Missing Authorization header when accessing the health check for microservices in IDSP
search cancel

Missing Authorization header when accessing the health check for microservices in IDSP

book

Article ID: 429836

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

Running IDSP, when accessing the healthcheck link for the microservices, the browser returns the error:

0000003 - Missing Authorization header

like

https://ssp.example.com/system/factor/v1/health
errorCode    "0000003"
errorMessage    "Missing Authorization header"

  or

errorCode     "0000014",
errorMessage  "No scope mapped for the request API"
  
How to get the "Factor Service Health" unblocked?

How to reach this health check, with the good access token how to retrieve it?

Cause

No scope is needed on the system ingress because health checks are accessible by K8s readiness/liveness probes.

It's accessible via management ingress. 

It looks like the host ({{sspMgmtHost}}) is not the right one.

The health ckeck API URLs don't need authentication.

To get the right sspMgmtHost value, run the following:

# kubectl get pods,svc,ing -n <namespace> -o wide

NAME                                                      CLASS   HOSTS                                                   ADDRESS         PORTS     AGE
ingress.networking.k8s.io/<releasename>-ssp-ingress                 nginx   ssp.example.com,*.ssp.example.com             10.0.0.1        80, 443   14d
ingress.networking.k8s.io/<releasename>-ssp-ingress-mgmt            nginx   mgmt-ssp.example.com                          10.0.0.1        80, 443   14d

From that command above, the sspMgmtHost is mgmt-ssp.example.com.

Resolution

Use the correct FQDN for the ingress-mgmt host to solve this issue.

Using the correct FQDN will make the healthcheck URL's to return:

{"healty":true}

From the browser:

https://mgmt-ssp.example.com/system/identity/v1/health
{"healthy":true}

https://mgmt-ssp.example.com/system/auth/v1/health
{"healthy":true}

https://mgmt-ssp.example.com/system/oauth2/v1/health
{"healthy":true}

https://mgmt-ssp.example.com/system/admin/v1/health
{"healthy":true}

https://mgmt-ssp.example.com/system/factor/v1/health
{"healthy":true}

https://mgmt-ssp.example.com/system/iarisk/v1/health
{"healthy":true}

This is the list that are provided out of the box (1)(2).

The same applies when using Postman:

GET https://postman-echo.com/get

pm.environment.set("sspHost", "ssp.example.com");
pm.environment.set("sspMgmtHost", "mgmt-" + pm.environment.get("sspHost"));

Additional Information

  1. Monitoring Services

     
  2. Health Service Monitoring API

Powered by Wolken Software