Forum Discussion
caulfiedd_spurr
Cirrus
Cirrusquestion of limitation and expiration for rest api token
now I cannot login ltm via rest api , i thought the number of token of my account has reach the maximum .here is an error login myhost fail b'{"code":401,"message":"remoteSender:http://localhost:81...
It is not obvious from the error message you provided, however, a usual error message you get from authorization error (e.g., incorrect password) is "message": "Authentication failed." The issue may be a bit deeper than you may think. Try restarting the iControl REST framework daemon by running 'tmsh restart sys service restjavad'. If the issue still persists, I recommend you to file a service ticket to F5 support.
Hi, here is a routine I wrote for Ansible.
It´s validating an existing token before using it for the following tasks.
In case it is already invalid or it is expiring soon, a new token will be requested and stored for future use.
I use it i.e. for device onboarding, configuration and modification tasks.
Even if you don´t use Ansible it hopefully shows the REST calls applied.
It´s tested with TMOS v12-v15.
Cheers, Stephan
- name: request current token information
no_log: "{{ logging_disabled }}"
uri:
validate_certs: no
url: https://{{ inventory_hostname }}/mgmt/shared/authz/tokens/{{ device_info[inventory_hostname].token }}
method: GET
headers:
X-F5-Auth-Token: "{{ device_info[inventory_hostname].token }}"
status_code:
- 200
- 401
register: token_info
until: (token_info.status == 200) or
(token_info.status == 401)
retries: 90
delay: 10
when: (device_info is defined) and
(device_info[inventory_hostname] is defined) and
(device_info[inventory_hostname].token is defined)
- name: debug current token
debug:
msg:
- "auth status code: {{ token_info.status | default('undefined') }}"
- "token valid for: {{ (token_info.json.expirationMicros | int - token_info.json.lastUpdateMicros | int) // 1000000 }} seconds"
- "current token: {{ device_info[inventory_hostname].token | default('undefined') }}"
when: (device_info is defined) and
(device_info[inventory_hostname] is defined) and
(device_info[inventory_hostname].token is defined) and
(token_info.status != 401)
- name: aquire new token on error or if token would expire soon
no_log: "{{ logging_disabled }}"
uri:
validate_certs: no
url: https://{{ inventory_hostname }}/mgmt/shared/authn/login
method: POST
body_format: json
body:
username: admin
password: "{{ bigip_credentials_secure.admin }}"
loginProviderName: tmos
register: token_data
until: token_data.status == 200
retries: 60
delay: 10
when: (token_info.status is not defined) or
(token_info.status == 401) or
((token_info.status == 200) and (((token_info.json.expirationMicros | int - token_info.json.lastUpdateMicros | int) // 1000000) < 120))
- name: retrieve token from payload and store to data structure
set_fact:
device_info: "{{ device_info | default({}) | combine({inventory_hostname: {'token': token_data.json.token.token, 'expiration': token_data.json.token.expirationMicros}}, recursive=True) }}"
when: (token_data is defined) and
(token_data.status is defined) and
(token_data.status == 200)
- name: debug final token
debug:
msg:
- "final token: {{ device_info[inventory_hostname].token | default('undefined') }}"
when: (device_info is defined) and
(device_info[inventory_hostname] is defined) and
(device_info[inventory_hostname].token is defined)
...