I am running the artifactory pro registry (jfrog-docker-reg2.bintray.io/jfrog/artifactory-registry:4.7.7) and my users have been experience an issue since 4.7.5... a small percentage of my traffic is getting 403's.
What is confusing me is that when I look at the ngix logs I see entries like this:
../nginx/access.log:172.20.7.84 - public [17/May/2016:09:11:01 -0600] "GET /artifactory/api/npm/NPM-Main/grunt-contrib-jshint HTTP/1.1" 403 147 "install" "npm/2.7.5 node/v0.10.30 linux x64" "-"
../nginx/access.log:172.20.7.83 - public [17/May/2016:09:16:08 -0600] "GET /artifactory/api/npm/NPM-Main/grunt-contrib-jshint HTTP/1.1" 403 147 "install" "npm/2.7.5 node/v0.10.30 linux x64" "-"
While when I look at artifactory's request log the entries look like this:
obviously the problem is that the user account has been changed to non_authenticated_user, and despite the fact that the original requester and anonymous users have access to the repo, the non_authenticated_user is being refused access..
How can I configure the repo to re-establish the users session or assume that the non_authenticated_user should have the same rights as an anonymous user?