infra-ansible icon indicating copy to clipboard operation
infra-ansible copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

Update config-nexus role to set up Remote User Token Authentication when requested

Open InfoSec812 opened this issue 5 years ago • 2 comments

As a user of Sonatype Nexus on OpenShift, I would like to be able to use the https://github.com/openshift/oauth-proxy to provide authentication to Nexus so that I do not have to use default usernames and passwords.

In order to do this, the role will have to:

  1. Enable the RUT Auth capability in Nexus
  2. Configured the RUT Auth capability to use the X-Forwarded-User header from https://github.com/openshift/oauth-proxy
  3. Change the default admin credentials using and API call.

InfoSec812 avatar Mar 07 '19 13:03 InfoSec812

Doing some research on this and found that the admin password can be reset using the Nexus scripting API. Upload a groovy script containing:

import org.sonatype.nexus.security.SecuritySystem

def securitySystem = container.lookup(SecuritySystem.class.getName())
securitySystem.changePassword('admin','admin1234')

And then execute it. The difficulty will be in having ansible insert the password desired.

@sherl0cks or @oybed Any thoughts here?

InfoSec812 avatar Mar 07 '19 13:03 InfoSec812

Hi,

I am using the Nexus as per my need, I want to authenticate the Repository using the RUT . i couldn't find any example . how to pass the the X-Proxy-REMOTE-USER in the header. please suggest me to resolve my issue.

Thanks,

divyadivya1989 avatar May 07 '20 02:05 divyadivya1989