These are backend steps that occur when a user tries to authenticate against Artifactory using Docker:
docker login docker.art.local
1. The Docker client checks the existence of Artifactory via an anonymous GET request:
The 401 HTTP code should be expected if Artifactory does not allow anonymous access to the repository in question. If a 200 OK is seen by the Docker client, then credentials will not be used.
2. The Docker client gets an access token:
This can be replicated via the following cURL command:
which returns a JSON with the following token value:
docker login docker.art.local
"docker" in docker.art.local is the name of the virtual repository
*.art.local is the web address used by a reverse proxy configured for subdomain Docker repositories
*.art.local is the web address used by a reverse proxy configured for subdomain Docker repositories
1. The Docker client checks the existence of Artifactory via an anonymous GET request:
[$ARTIFACTORY_HOME/logs/request.log]
20180523095407|0|REQUEST|127.0.0.1|non_authenticated_user|GET|/api/docker/docker/v2/|HTTP/1.0|401|0
20180523095407|0|REQUEST|127.0.0.1|non_authenticated_user|GET|/api/docker/docker/v2/|HTTP/1.0|401|0
The 401 HTTP code should be expected if Artifactory does not allow anonymous access to the repository in question. If a 200 OK is seen by the Docker client, then credentials will not be used.
2. The Docker client gets an access token:
20180523095417|10042|REQUEST|127.0.0.1|admin|GET|/api/docker/docker/v2/token|HTTP/1.0|200|0
This can be replicated via the following cURL command:
curl -u<USERNAME> http://art.local:8081/artifactory/api/docker/docker/v2/token
which returns a JSON with the following token value:
{"token":"AKCp5Z3WYHpAyga9aYGuG4ESxLtC3Y1MAXUmfUemaKmrYvSpsesD4nsX2ezymTjMJLWowZ5LA","expires_in":3600}