Conjur Quick Start - Curl command does not work?

Hi,

Finally started my Quest today in Conjur (hurrah).

I’m stuck on the Get Started / Quick Start / Run the Demo App:
Step 2: Generate a Conjur token

The curl command does not seem to work, their is no output, no error, nothing. Could somebody point me what I’m doing wrong? All steps before that looked fine, according to the explanation and result.

This one fails on the bot_app

curl -d “” -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate > /tmp/conjur_token

Much appreciated!

Kind regards,
Derk

Getting a bit further, used the verbose option. It says not authorized :thinking:

How can I fix that?

Thanks in advance,
Derk

> bash-4.3# curl -d "<BotApp API Key>" -v -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate
> *   Trying 172.18.0.2...
> * TCP_NODELAY set
> * Connected to proxy (172.18.0.2) port 443 (#0)
> * ALPN, offering http/1.1
> * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> *   CAfile: /etc/ssl/certs/ca-certificates.crt
>   CApath: none
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> *  subject: C=US; ST=Wisconsin; L=Madison; O=CyberArk; OU=Onyx; CN=proxy
> *  start date: Apr 30 07:06:51 2020 GMT
> *  expire date: Apr 30 07:06:51 2021 GMT
> *  issuer: C=US; ST=Wisconsin; L=Madison; O=CyberArk; OU=Onyx; CN=proxy
> *  SSL certificate verify result: self signed certificate (18), continuing anyway.
> > POST /authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate HTTP/1.1
> > Host: proxy
> > User-Agent: curl/7.55.0
> > Accept: */*
> > Content-Length: 16
> > Content-Type: application/x-www-form-urlencoded
> > 
> * upload completely sent off: 16 out of 16 bytes
> < HTTP/1.1 401 Unauthorized
> < Server: nginx/1.13.6
> < Date: Thu, 30 Apr 2020 11:30:34 GMT
> < Content-Type: text/html
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < Cache-Control: no-cache
> < X-Request-Id: 7ed6549c-d9e5-478d-9c67-8271152d3c2b
> < X-Runtime: 0.055462
> < 
> * Connection #0 to host proxy left intact
> bash-4.3#

Welcome @derk!

It looks like you aren’t putting the API key for the Bot App into the curl command. Where it says <BotApp API Key> should be replaced with the key that is stored in the my_app_data file that you created when you loaded the policy. Let me know if this help!

Ouch. That was really silly of me to miss that one… Been around, many tutorials followed, wrote many of them myself and while it was in plainsight I missed that I had to replace it with the earlier generated key. Licking my wounds now :crazy_face: :rofl:

Thanks @jake for pointing me in the correct direction.

The same thing happened to me my first time running through the tutorial too, don’t worry! Maybe this is a good indicator that we need to reword this step. Thanks for reaching out!

cc: @John @izgerij

Hi Jake, I am following the same tutorial, I already did curl -d “XXXXX” -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate > /tmp/conjur_token

I took the XXX from the api_key my my_app_data under “sampleaccount:host:BotApp/myDemoApp”:

I am hitting aThe retrieved value is:

502 Bad Gateway

502 Bad Gateway


nginx/1.13.6

@leexhadrian if you see 502 Bad Gateway in the /tmp/conjur_token file, I would suggest looking at the status of the containers using docker-compose ps -a to see if the Conjur server is still up. If you are still having issues, please create a separate post for this question and we’ll see if we can help.