Hello Heitor, Thanks for your response that you were able to make it working. As addition to it I would like to add that the API Client short name is string used to identify by administrator which OAuth2 API account is used by which user. So the short name is used only for information. It can be for example: "My user123 account" or "Regular user account" or same "user123" or whatever you want.
Very similar story is with bconsole config file names assigned to the OAuth2 Client accounts. It can be bconsole-<user>.conf, but also it can be user-config-bconsole.conf, or my-restricted-bconsole.conf or something different. Basing on your feedback I will update the documentation to make all setting the API OAuth2 up easier. Thanks again. Best regards, Marcin Haba (gani) On Wed, 4 Mar 2020 at 01:28, Heitor Faria <hei...@bacula.com.br> wrote: > > Hello Marcin, > > I was able to make it work. Many thanks for that. > One caveat was that I needed to create the Baculum API Access for each user > using the same user as the API Shortname. > Also, I think it should be clear that it is necessary to create a (e.g.) > bconsole-<user>.conf for each user, if willing to also use Bacula ACLs. > In summary, it was necessary for at least the admin and ordinary users: > > - Bacula ACL (if desired) Programmatic Authentication: create new > bconsole-<user>.conf <=> and new bacula-dir.conf Console resource; > - OAuth Programmatic Authentication: create new Baculum API (9096) OAuth > Client <=> new Baculum (9095) User API Configuration with User as Shortname; > - Baculum User Authentication: create new user and password in Baculum (9095) > User Menu. > > Regards, > > ----- Original Message ----- > > From: "ganiuszka" <ganius...@gmail.com> > > To: "Heitor Faria" <hei...@bacula.com.br> > > Cc: "bacula-users" <bacula-users@lists.sourceforge.net> > > Sent: Monday, March 2, 2020 10:14:36 PM > > Subject: Re: [Bacula-users] [Baculum 9.6.2] Error code: 6 Message: Problem > > with authorization to Baculum API. > > > Hello Heitor, > > > > Bacula Console password is something different than OAuth2 token. I > > mean that Bacula Director Console resource password should be defined > > idependently from any Baculum configuration. Tokens are Baculum > > specific and they are not used in Bacula configuration. > > > > In general you don't need to use tokens manually at all because > > Baculum works with them automatically and "in background". A case when > > you might need tokens is when you want to use an external application > > (not Baculum) or your own script to send requests to Baculum API with > > OAuth2 enabled. > > > > To fix your current configuration I propose to do the following steps: > > > > 1. Modify Baculum API web server configuration to use OAuth2 (done) > > 2. Use Baculum API configuration wizard to switch Baculum API to OAuth2 mode > > 3. In Baculum API define main OAuth2 client account for administrator > > (with all scopes and without restricted console) > > 4. Using Baculum Web config wizard connect Baculum Web with Baculum > > API (by client account from point 3.) > > > > After that you can define OAuth2 client accounts on Baculum API side > > that will use restricted consoles. For that please follow on > > screenshots with red arrows in "Multi-user interface" chapter in the > > console manual. > > > > I hope it helps. > > > > Best regards, > > Marcin Haba (gani) > > > > On Tue, 3 Mar 2020 at 01:45, Heitor Faria <hei...@bacula.com.br> wrote: > >> > >> Dear Users, > >> > >> Still configuring the Baculum Multi-user interface such as in > >> <https://www.bacula.org/9.4.x-manuals/en/console/Baculum_API_Web_GUI_Tools.html#SECTION003140000000000000000>. > >> After changing the API Apache Conf. Locationg TAG, creating the OAuth > >> users and > >> Console entries in the bacula-dir.conf, I still receive the following error > >> after Baculum authentication: > >> > >> Error code: 6 Message: Problem with authorization to Baculum API. > >> > >> I tried to set both OAuth Secret key and Basic HTTP user password in the > >> bacula-dir.conf user Console resource Password Directive, but same error (I > >> think the documentation doesn't mention that). > >> I'm obviously missing something. > >> > >> Regards, > >> -- > >> > >> MSc Heitor Faria > >> CEO Bacula LATAM > >> mobile1: + 1 909 655-8971 > >> mobile2: + 55 61 98268-4220 > >> > >> > >> América Latina > >> bacula.lat | bacula.com.br > >> > >> _______________________________________________ > >> Bacula-users mailing list > >> Bacula-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/bacula-users > > > > > > > > -- > > "Greater love hath no man than this, that a man lay down his life for > > his friends." Jesus Christ > > > > "Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie > > za przyjaciół swoich." Jezus Chrystus > > -- > MSc Heitor Faria > CEO Bacula LATAM > mobile1: + 1 909 655-8971 > mobile2: + 55 61 98268-4220 > [ https://www.linkedin.com/in/msc-heitor-faria-5ba51b3 ] > [ http://www.bacula.com.br/ ] > > América Latina > [ http://bacula.lat/ | bacula.lat ] | [ http://www.bacula.com.br/ | > bacula.com.br ] -- "Greater love hath no man than this, that a man lay down his life for his friends." Jesus Christ "Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie za przyjaciół swoich." Jezus Chrystus _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
