minio-dotnet icon indicating copy to clipboard operation
minio-dotnet copied to clipboard
verified publisher icon minio

Response "SignatureDoesNotMatch" when get STS token

Open dingsongjie opened this issue 3 years ago • 0 comments

There is no problem with the upload and download interfaces, but the acquisition of the sts token fails,here is logs

192.168.125.168:9000 [REQUEST sts.AssumeRole] [2022-08-12T02:54:35.967] [Client IP: 192.168.123.51]
192.168.125.168:9000 POST /
192.168.125.168:9000 Proto: HTTP/1.0
192.168.125.168:9000 Host: minio.lumilegend.cn
192.168.125.168:9000 Authorization: AWS4-HMAC-SHA256 Credential=admin/20220812/us-east-1/sts/aws4_request, SignedHeaders=accept-encoding;content-type;host;x-amz-content-sha256;x-amz-date, Signature=34f6c0f4efe72c82e6992d4db3d44e5f7609748aac79cb291c57d91038d23f32
192.168.125.168:9000 Content-Type: application/x-www-form-urlencoded
192.168.125.168:9000 User-Agent: MinIO (Microsoft Windows 10.0.19042;X64) minio-dotnet/4.0.6.0
192.168.125.168:9000 Accept-Encoding: identity
192.168.125.168:9000 Connection: close
192.168.125.168:9000 Content-Length: 57
192.168.125.168:9000 X-Amz-Content-Sha256: ae8a5f5ec22398788172e69e073eeaf10d6dd90c65e314ea2058c8ffe15d647a
192.168.125.168:9000 X-Amz-Date: 20220812T025437Z
192.168.125.168:9000 Action=AssumeRole&DurationSeconds=3600&Version=2011-06-15
192.168.125.168:9000 [RESPONSE] [2022-08-12T02:54:35.968] [ Duration 292µs  ↑ 174 B  ↓ 676 B ]
192.168.125.168:9000 403 Forbidden
192.168.125.168:9000 Server: MinIO
192.168.125.168:9000 Strict-Transport-Security: max-age=31536000; includeSubDomains
192.168.125.168:9000 Vary: Origin
192.168.125.168:9000 X-Amz-Request-Id: 170A79625A48E802
192.168.125.168:9000 X-Content-Type-Options: nosniff
192.168.125.168:9000 X-Xss-Protection: 1; mode=block
192.168.125.168:9000 Content-Security-Policy: block-all-mixed-content
192.168.125.168:9000 Content-Type: application/xml
192.168.125.168:9000 Accept-Ranges: bytes
192.168.125.168:9000 Content-Length: 353
192.168.125.168:9000 <?xml version="1.0" encoding="UTF-8"?>
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"><Error><Type></Type><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message></Error><RequestId>170A79625A48E802</RequestId></ErrorResponse>

when i use aws-cli ,it works fine.

{
    "Credentials": {
        "AccessKeyId": "R5VJ2A869EUJF2Y9LGO1",
        "SecretAccessKey": "odsjAOc2m2lswFUL9B1rC3zB0fGxGVACdHGYFRhf",
        "SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJSNVZKMkE4NjlFVUpGMlk5TEdPMSIsImV4cCI6MTY2MDI4NjQ0MywicGFyZW50IjoiYWRtaW4iLCJzZXNzaW9uUG9saWN5IjoiZXlBaVZtVnljMmx2YmlJNklDSXlNREV5TFRFd0xURTNJaXdnSWxOMFlYUmxiV1Z1ZENJNklGc2dleUFpUldabVpXTjBJam9nSWtGc2JHOTNJaXdnSWtGamRHbHZiaUk2SUZzZ0luTXpPaW9pSUYwc0lDSlNaWE52ZFhKalpTSTZJRnNnSW1GeWJqcGhkM002Y3pNNk9qb3FJaUJkSUgwZ1hTQjkifQ.vLcRR6r7-jV8LiYW-4qE4vN0oL8x8Z4ZSltPJJjEGVbdjszkSQW2ARJEFq73tOuoma3JRw-8wvBoUrz0zbkV6Q",
        "Expiration": "2022-08-12T06:40:43+00:00"
    },
    "AssumedRoleUser": {
        "Arn": ""
    }
}

dingsongjie avatar Aug 12 '22 02:08 dingsongjie