How to enable RBAC on kong enterprise

I have question about step enable RBAC.I not sure what wrong on my command.

It can’t login to admin page with username “kong_admin” and password=password
Can anyone help me?
Here is my command docker to create kong-ee and migration database

Step 1: migration database postgreSQL

docker run --rm --link kong-ee-database:kong-ee-database --net kong-ee-net -e “KONG_DATABASE=postgres” -e “KONG_PG_HOST=kong-ee-database” -e “KONG_CASSANDRA_CONTACT_POINTS=kong-ee-database” -e “KONG_PASSWORD=password” -v /c/temp/license.json:/etc/kong/license.json kong-ee kong migrations bootstrap up

Step2: create kong-ee

docker run -d --name kong-ee --link kong-ee-database:kong-ee-database --net kong-ee-net -e “KONG_ENFORCE_RBAC=on” -e “KONG_ADMIN_GUI_AUTH=basic-auth” -e KONG_ADMIN_GUI_SESSION_CONF=’{“secret”:“password”}’ -e “KONG_ADMIN_GUI_URL=http://localhost:8002” -e “KONG_DATABASE=postgres” -e “KONG_PG_HOST=kong-ee-database” -e “KONG_CASSANDRA_CONTACT_POINTS=kong-ee-database” -e “KONG_PROXY_ACCESS_LOG=/dev/stdout” -e “KONG_ADMIN_ACCESS_LOG=/dev/stdout” -e “KONG_PROXY_ERROR_LOG=/dev/stderr” -e “KONG_ADMIN_ERROR_LOG=/dev/stderr” -e “KONG_ADMIN_LISTEN=0.0.0.0:8001” -e “KONG_PORTAL=on” -e “KONG_PORTAL_GUI_PROTOCOL=http” -e “KONG_PORTAL_GUI_HOST=127.0.0.1:8003” -v /c/temp/license.json:/etc/kong/license.json -p 8000:8000 -p 8443:8443 -p 8001:8001 -p 8444:8444 -p 8002:8002 -p 8445:8445 -p 8003:8003 -p 8004:8004 kong-ee

The result is unauthorize

1 Like

I think the problem lies in the KONG_ADMIN_GUI_SESSION_CONF value. Since you are using http, you need to set the cookie_secure flag to false (https://docs.konghq.com/enterprise/0.36-x/kong-manager/authentication/basic/).

something like
-e "KONG_ADMIN_GUI_SESSION_CONF={\"secret\":\"Y29vbGJlYW5z\" ,\"cookie_secure\":false}" \

should do the trick. The secret value can be any string and does not need to match the value you set for the KONG_PASSWORD during migrations bootstrap.

Please give this a try and let us know if it worked.

Rob


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ