Opened 7 months ago

Closed 7 months ago

Last modified 6 months ago

#11801 closed Bug report (fixed)

openstack swift login claims the identity server did not return a token

Reported by: David Owned by:
Priority: normal Component: FileZilla Client
Keywords: openstack swift Cc:
Component version: 3.38.1 Operating system type: OS X
Operating system version: OS X 10.12.6

Description

I purchased Filezilla Pro so I could test out connectivity to our Openstack Swift storage ( we host three clusters around the world for our end users). I immediately run into an issue. We use Openstack Swift with the keystone identity service, with v2.0 being our standard identity protocol.

When I entered my project (aka tenent) and username and then hit connect, I got the following output:

00:47:34 Status: Resolving address of lax-staging.identity.example.com
00:47:34 Status: Connecting to 173.0.160.18:443...
00:47:34 Status: Connection established, initializing TLS...
00:47:34 Status: Verifying certificate...
00:47:34 Status: TLS connection established, sending HTTP request
00:47:35 Status: Resolving address of lax-staging.identity.example.com
00:47:35 Status: Connecting to x.x.x.x:443...
00:47:35 Status: Connection established, initializing TLS...
00:47:35 Status: Verifying certificate...
00:47:35 Status: TLS connection established, sending HTTP request
00:47:35 Command: POST /v2.0/tokens HTTP/1.1
00:47:35 Command: Connection: close
00:47:35 Command: Content-Length: 110
00:47:35 Command: Content-Type: application/json
00:47:35 Command: Host: lax-staging.identity.example.com:443
00:47:35 Command: User-Agent: FileZilla/3.38.1
00:47:35 Response: HTTP/1.1 200 OK
00:47:35 Response: Server: nginx/1.10.3 (Ubuntu)
00:47:35 Response: Date: Tue, 20 Nov 2018 08:47:35 GMT
00:47:35 Response: Content-Type: application/json
00:47:35 Response: Content-Length: 1508
00:47:35 Response: Connection: close
00:47:35 Response: Vary: X-Auth-Token
00:47:35 Response: X-Distribution: Ubuntu
00:47:35 Response: x-openstack-request-id: req-f760215c-4537-4ea8-8b17-05aca427fc
00:47:35 Error: Identity service did not return an auth token

If I typo the API KEY ( aka password) , I get 401. With all correct details, I get 200 OK as above, but it claims not to have a token, but it is returned. I've used Wireshark with the SSL decryption to confirm this.

The following JSON response was sent to Filezilla (I have changed the values but none of the keys ):

{"access": {"token": {"issued_at": "2018-11-20T08:28:45.000000Z", "expires": "2018-11-20T09:28:45.000000Z", "id": “blahbljbkgjbaekjrbgklaebgkjebgkjerbgejrkbgjkebgejkbg", "tenant": {"description": null, "enabled": true, "id": "6a4d4ca0536240a1b982391c88f0ec68", "name": “example"}, "audit_ids": [“Yrad3a_yx1e3l34"]}, "serviceCatalog": [{"endpoints": [{"adminURL": "https://lax-proxy-staging.example.com", "region": "LAX", "internalURL": "https://lax-proxy-staging.example.com/v1/AUTH_6a4d4ca0536240a1b982391c88f0ec68", "id": "ccb6cd9aba0f452db42b3d4f4a2c049e", "publicURL": "https://lax-proxy-staging.example.com/v1/AUTH_b4e0f1ca0536240a1b982398"}], "endpoints_links": [], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "https://lax-staging.identity.example.com:35357/v2.0/", "region": "LAX", "internalURL": "https://lax-staging.identity.example.com/v2.0/", "id": "4213934b23294a96b2b8c553dcf00551", "publicURL": "https://lax-staging.identity.example.com/v2.0/"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": “david", "roles_links": [], "id": "4fae2db21d492881a68e4fe", "roles": [{"name": "_member_"}, {"name": "SwiftOperator"}], "name": “david"}, "metadata": {"is_admin": 0, "roles": ["9fe2ff9ee4384b1894a90878", "f3cdc7048c9945c56e108372"]}}}

'access' => 'tokens' => 'id' is the path to the valid token that would be accepted by swift for future requests ( as X-Auth-Token).

Change History (6)

comment:1 Changed 7 months ago by Tim Kosse

Status: newmoreinfo

It's not a valid JSON document. There's “ (LEFT DOUBLE QUOTATION MARK, U+201C) in a couple of places instead of " (QUOTATION MARK, U+22)

Does the server send malformed JSON or did this happen while editing the document?

comment:2 Changed 7 months ago by David

Status: moreinfonew

The invalid characters in the copy paste must have come from the editor I used to redact it. I've taken the JSON from wireshark again and have pasted it below in a 'code' block and have also put it in pastebin with the link below also.

{"access": {"token": {"issued_at": "2018-11-20T08:28:45.000000Z", "expires": "2018-11-20T09:28:45.000000Z", "id": "abcdefghijklmnopqvwxyz1234567890", "tenant": {"description": null, "enabled": true, "id": "0536240a1b982391c88f0ec68", "name": "example"}, "audit_ids": ["mP61Us8wThK2B-JoEpTWIg"]}, "serviceCatalog": [{"endpoints": [{"adminURL": "https://lax-proxy-staging.example.com", "region": "LAX", "internalURL": "https://lax-proxy-staging.example.com/v1/AUTH_0536240a1b982391c88f0ec68", "id": "ccb6cd9aba0f452db42b3d4a2c049e", "publicURL": "https://lax-proxy-staging.example.com/v1/AUTH_0536240a1b982391c88f0ec68"}], "endpoints_links": [], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "https://lax-staging.identity.example.com:35357/v2.0/", "region": "LAX", "internalURL": "https://lax-staging.identity.example.com/v2.0/", "id": "4213934b23294a96b2b8c553dcf00551", "publicURL": "https://lax-staging.identity.example.com/v2.0/"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": "david", "roles_links": [], "id": "ae2db21bb743d492881a68e4fe0d7a", "roles": [{"name": "_member_"}, {"name": "SwiftOperator"}], "name": "david"}, "metadata": {"is_admin": 0, "roles": ["9fe2ff9ee4384b1894a90878d3e92bab", "f3cdc70f048c9945c56e108372867"]}}}

https://pastebin.com/EFDeXSYJ

comment:3 Changed 7 months ago by Tim Kosse

Resolution: fixed
Status: newclosed

Are you by chance using the tenant name to log in? If so, there should be a prior request failed auth request prior to the successful request.

This issue will be fixed in the next version of FileZilla Pro. A workaround is using the tenant ID instead of name to log in.

comment:4 Changed 7 months ago by David

I am using the Tenant name, confirmed.

I tested by replacing the tenant name with the tenant ID in the 'Project' text box and the login then worked as expected.

comment:5 Changed 6 months ago by David

Happy New Year ! When is the next version scheduled for release? Thanks.

comment:6 Changed 6 months ago by Tim Kosse

It's already been out for several weeks, the built-in auto-update mechanism should have informed you.

Note: See TracTickets for help on using tickets.