7 Replies Latest reply on Mar 19, 2015 8:22 PM by Bill Robinson

    REST API Authentication

      I'm making a request to the REST API on one of our BSA application servers using the form:

       

      https://<HOSTNAME>:9843/type/PropertySetClasses/SystemObject/Server/?username=<USERNAME>@<DOMAIN>.COM&password=<PASSWORD>&role=BLAdmins&authType=ADK_PASSWORD

       

      The response is:

       

      <RESTXMLResponse>

           <ErrorResponse>

                <Error>Authentication failure: please verify user credentials</Error>

           </ErrorResponse>

      </RESTXMLResponse>

       

      These are the same credentials I use to login with the BSA thick client.  As a troubleshooting measure, I would liker to attempt login using a BSA account (read: not AD Domain) but do not have one at my disposal immediately.  Does this response at least verify that the REST API is running on the application server?  Is it possible that I am simply not permissioned for the REST API?

       

      Thanks in advance for your time and attention.

        • 1. Re: REST API Authentication

          Hi Daniel,

           

          The API is running, otherwise you wouldn't get a response (its the REST API that generates that XML structure) so if WebServices are not enabled you will not get a response as the request is just going to time out. You can check on your AppServer to confirm that it is listening on the WebServices port (9843 by default, which is the case in your example) with netstat.

           

          In your example, you seem to add ".COM" after the domain name, which seems odd, but that might be just a typo while pasting in Communities. Also the user name and domain are case sensitive, so make sure you have it right.

           

          IMO there's no such thing as an RBAC right for REST, so in case you are trying to see something you are not allowed to, you would get a different error telling you that you don't have access, but that's not a credential problem per se.

           

          Could you post the AppServer logs you are getting when this error occurs, that might help.

           

          Olivier.

          • 2. Re: REST API Authentication
            Daniel Suen

            I am another Daniel hitting similar problem, and after searching, landed onto this thread. I am trying to authenticate against the REST API, the situation is a little bit different.

             

            If I send,

             

            curl --insecure -v -H 'Accept: application/json' 'https://servername:9843/login?role=BLAdmins&password=some_password&authType=ADK_PASSWORD&username=my_username'

             

            I get,

             

            {"ErrorResponse":{"Error":"Authentication failure: please verify user credentials"}}

             

            I checked that the username and password I supplied are exactly the same when I logon to the BMC Server Automation Console. I also verify that my account is authentication through ADK (IS_ENABLED_ADK_AUTH is set to True while the other *_AUTH are set to False). The interesting part is, my password actually has a question mark, and if I use this correct password, I don't get a valid JSON response (seems to be a "0" in the body), but the server closes the connection with a 200 response. You may say try encode the ? as %3F, which I tried, and I got the authentication failure as above. I tried removing authType, and encode all the query string to be URL-friendly, I still get the same authentication failure.

             

            From what I read on the web, the character "?" is valid in the query string since according to the web standard, the first "?" separates the query string from the server:port:uri portion of the whole URL, and therefore no need to be encoded. From this, it looks like the API is taking the question mark in my password in the query string as part of hte server:port:uri, and so probably not knowing that it is a login request. What is the log file? Is it in NSH/br/appserver.log|console.log ? I am new to BL server automation, although I did go over the basics. It looks to me that nothing related to this get logged there.

             

            Daniel.

            • 3. Re: REST API Authentication
              Bill Robinson

              can you change your passwd so it doesn't have the ? ?  also - what bsa version ?

              • 4. Re: REST API Authentication
                Daniel Suen

                8.5.01.260 or   8.5.01 SP 4


                Well, I did not change my password to try. This is the version that I am working with. Thanks.


                Daniel.

                • 5. Re: REST API Authentication
                  Daniel Suen

                  OK, after changing the password to something without a question mark, it works.


                  Daniel.

                  • 6. Re: REST API Authentication
                    Raja Mohan

                    you could have escaped the password special characters with URL escape characters on password

                     

                    replace % with %25

                    replace @ with %40

                    replace ? with %3F

                    and so on

                    • 7. Re: REST API Authentication
                      Bill Robinson

                      he did:

                      'The interesting part is, my password actually has a question mark, and if I use this correct password, I don't get a valid JSON response (seems to be a "0" in the body), but the server closes the connection with a 200 response. You may say try encode the ? as %3F which I tried, and I got the authentication failure as above. I tried removing authType, and encode all the query string to be URL-friendly, I still get the same authentication failure.'