For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rpuga's avatar
rpuga
Icon for Nimbostratus rankNimbostratus
Dec 07, 2018

REST - Token utilization

Hi.

 

In my API tests, while not using a browser, which asks authentication, I am trying to authenticate directly on my code. I am sending the follow POST request:

 

POST https://10.0.0.1/mgmt/shared/authn/login

{
"username": "admin",
"password": "myStrongPasswd",
"loginProviderName": "tmos"
}

I receive the token in the response, as follow:

 

"token": {
    "token": "MY_26_LENGTH_TOKEN",
    "name": "MY_26_LENGTH_TOKEN",
    "userName": "admin",
    "authProviderName": "tmos",

I can't see any errors in the response, so everything looks fine. After that, I try to send new requests using the token, as follow:

 

GET https://10.0.0.1/mgmt/tm/asm/signature-sets

{
"X-F5-Auth-Token": "MY_26_LENGTH_TOKEN"
}

But I receive as the response a message saying that I am not authenticated.

 

Authentication required!

    This server could not verify that you are authorized to access
    the URL "/mgmt/tm/asm/signature-sets".
    You either supplied the wrong credentials (e.g., bad password), or your
    browser doesn't understand how to supply the credentials required.

What I am doing wrong in this case?

 

ASM Advanced WAF
devops
security

1 Reply

  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Dec 07, 2018

    Are you sending the token as a header?

    For example:

    curl -X GET -H "X-F5-Auth-Token: ABCDEFGHIJKLMNOPQRSTUVWXYZ" "https://10.0.0.1/mgmt/tm/asm/signature-sets"