helm chart is not setting password or is not setting it incorrectly

[thiDucTran]

creating a new one since #2185 is closed

still an issue for chart 1.18.0

• login via UI

[25/Sep/2025:03:37:32 +0000] "GET /api/v2.0/users/current HTTP/2.0" 401 62 "https://harbor-dev.blah.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0" 4141 0.002 [infra-harbor-registry-core-80] [] 10.0.4.222:8080 62 0.003 401 ebac0b74617051a6eb681b376b409744                                                                                                

[25/Sep/2025:03:37:33 +0000] "GET /api/v2.0/users/current HTTP/2.0" 401 62 "https://harbor-dev.blah.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0" 4141 0.002 [infra-harbor-registry-core-80] [] 10.0.4.222:8080 62 0.002 401 2ac2fbfb7ad61161bfb4634b742b98af                                                                                                

[25/Sep/2025:03:37:37 +0000] "POST /c/login HTTP/2.0" 401 0 "https://harbor-dev.blah.com/account/sign-in?redirect_url=%2Fharbor%2Fprojects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0" 4338 1.507 [infra-harbor-registry-core-80] [] 10.0.4.222:8080 0 1.506 401 f374d800492dfa25c716f016bc7568b8    

2025-09-25T03:37:25Z [WARNING] [/core/auth/authenticator.go:158]: Login failed, locking admin, and sleep for 1.5s                                                                  2025-09-25T03:37:27Z [ERROR] [/core/controllers/base.go:101]: Error occurred in UserLogin: Failed to authenticate user, due to error 'Invalid credentials'

• login via curl -Lkv -u 'admin' https://harbor-dev.blah.com/api/v2.0/systeminfo Works...but from the ingress controller log... api/v2.0/systeminfo is not what is failing when login via web ui

meaning if I do curl -Lkv -u 'admin' https://harbor-dev.blah.com/api/v2.0/users/current ..it's the same 401 error

curl -Lkv -u 'admin' https://harbor-dev.blah.com/api/v2.0/users/current


Enter host password for user 'admin':
* Host harbor-dev.blah.com:443 was resolved.
* IPv6: (none)
* IPv4: maskedIP
*   Trying maskedIP:443...
* Connected to harbor-dev.blah.com (maskedIP) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=harbor-dev.blah.com
*  start date: Sep 24 06:49:49 2025 GMT
*  expire date: Dec 23 06:49:48 2025 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R13
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/2
* Server auth using Basic with user 'admin'
* [HTTP/2] [1] OPENED stream for https://harbor-dev.blah.com/api/v2.0/users/current
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: harbor-dev.blah.com]
* [HTTP/2] [1] [:path: /api/v2.0/users/current]
* [HTTP/2] [1] [authorization: Basic *****]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET /api/v2.0/users/current HTTP/2
> Host: harbor-dev.blah.com
> Authorization: Basic ******
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 401
< date: Thu, 25 Sep 2025 03:46:23 GMT
< content-type: application/json; charset=utf-8
< content-length: 62
< set-cookie: sid=a2a5c82e8e6f9d3a5fad24dd764cde65; Path=/; HttpOnly
< x-request-id: 48203d0d87b3bc6b558c49e07ff2e73e
< strict-transport-security: max-age=31536000; includeSubDomains
<
{"errors":[{"code":"UNAUTHORIZED","message":"unauthorized"}]}
* Connection #0 to host harbor-dev.blah.com left intact

this is systeminfo

{"auth_mode":"db_auth","banner_message":"","oidc_provider_name":"","primary_auth_mode":false,"self_registration":false}

[thiDucTran]

thing is both the default pass and my configured pass do not work

[reasonerjt]

@thiDucTran

Let's focus on your problem.

The systeminfo API can reutrn 2xx when the password is not set or is incorrect, this is by design, b/c UI needs to call it without user logged in.

Therefore, when you see 2xx for systeminfo it doesn't mean you provided the correct password.

[stonezdj]

You can refer the FAQ(2. How to reset admin password): https://github.com/goharbor/harbor/wiki/Harbor-FAQs to reset password.