barbican you do not have permission to access /secrest

asked 2020-03-09 17:56:27 -0500

jmora gravatar image

Enterprise Linux 7 | Python 3 | Openstack Train|

Assuming this is permissions related due to the 403 that i am getting, but not entirely sure where the issue is. Setup is barbican using dogtag plugin. It is connecting to my FreeIPA server.

A few things that were unclear in the installation were. nss_db_path, nss_db-path_ca, and nss_passsword. Do these need to be configured somewhere prior to the api working?

Failed to contact the endpoint at http://dc1-ctl-001:9311 for discovery. Fallback to using that endpoint as the base url.

4xx Client error: b'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don\'t have permission to access /secrets/\non this server.</p>\n</body></html>\n'
b'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don\'t have permission to access /secrets/\non this server.</p>\n</body></html>\n'

barbican.conf:

[DEFAULT]
sql_connection = mysql+pymysql://barbican:@dc1-ctl-001/barbican

transport_url = rabbit://openstack:@dc1-ctl-001
db_auto_create = false
[keystone_authtoken]

www_authenticate_uri = http://dc1-ctl-001:5000
auth_url = http://dc1-ctl-001:5000
memcached_servers = dc1-ctl-001:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = barbican

password = 

[secretstore] 
namespace = barbican.secretstore.plugin 
enabled_secretstore_plugins = dogtag_crypto 

[dogtag_plugin] 
pem_path = /etc/barbican/kra_agent.pem 
dogtag_host = wld-dc-freeipa01
dogtag_port = 8373 
nss_db_path = '/etc/barbican/alias' 
nss_db_path_ca = '/etc/barbican/alias-ca' 
nss_password = 'password123' 
simple_cmc_profile = 'caOtherCert' 
#ca_expiration_time = 1 
#plugin_working_dir = '/etc/barbican/dogtag' 

[certificate] 
namespace = barbican.certificate.plugin 
enabled_certificate_plugins = dogtag
edit retag flag offensive close merge delete