ-CRP2I9IV94z.jpx failed: Failed to connect to 0.0.0.0 port 3333: Connection refused
sipi_1     | Sipi: GET /knora/7yFQ2rVK4SZ-CRP2I9IV94z.jpx/full/full/0/default.jpg failed (Unauthorized): Unauthorized access

Answer 1 · 2018-12-14T16:23:16.000Z

seems to be similar to #938

Answer 2 · 2018-12-14T16:27:02.000Z

I believe that you cannot mix 0.0.0.0 and localhost in Knora/Sipi configuration. You can't use 0.0.0.0 in some places and localhost in other places. But @subotic knows best.

Answer 3 · 2018-12-14T16:44:35.000Z

even with this workaround in docker-compose.yml:

sipi:
[...]
      - SIPI_WEBAPI_HOSTNAME=localhost

it still not works. Maybe the problem comes from Sipi? Created a Sipi issue #279

Answer 4 · 2018-12-14T17:30:57.000Z

I think I remember that @subotic encountered an issue like this himself last week, and that the solution was something like what I said above, but he'll be able to tell you when he gets back from holiday.

Answer 5 · 2018-12-14T17:34:34.000Z

I would guess that Failed to connect to localhost port 3333: Connection refused must be caused by Docker configuration. Perhaps Knora's Docker container thinks it is running on 0.0.0.0, so Sipi cannot connect to it using localhost. I would try searching for all occurrences of 0.0.0.0 and localhost in all config files, and making sure that you use only one or the other.

Answer 6 · 2018-12-15T04:06:56.000Z

any connections over the browser need to go to localhost, e.g., Salsah1. This is because of cookies, so that they will be sent by the browser to sipi.

But strange that there is a problem with Sipi trying to connect to webapi.

Could you try SIPI_WEBAPI_HOSTNAME=webapi?

Answer 7 · 2018-12-15T04:14:38.000Z

maybe you need to add container_name=webapi to the webapi service definition in docker-compose.yml so that the name of the container is webapi. this name will be known to all other containers in the knora-net network.

Answer 8 · 2018-12-17T09:05:59.000Z

It works now with SIPI_WEBAPI_HOSTNAME=webapi (no need for container_name=webapi)
thx (I let you close the issue)