Rabbit MQ backend http authorisation not working

Question

I have configured rabbitmq-auth-backend-http and my rabbitmq.config looks like below

[
  {rabbit, [{auth_backends, [rabbit_auth_backend_http, rabbit_auth_backend_internal]}]},
  {rabbitmq_auth_backend_http,
   [{http_method,   get},
    {user_path,     "http://localhost:8080/auth/user"},
    {vhost_path,    "http://localhost:8080/auth/vhost"},
    {resource_path, "http://localhost:8080/auth/resource"},
    {topic_path,    "http://localhost:8080/auth/topic"}]}
].

Authorization end points http://localhost:8080/auth are up and running.

But when I am trying to login http://localhost:15672/api/whoami api is getting failed with status code 500.

Authentication with rabbitmq internal database is working fine. only problem is when adding rabbit_auth_backend_http in auth_backends is not working. It's not even hitting the authorization end points. I have checked the logs in var/rabbitmq/rabbit@localhost.log , but no help. I am posting the logs here

=ERROR REPORT==== 18-Aug-2017::21:55:46 === Ranch listener rabbit_web_dispatch_sup_15672 had connection process started with cowboy_protocol:start_link/4 at <0.574.0> exit with reason: {[{reason,undef},{mfa,{rabbit_mgmt_wm_whoami,is_authorized,2}},{stacktrace,[{rabbit_auth_backend_http,user_login_authentication,[<<"test">>,[{password,<<"test">>}]],[]},{rabbit_access_control,try_authenticate,3,[{file,"src/rabbit_access_control.erl"},{line,88}]},{rabbit_access_control,'-check_user_login/2-fun-0-',4,[{file,"src/rabbit_access_control.erl"},{line,74}]},{lists,foldl,3,[{file,"lists.erl"},{line,1263}]},{rabbit_mgmt_util,is_authorized,6,[{file,"src/rabbit_mgmt_util.erl"},{line,149}]},{cowboy_rest,call,3,[{file,"src/cowboy_rest.erl"},{line,976}]},{cowboy_rest,is_authorized,2,[{file,"src/cowboy_rest.erl"},{line,150}]},{cowboy_protocol,execute,4,[{file,"src/cowboy_protocol.erl"},{line,442}]}]},{req,[{socket,#Port<0.26006>},{transport,ranch_tcp},{connection,keepalive},{pid,<0.574.0>},{method,<<"GE T">>},{version,'HTTP/1.1'},{peer,{{127,0,0,1},51220}},{host,<<"localhost">>},{host_info,undefined},{port,15672},{path,<<"/api/whoami">>},{path_info,undefined},{qs,<<>>},{qs_vals,[]},{bindings,[]},{headers,[{<<"host">>,<<"localhost:15672">>},{<<"connection">>,<<"keep-alive">>},{<<"authorization">>,<<"Basic dGVzdDp0ZXN0">>},{<<"user-agent">>,<<"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36">>},{<<"content-type">>,<<"application/json">>},{<<"accept">>,<<" / ">>},{<<"referer">>,<<" http://localhost:15672/ ">>},{<<"accept-encoding">>,<<"gzip, deflate, br">>},{<<"accept-language">>,<<"en-US,en;q=0.8">>},[{<<"connection">>,[<<"keep-alive">>]}]},{cookies,undefined},{meta,[]},{body_state,waiting},{buffer,<<>>},{multipart,undefined},{resp_compress,true},{resp_state,waiting},{resp_headers,[{<<"vary">>,<<"origin">>}]},{resp_body,<<>>},{onresponse,#Fun}]},{state,{context,undefined,none,undefined}}],[{cowboy_rest,error_terminate,5,[{file,"src/cowboy_rest.erl"},{line,1009}]},{cowboy_rest,is_authorized,2,[{file,"src/cowboy_rest.erl"},{line,150}]},{cowboy_protocol,execute,4,[{file,"src/cowboy_protocol.erl"},{line,442}]}]}

what I am doing wrong?

thanks for any help.

Answer 1

After posting this question rabbitmq-user google group I got the solution. you need to install rabbitmq-auth-backend-http manually. Adding configuration in rabbitmq.config file will not install it.

here is the link of more detailed answer .

Another important thing about rabbitmq-auth-backend-http plugin is you have to configure all endpoints(user_path, vhost_path, topic_path, resource_path) in rabbitmq.config file. If miss any endpoint rabbitmq will take below default values for authorization.

{user_path,     "http://localhost:8000/auth/user"},
{vhost_path,    "http://localhost:8000/auth/vhost"},
{resource_path, "http://localhost:8000/auth/resource"},
{topic_path,    "http://localhost:8000/auth/topic"}