4 Posts
0
973
Secure Connect Gateway 5.12 rest API authentication not working
Hi,
I am trying to use python and its requests lib to automate some tasks of assigning devices to specific groups.
I have looked at the documentations (https://www.dell.com/support/manuals/sv-se/secure-connect-gateway/scg_rest_api_guide/user-authentication?guid=guid-255f66c6-65b2-4d79-85b1-36a9d0d474d8&lang=en-us)
But this does not work.
When i try to request a token with the way they refer to (Authenticate user by generating a JSON Web Token (JWT))
It just complains that my header lacks "authentication" headers.
here is what my test code looks like:
import requests
from pprint import pprint
import jwt
base_url = "https://:5700"
proxies = {
"http": "",
"https": "",
}
token_body = {
"domain": "domain.se",
"username": "username",
"password": "password"
}
# attemt 1
def get_token():
url = base_url + "/v2/auth/token"
token = jwt.encode(payload=token_body, key="secret")
headers = {
"Accept": "application/json",
"Content-type": "application/json",
"Authorization": "Bearer " + token
}
response = requests.post(url, headers=headers, proxies=proxies, verify=False)
data = json.loads(response.text)
# pprint(data)
# attempt 2
def basic_auth():
url = base_url + "/v2/auth/token"
headers = {
"Content-type": "application/json",
"Accept": "application/json"}
response = requests.post(url, headers=headers, auth=("domain\\username", "password"), data=token_body, proxies=proxies, verify=False)
data = json.loads(response.text)
pprint(data)
# attempt 3
def basic_auth2():
url = base_url + "/v2/auth/token"
headers = {
"Content-type": "application/json",
"Accept": "application/json"}
response = requests.post(url, headers=headers, data=token_body, proxies=proxies, verify=False)
data = json.loads(response.text)
pprint(data)
def main():
print("-----jwt-----")
get_token()
print("-----Basic auth------")
basic_auth()
print("-----Basic auth 2------")
basic_auth2()
if __name__ == "__main__":
main()
get_token() Results:
{'code': 'SAE-080011',
'details': {'additionalErrors': [],
'additionalInfo': {},
'detailedDescription': '',
'responseAction': ''},
'message': 'This session timed out. Refresh and try again.',
'type': 'ERROR'}
basic_auth() Results:
{'code': 'SAE-080003',
'details': {'additionalErrors': [],
'additionalInfo': {},
'detailedDescription': '',
'responseAction': ''},
'message': "We couldn't continue with this authorization key. Enter a new "
'key, then try again.',
'type': 'ERROR'}
basic_auth2() Results:
{'code': 'SAE-080002',
'details': {'additionalErrors': [],
'additionalInfo': {},
'detailedDescription': '',
'responseAction': ''},
'message': 'Authorisation Header is missing!',
'type': 'ERROR'}
None of the methods work and the documentation seems to be wrong about sending the credentials via the body since it only seems to care about my authentication header.
To summarize my main questions.
1. Which method is the right one?
2. What am i missing?
3. In the first method the secret key in the jwt.encode(key=?).. Where do i get that from or what is that? Im not familiar with jwt's..
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
October 20th, 2022 13:00
Andrija,
What you can do is try manually running cURL
For example.
[root@localhost ~]# Auth=$(curl -k -d '{"username":"admin","password":"password"}' -H 'Content-Type: application/json' https://SCG:5700/SupportAssist/api/v2/auth/token 2>/dev/null | grep "accessToken" | head -1)
[root@localhost ~]# echo $Auth
"accessToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwicm9sZSI6IlNDR0FkbWlucyIsInJlcXVlc3RpbmdJUCI6IjEwMC45Mi4yMDQuMjI0IiwiYXBwTW9kZSI6IkFQUExJQU5DRVMiLCJhcGlVc2FnZU1vZGUiOiJSZXN0IiwiaW5zdGFuY2VJRCI6ImI1dk1IbC9iRk5Ld0FmMkpqQUpzQjRURXVxQURsZmF5NGVHWHNXNWZOUDl0WFpPYVhzemdCS0c0YXdJdlU1OEpWUXdxbnVpNnpDNnRLWkpWeVE1UWVRPT0iLCJ0b2tlblR5cGUiOiJBQ0NFU1MiLCJ1dWlkIjoiNTE1OTcwZGItMjVjMi00YmY1LWIwNDQtZWE2NmE0MGNlNGJhIiwiaWF0IjoxNjY2MTk1OTk4LCJleHAiOjE2NjYxOTc3OTh9.jT2W1LfDfK--DRHvGMATQ1Nh_cIm9wHqMbxCpLMg1ok",
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
October 19th, 2022 11:00
Androo_Ericsson,
Looking at the configuration, and since you are trying to specify using an AD account instead of local, you will need to leave domain out entirely for local.
So you just need to change this part to this
Let me know if this helps.
Androo_Ericsson
4 Posts
0
October 20th, 2022 04:00
Hi!
We have an ldap with the displayname "company.com" So i can not authenticate using local.
When we log in with the webui. Then i choose the LDAP-company.com domain.
I have tried using a local account without a domain but that does not work either.
br
Andrija
Androo_Ericsson
4 Posts
0
October 24th, 2022 05:00
Ah thanks. So my base URI was wrong and in python the credential data has to passed in the requests json param and not data.
Example:
Could not have figured it out without your curl example. Thanks!