Finally started my Quest today in Conjur (hurrah).
I’m stuck on the Get Started / Quick Start / Run the Demo App:
Step 2: Generate a Conjur token
The curl command does not seem to work, their is no output, no error, nothing. Could somebody point me what I’m doing wrong? All steps before that looked fine, according to the explanation and result.
This one fails on the bot_app
curl -d “” -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate > /tmp/conjur_token
Getting a bit further, used the verbose option. It says not authorized
How can I fix that?
Thanks in advance,
> bash-4.3# curl -d "<BotApp API Key>" -v -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate
> * Trying 172.18.0.2...
> * TCP_NODELAY set
> * Connected to proxy (172.18.0.2) port 443 (#0)
> * ALPN, offering http/1.1
> * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> * CAfile: /etc/ssl/certs/ca-certificates.crt
> CApath: none
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> * subject: C=US; ST=Wisconsin; L=Madison; O=CyberArk; OU=Onyx; CN=proxy
> * start date: Apr 30 07:06:51 2020 GMT
> * expire date: Apr 30 07:06:51 2021 GMT
> * issuer: C=US; ST=Wisconsin; L=Madison; O=CyberArk; OU=Onyx; CN=proxy
> * SSL certificate verify result: self signed certificate (18), continuing anyway.
> > POST /authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate HTTP/1.1
> > Host: proxy
> > User-Agent: curl/7.55.0
> > Accept: */*
> > Content-Length: 16
> > Content-Type: application/x-www-form-urlencoded
> * upload completely sent off: 16 out of 16 bytes
> < HTTP/1.1 401 Unauthorized
> < Server: nginx/1.13.6
> < Date: Thu, 30 Apr 2020 11:30:34 GMT
> < Content-Type: text/html
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < Cache-Control: no-cache
> < X-Request-Id: 7ed6549c-d9e5-478d-9c67-8271152d3c2b
> < X-Runtime: 0.055462
> * Connection #0 to host proxy left intact
It looks like you aren’t putting the API key for the Bot App into the curl command. Where it says
<BotApp API Key> should be replaced with the key that is stored in the
my_app_data file that you created when you loaded the policy. Let me know if this help!
Ouch. That was really silly of me to miss that one… Been around, many tutorials followed, wrote many of them myself and while it was in plainsight I missed that I had to replace it with the earlier generated key. Licking my wounds now
Thanks @jake for pointing me in the correct direction.
The same thing happened to me my first time running through the tutorial too, don’t worry! Maybe this is a good indicator that we need to reword this step. Thanks for reaching out!
cc: @John @izgerij
Hi Jake, I am following the same tutorial, I already did curl -d “XXXXX” -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate > /tmp/conjur_token
I took the XXX from the api_key my my_app_data under “sampleaccount:host:BotApp/myDemoApp”:
I am hitting aThe retrieved value is:
502 Bad Gateway
502 Bad Gateway
@leexhadrian if you see
502 Bad Gateway in the
/tmp/conjur_token file, I would suggest looking at the status of the containers using
docker-compose ps -a to see if the Conjur server is still up. If you are still having issues, please create a separate post for this question and we’ll see if we can help.