uaac curl works but uaa curl does not.

[jppitout]

Good day, I am trying to figure out the difference between the Ruby uaac and Go uaa when using curl to update OpsMan authentication settings.
Below env vars are used in both cases:

# Env Vars
ENV_NAME=sandbox
opsman_password=$(credhub get -n "/concourse/${ENV_NAME}/opsman_password" -q)
decryption_passphrase=$(credhub get -n "/concourse/${ENV_NAME}/opsman_decryption_passphrase" -q)
unlock_user_password=$(credhub get -n "/concourse/${ENV_NAME}/opsman_unlock_user_password" -q)
payload="{
  \"authentication\": {
    \"decryption_passphrase\": \"${decryption_passphrase}\",
    \"identity_provider\": \"internal\",
    \"admin_user_name\": \"admin\",
    \"admin_password\": \"${opsman_password}\",
    \"admin_password_confirmation\": \"${opsman_password}\"
  }
}"

This works (Ruby uaac):

uaac target https://pcf.${ENV_NAME}.westeurope.api.mtn.com/uaa
uaac token owner get opsman unlock_user -s '' -p "${unlock_user_password}"

uaac curl -X PUT -H "Content-type: application/json" https://pcf.${ENV_NAME}.westeurope.api.mtn.com/api/v0/settings/authentication -d "${payload}"

I get:

--snip--
200 OK
--snip--

and in the OpsMan access.log:

155.93.175.238 - opsman [20/Apr/2021:10:09:35 +0000] "POST /uaa/oauth/token HTTP/1.1" 200 2532 "-" "HTTPClient/1.0 (2.8.3, ruby 2.5.1 (2018-03-29))"
155.93.175.238 - - [20/Apr/2021:10:09:51 +0000] "PUT /api/v0/settings/authentication HTTP/1.1" 200 12 "-" "Ruby"

This does not work (Go uaac):

./uaa target https://pcf.${ENV_NAME}.westeurope.api.mtn.com/uaa
./uaa get-password-token opsman -s '' -u unlock_user -p "${unlock_user_password}"

./uaa curl -X PUT -H "Content-type: application/json" https://pcf.${ENV_NAME}.westeurope.api.mtn.com/api/v0/settings/authentication -d "${payload}"

I get:

--snip--
        <div class="alert alert-error">
            <p>Invalid login attempt, the request does not meet our security standards and may indicate that the action was not originated by you. Please try again.</p>
        </div>
--snip--

and in the OpsMan access.log:

155.93.175.238 - opsman [20/Apr/2021:09:55:09 +0000] "POST /uaa/oauth/token HTTP/1.1" 200 2516 "-" "Go-http-client/1.1"
155.93.175.238 - - [20/Apr/2021:09:57:41 +0000] "PUT /uaa/https:/pcf.sandbox.westeurope.api.mtn.com/api/v0/settings/authentication HTTP/1.1" 302 0 "-" "Go-http-client/1.1"
155.93.175.238 - - [20/Apr/2021:09:57:41 +0000] "GET /uaa/login?error=invalid_login_request HTTP/1.1" 200 49404 "https://pcf.sandbox.westeurope.api.mtn.com/uaa/https:/pcf.sandbox.westeurope.api.mtn.com/api/v0/settings/authentication" "Go-http-client/1.1"

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/177834374

The labels on this github issue will be updated when the story is started.

[jppitout]

Additional info:

• Ruby uaac version: UAA client 4.2.0
• Go uaa version: 0.10.0 8626b94

The most obvious difference from the OpsMan access.log is:

#go 
155.93.175.238 - - [20/Apr/2021:10:43:28 +0000] "PUT /uaa/https:/pcf.sandbox.westeurope.api.mtn.com/api/v0/settings/authentication HTTP/1.1" 302 0 "-" "Go-http-client/1.1"
#ruby 
155.93.175.238 - - [20/Apr/2021:10:40:47 +0000] "PUT /api/v0/settings/authentication HTTP/1.1" 200 12 "-" "Ruby"