MAAS with Candid as authentication withtout RBAC

Docs
,
1

Hello,

I deployed MAAS and configured Auth to use Candid without Rbac.

When i hit the page http://MAAS_VIP:5240/MAAS/r/, it auto spawn a Candid login page on a new window(http://MAAS_VIP:8081/login-redirect…)

I login on that new window with credentials and it returns like “You are now logged in as admin, you can now close the window”.

However when i closed the Candid login window, the maas windows doesn’t refresh automatically.

Is there something i’m missing here?

I used this command to configure MAAS to point to Candid. I’m using maas version 3.4.3-14361-g.56ec7f0c23-0ubuntu1~22.04.1 and candid v1.8.1 799.

maas configauth --rbac-url ‘’ --candid-agent-file /var/snap/candid/799/admin.keys --candid-domain ‘example.com’ --candid-admin-group admin,group1

3

Any takers? I’m able to authenticate with Candid but MAAS UI is not refreshing.

4

Upgraded to the latest maas version 3.5.0-16308-g.c799a1080-0ubuntu1~22.04.1 and issue persist.
Candid is able to authenticate a user but MAAs Web UI doesn’t refresh the login page.

Using MAAS cli shows an error - “third party refused dischargex: discharge failed with code 500”

5

here is the logs

==> /var/snap/candid/common/logs/candid.access.log <==
172.21.65.193 - - [16/Aug/2024:15:13:15 -0400] “GET /discharge/info HTTP/1.1” 200 72 “” “python-requests/2.25.1”

==> http/access.log <==
172.21.65.193 - - [16/Aug/2024:15:13:15 -0400] “POST /MAAS/api/2.0/account/?op=create_authorisation_token HTTP/1.1” 401 1047 “-” “python-requests/2.25.1”

==> /var/snap/candid/common/logs/candid.access.log <==
172.21.65.193 - - [16/Aug/2024:15:13:15 -0400] “POST /discharge HTTP/1.1” 401 1046 “” “python-requests/2.25.1”
172.21.65.193 - - [16/Aug/2024:15:13:16 -0400] “GET /login?did=3467e6f5a2324f4aa1e91b1e30228bdd4e965aaa634a072e6ee8927003bde088&domain=example.com HTTP/1.1” 307 238 “” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”
172.21.65.193 - - [16/Aug/2024:15:13:16 -0400] “GET /login-redirect?domain=example.com&return_to=https%3A%2F%2Flxutlutildevs57.example.com%3A8081%2Flogin-complete&state=CyhcfXbsJPTyonHTSXa4_613qfEyZJxI5wZdHHlIM-I HTTP/1.1” 200 1651 “https://lxutlutildevs57.example.com:8081/login?did=3467e6f5a2324f4aa1e91b1e30228bdd4e965aaa634a072e6ee8927003bde088&domain=example.com” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”
172.21.65.193 - - [16/Aug/2024:15:13:16 -0400] “GET /static/css/vanilla-framework-version-2.24.1.min.css HTTP/1.1” 200 247102 “https://lxutlutildevs57.example.com:8081/login-redirect?domain=example.com&return_to=https%3A%2F%2Flxutlutildevs57.example.com%3A8081%2Flogin-complete&state=CyhcfXbsJPTyonHTSXa4_613qfEyZJxI5wZdHHlIM-I” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”
172.21.65.193 - - [16/Aug/2024:15:13:16 -0400] “GET /static/css/vanilla.css HTTP/1.1” 200 1344 “https://lxutlutildevs57.example.com:8081/login-redirect?domain=example.com&return_to=https%3A%2F%2Flxutlutildevs57.example.com%3A8081%2Flogin-complete&state=CyhcfXbsJPTyonHTSXa4_613qfEyZJxI5wZdHHlIM-I” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”
172.21.65.193 - - [16/Aug/2024:15:13:28 -0400] “GET /login/static/login?state=fp-DDIgzrTKvvjY96T8_WVe2-dZtvk_u9JIuLj3MvXI HTTP/1.1” 200 1641 “https://lxutlutildevs57.example.com:8081/login-redirect?domain=example.com&return_to=https%3A%2F%2Flxutlutildevs57.example.com%3A8081%2Flogin-complete&state=CyhcfXbsJPTyonHTSXa4_613qfEyZJxI5wZdHHlIM-I” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”

==> http/access.log <==
172.21.65.193 - - [16/Aug/2024:15:13:29 -0400] “GET /MAAS/rpc/ HTTP/1.1” 200 244 “-” “provisioningserver.rpc.clusterservice.ClusterClientService”

==> /var/snap/candid/common/logs/candid.access.log <==
172.21.65.193 - - [16/Aug/2024:15:13:43 -0400] “POST /login/static/login?state=fp-DDIgzrTKvvjY96T8_WVe2-dZtvk_u9JIuLj3MvXI HTTP/1.1” 303 0 “https://lxutlutildevs57.example.com:8081/login/static/login?state=fp-DDIgzrTKvvjY96T8_WVe2-dZtvk_u9JIuLj3MvXI” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”
172.21.65.193 - - [16/Aug/2024:15:13:43 -0400] “GET /login-complete?code=CoBARIdfze3IqkwEg-ko5fKz728D1E7kau6J3Fwcmfo&state=CyhcfXbsJPTyonHTSXa4_613qfEyZJxI5wZdHHlIM-I HTTP/1.1” 200 1081 “https://lxutlutildevs57.example.com:8081/login/static/login?state=fp-DDIgzrTKvvjY96T8_WVe2-dZtvk_u9JIuLj3MvXI” “ELinks/0.13.2 (textmode; Linux 5.15.0-117-generic x86_64; 112x19-2)”
172.21.65.193 - - [16/Aug/2024:15:13:53 -0400] “GET /wait-token?did=3467e6f5a2324f4aa1e91b1e30228bdd4e965aaa634a072e6ee8927003bde088 HTTP/1.1” 200 252 “” “python-requests/2.25.1”
172.21.65.193 - - [16/Aug/2024:15:13:54 -0400] “POST /discharge HTTP/1.1” 500 110 “” “python-requests/2.25.1”

6

misconfigured configauth of maas. this is good now.

1 Like