<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:44:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-17512] Unable to authenticate with web console with SCRAM-SHA-1</title>
                <link>https://jira.mongodb.org/browse/SERVER-17512</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;After doing a clean install of 3.0.0 and setting up default users we are unable to authenticate with the web console.&lt;/p&gt;

&lt;p&gt;The issue also happens after upgrading from 2.6.x -&amp;gt; 3.0.0 and then running a authSchemaUpgrade.&lt;/p&gt;

&lt;p&gt;It&apos;s because it stops working after the authSchemaUpgrade that makes me think the issue is to do with SCRAM-SHA-1. &lt;/p&gt;

&lt;p&gt;Authentication is turned &quot;off&quot; but it still doesn&apos;t work even if this is turned on.  Also we can still connect to mongo using the normal mongo command line tool.&lt;/p&gt;</description>
                <environment>MongoDB: 3.0.0 (standalone)&lt;br/&gt;
Linux: 2.6.32-358.6.2.el6.x86_64&lt;br/&gt;
</environment>
        <key id="188260">SERVER-17512</key>
            <summary>Unable to authenticate with web console with SCRAM-SHA-1</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="spencer@mongodb.com">Spencer Brody</assignee>
                                    <reporter username="ibryson">Ian Bryson</reporter>
                        <labels>
                    </labels>
                <created>Mon, 9 Mar 2015 15:29:40 +0000</created>
                <updated>Thu, 14 Apr 2016 15:19:31 +0000</updated>
                            <resolved>Thu, 12 Mar 2015 14:36:17 +0000</resolved>
                                    <version>3.0.0</version>
                                                    <component>HTTP Console</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="850172" author="spencer" created="Thu, 12 Mar 2015 14:36:17 +0000"  >&lt;p&gt;Closing as duplicate of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17390&quot; title=&quot;HTTP Interface does not work with SCRAM User Documents&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17390&quot;&gt;&lt;del&gt;SERVER-17390&lt;/del&gt;&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="849932" author="ibryson" created="Thu, 12 Mar 2015 09:18:40 +0000"  >&lt;p&gt;Yes, your correct. That&apos;s exactly what happens.&lt;/p&gt;</comment>
                            <comment id="847932" author="spencer" created="Tue, 10 Mar 2015 19:13:36 +0000"  >&lt;p&gt;Hi Ian, you&apos;re right that even though we do document this change in the release notes, it easy to overlook and we could do a better job calling this out.  To that end I filed &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17527&quot; title=&quot;Add startupWarning if server started with --rest or --httpinterface and access control is enabled&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17527&quot;&gt;&lt;del&gt;SERVER-17527&lt;/del&gt;&lt;/a&gt; to warn at startup if you&apos;re running in this type of configuration.&lt;/p&gt;

&lt;p&gt;I suspect that the reason this triggered after migrating to wiredTiger was not actually due to the wiredTiger migration but because as part of that process you deleted and re-created your user definitions, is that correct?  Upgrading an existing system with user definitions from 2.6 to 3.0 will initially leave the user definitions in the same format as they were in 2.6, using MONGODB-CR credentials, so the web console would continue to work with those users.  Once your users are using the new user format that only works with SCRAM-SHA-1, either because you ran the &lt;a href=&quot;http://docs.mongodb.org/manual/release-notes/3.0-scram/#upgrade-mongodb-cr-to-scram&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;authSchemaUpgrade command&lt;/a&gt; or because the user definitions were cleared out and re-created, then the web console would cease to work.&lt;/p&gt;</comment>
                            <comment id="847391" author="ibryson" created="Tue, 10 Mar 2015 11:51:10 +0000"  >&lt;p&gt;We use it to see that it&apos;s running and you can see what version it is etc, just in case our auto deploy scripts don&apos;t work.  It&apos;s easier hitting a URL then logging in from a command line mongo &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.mongodb.org/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;  &lt;/p&gt;

&lt;p&gt;We don&apos;t really need it as all our monitoring stats are elsewhere and I take the point about security.  However, it is a bit unexpected it doesn&apos;t work.  Maybe something in the logs to say it won&apos;t work with this security mechanism would be useful?  &lt;/p&gt;

&lt;p&gt;It&apos;s especially confusing when you upgrade from 2.6 and it works fine. But moving to wired tiger you need to export your data, clean out everything and then re-import and suddenly you can&apos;t use this tool.  You just assume your import / export has screwed up your users priivileges somehow or that there is a new role that your users need to use this tool.&lt;/p&gt;

&lt;p&gt;Anyway, thanks for the quick response.&lt;/p&gt;

&lt;p&gt;Cheers&lt;/p&gt;</comment>
                            <comment id="846643" author="spencer" created="Mon, 9 Mar 2015 18:32:05 +0000"  >&lt;p&gt;Hi Ian,&lt;br/&gt;
Your observations are correct, the web console does not support authenticating with SCRAM-SHA-1 users.  This is noted in the 3.0 release notes &lt;a href=&quot;http://docs.mongodb.org/manual/release-notes/3.0-compatibility/#http-status-interface-and-rest-api-compatibility&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;here&lt;/a&gt;.  Please note that the http interface is not held to the same security standards as the main server code and as such it is &lt;a href=&quot;http://docs.mongodb.org/manual/administration/security-checklist/#run-mongodb-with-secure-configuration-options&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;our recommendation&lt;/a&gt; that any security-sensitive deployments disable the http interface.&lt;br/&gt;
Can I ask what you are hoping to use the web console for?  Perhaps I can recommend another way to get access to whatever information you are currently getting from the web interface, for instance by using &lt;a href=&quot;https://mms.mongodb.com&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MMS&lt;/a&gt; or some other monitoring tool (munin, nagios, etc.)&lt;/p&gt;</comment>
                            <comment id="846358" author="ibryson" created="Mon, 9 Mar 2015 16:15:42 +0000"  >&lt;p&gt;On the above &quot;Steps to reproduce&quot; it should be the &quot;servername&quot; instead of &quot;localhost&quot;.  &lt;/p&gt;

&lt;p&gt;I think the issue may just be to do with accessing from a non localhost. On further investigation ( running on a local windows box ) it appears on 3.0.0 you can&apos;t connect to:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://servername:7646/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://servername:7646/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;but you can connect with &lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://localhost:7646/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:7646/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Maybe it&apos;s just connecting remotely that is now prevented?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="186387">SERVER-17390</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="188617">SERVER-17527</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 9 Mar 2015 16:48:25 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        8 years, 48 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 48 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10020"><![CDATA[Linux]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>ibryson</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlb5j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hs6xhb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;1) Startup brand new 3.0.0 mongo:&lt;/p&gt;

&lt;p&gt;numactl --interleave=all ${MONGO_HOME}/bin/mongod --config ./mongodb.conf&lt;/p&gt;

&lt;p&gt;mongodb.conf&lt;/p&gt;

&lt;p&gt;systemLog:&lt;br/&gt;
  destination: file&lt;br/&gt;
  path: &quot;/foo/logs/mongodb.log&quot;&lt;br/&gt;
  logAppend: true&lt;br/&gt;
processManagement:&lt;br/&gt;
   fork: true&lt;br/&gt;
net:&lt;br/&gt;
  http:&lt;br/&gt;
    enabled: true&lt;br/&gt;
    RESTInterfaceEnabled: true&lt;br/&gt;
  port: 6646&lt;br/&gt;
storage:&lt;br/&gt;
  dbPath: &quot;/foo/db&quot;&lt;/p&gt;

&lt;p&gt;2) Create a user on the localhost:&lt;/p&gt;

&lt;p&gt;$ mongo localhost:6646/admin&lt;/p&gt;

&lt;p&gt;&amp;gt; db.createUser(&lt;/p&gt;
{user: &quot;foo&quot;, pwd: &quot;bar&quot;,  roles: [&quot;userAdminAnyDatabase&quot;]}
&lt;p&gt;);&lt;/p&gt;

&lt;p&gt;3) Got to &lt;a href=&quot;http://localhost:7646/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:7646/&lt;/a&gt; and unable to login.&lt;/p&gt;

&lt;p&gt;Alternatively.&lt;/p&gt;

&lt;p&gt;1) Start using an existing 2.6.x db with 3.0.0 binaries.&lt;/p&gt;

&lt;p&gt;2) Login to the web console: &lt;a href=&quot;http://localhost:7646/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:7646/&lt;/a&gt;.  Should work fine.&lt;/p&gt;

&lt;p&gt;3) Login to mongo and upgrade the auth:&lt;/p&gt;

&lt;p&gt;&amp;gt; db.adminCommand(&lt;/p&gt;
{authSchemaUpgrade: 1}
&lt;p&gt;);&lt;/p&gt;

&lt;p&gt;4)  Go back to the web console (has to be in a fresh browser): &lt;a href=&quot;http://localhost:7646/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:7646/&lt;/a&gt; and you are now unable to login.  mongo command line tools still work.&lt;/p&gt;

&lt;p&gt;Looks a bit broken to me &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.mongodb.org/images/icons/emoticons/sad.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;



</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrkh2v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>