Forum Discussion
NimbostratusProviding right credential to connect the F5 device using RestAPI is always throwing 401 error
Hi All,
Here I am using RestAPI to connect to the device. I am always getting the http 401 error even my credentials are right and able to reach the same url using webbrowser.
Can anybody help me to get ride of this.
Here are my Java console logs
Regards, Prakash.K
12 Replies
Prakash_Krishna2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Get connection: HttpRoute[{s}->https://:443], timeout = 0 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - [HttpRoute[{s}->https://:443]] total kept alive: 0, total issued: 0, total allocated: 0 out of 20 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - No free connections [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Available capacity: 2 out of 2 [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Creating new connection [HttpRoute[{s}->https://:443]] 2014-05-02 22:23:40,859 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnectionOperator - Connecting to /:443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Sending request: POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "POST /mgmt/tm/sys/software/volume/ HTTP/1.1[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Type: application/json[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Length: 82[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Host: :443[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.1 (java 1.5)[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Type: application/json 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Length: 82 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Host: :443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Connection: Keep-Alive 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.1 (java 1.5) 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - >> "{"username":"*****","password":"********","services":["platform","namespace"]}" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 401 F5 Authorization Required[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Date: Sat, 03 May 2014 12:57:12 GMT[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Server: Apache[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "WWW-Authenticate: Basic realm="Enterprise Manager"[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Vary: accept-language,accept-charset[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Frame-Options: SAMEORIGIN[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Accept-Ranges: bytes[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Content-Type-Options: nosniff[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-XSS-Protection: 1; mode=block[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Strict-Transport-Security: max-age=16070400; includeSubDomains[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Keep-Alive: timeout=4, max=100[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Type: text/html; charset=iso-8859-1[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Language: en[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Receiving response: HTTP/1.1 401 F5 Authorization Required 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.headers - << HTTP/1.1 401 F5 Authorization Required- Kevin_Stewart
Employee
Not sure what your initial request looks like, but it may be worthwhile to test the same with cURL at the command line:
curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/software/volume -d '{...post data...}'Also, and this may just be an artifact of your logs, but note the credentials do not go in the POST data. They need to presented however your Java-based app would work with HTTP Basic authentication.
kunjan_118660Cumulonimbus
May be can try 'admin' if you are using a different user.
Sergei_Genchev_If you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.
kunjanMay be can try 'admin' if you are using a different user.
- Sergei_Genchev_If you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.
In 11.5.1, REST will only accept the admin account credentials. Other users that perform other roles, currently, will not work with REST - you will continue to get 401 responses from REST. This should be fixed in an upcoming hotfix.
Log a case to Support for further updates. I hear tell of a way to allow other "admin" users to perform REST calls but it requires a script to be run. This is also supposed to be fixed in an upcoming hotfix.
brad_11480any information on what version(s) this has been corrected in? I just upgraded to 12.1.1 and i have users who are not able to use the RestAPI. They get 401. What right does the user require? I would hope that it would reflect the same rights structure and not require them to be admin.
nyif5_225400Hi I am having the same 401 auth error. Did any one get the resolution. Or we just need to use the admin user for RestAPI ?
Jad_Tabbara__J1Cirrostratus
You need to use admin user for RestApi
- brad_11480
Really?? admin user only? There is no security model for the RestAPI? This renders the use of the RestAPI to be very limited in scope. It certainly can't be used for monitoring systems as the credentials would be required on those systems to call the RestAPI.
This means that anyone who needs to use it basically has the 'keys to the kingdom' and can use those credentials to do whatever they wish on the systems.
Note that generating a token is useless alternative since they expire in 8 hours.
Ref below comment about it being corrected in a subsequent 'hotfix' I'm on 12. no relief.
