Internal error: Authentication failure

webby78 · March 3, 2022, 11:43am

Hi,

I am trying to configure my OIDC provider using the Admin API PUT /{db}/_config end point but getting the following response.

{"error":"Internal Server Error","reason":"Internal error: Authentication failure"}

In the logs I see these entries.

2022-03-03T00:01:16.134Z [ERR] c:#002 #002: Authentication failure -- rest.(*handler).writeError() at handler.go:1029
2022-03-03T00:01:16.134Z [INF] HTTP: #002:     --> 500 Internal error: Authentication failure  (3334.1 ms)

I am using the following Sync Gateway Docker image - couchbase/sync-gateway:3.0.0-enterprise.

I am sending the following body, which worked for me when using 3.0.0-beta02-enterprise, using Postman.

{
    "oidc": {
        "providers": {
            "azuread": {
                "issuer": "https://login.microsoftonline.com/160xx896-xxxx-xxxx-xxxx-948xx594cf0a/v2.0",
                "client_id": "50aaxxxx-51a5-xxxx-xxxx-44d0405xxxxa",
                "register": true
            }
        }
    }
}

This is the Sync Gateway config file I am using, in case it is relevant.

{
    "bootstrap": {
        "server": "couchbase://cbserver7-0-3",
        "username": "sync_gateway",
        "password": "XXXXXXXXX",
        "server_tls_skip_verify": true,
        "use_tls_server": false
    },
    "api": {
        "admin_interface": ":4985"
    },
    "logging": {
        "console": {
	    "enabled": true,
            "log_level": "debug",
            "log_keys": ["*"],
            "color_enabled": true
        }
    }
}

Does anyone know what I am doing wrong or how to further debug this?

Thanks

bruno.alves · March 11, 2022, 12:43am

Hi there, few things to try:

Are you able to call other DB update endpoints that do not modify OIDC? how about other admin and non-admin endpoints?
Do you see any additional “Auth” or “Auth+” messages in the logs? maybe set log level to trace, as well.
if possible, can you confirm that you are able to reach the oidc provider from within the SG docker?

Thanks.

abhimanyuchaudhary19 · April 17, 2023, 5:25pm

Hi, i’m facing a similar issue. I’ve deployed both the server and sync gateway on an ec2 instance. I’m getting exactly the same error logs as mentioned above.
{
“bootstrap”: {
“server”: “couchbases://localhost”,
“username”: “sync_gateway”,
“password”: “password”,
“server_tls_skip_verify”: true,
“use_tls_server”: true
},
“api”: {
“admin_interface”: “127.0.0.1:4985”,
“https”: {
“tls_cert_path”: “cert.pem”,
“tls_key_path”: “privkey.pem”
}
},
“logging”: {
“console”: {
“enabled”: true,
“log_level”: “info”,
“log_keys”: [“*”]
}
}
}
This is the curl call that I’m making
curl -k --location -g --request PUT ‘https://localhost:4985/traveldb/_config’ --header “Authorization: Basic $DIGEST” --header ‘Content-Type: application/json’ --data-raw ‘{
“enable_shared_bucket_access”: true,
“import_docs”: true
}’
The digest is of the sync_gateway user which has all the sync gateway related permissions. I’ve even tried with the user with full admin permission but getting the same error.
@bruno.alves I was able to create another user sguser1 using the same digest.
I don’t see any other error messages

Topic		Replies	Views
OIDC config not working via Admin API Sync Gateway	5	754	January 28, 2021
OIDC with Azure AD Sync Gateway dot-net	2	1029	January 11, 2022
Error in Sync gateay logs Sync Gateway	2	1276	February 18, 2019
401/500 error on creating Sync Gateway user Sync Gateway	4	2463	September 21, 2015
Adding Sync Gateway Authorization Not working Couchbase Server	7	2264	May 11, 2016

Internal error: Authentication failure

Related topics