Elder_Thing
Sep 15, 2014Nimbostratus
Remotely authenticated users for iControl Rest
My question is: Can a remotely authenticated user that is not an Administrator access the REST interface?
I have this functionality for the 'admin' account of course. It works fine.
When I use a remotely authenticated user (AD in my case) it ONLY works if I do the following:
1) Create a Remote Role group
2) Set the following: Remote Access - Enabled, Terminal - tmsh
3) Make sure Attribute String matches AD group
4) The setting for Assigned Role doesn't matter as it turns out.... see below
`
Now, the above works for the GUI, but for REST access, I have to:
` 1) Create a local user
2) 'User Name' must match the 'sAMAccountName' attribute
3) Set Terminal Access to 'tmsh' and Role to 'Administrator'
The account in question will now have the ability to query the device through the REST interface.
Setting the role to anything else will prevent REST access from working. One will receive the "java.lang.SecurityException: Authorization failed:" error.
Is this by design? Am I missing something? btw, giving the account Admin in this manner makes the account admin in the GUI as well.
Any help here is greatly appreciated