Skip to main content
Start a Conversation

Solved!

Go to Solution

Androo_Ericsson

4 Posts

973

October 19th, 2022 01:00

Secure Connect Gateway 5.12 rest API authentication not working

Hi,

I am trying to use python and its requests lib to automate some tasks of assigning devices to specific groups.

I have looked at the documentations (https://www.dell.com/support/manuals/sv-se/secure-connect-gateway/scg_rest_api_guide/user-authentication?guid=guid-255f66c6-65b2-4d79-85b1-36a9d0d474d8&lang=en-us)

But this does not work.
When i try to request a token with the way they refer to (Authenticate user by generating a JSON Web Token (JWT))
It just complains that my header lacks "authentication" headers.

here is what my test code looks like:

 

 

 

import requests
from pprint import pprint
import jwt



base_url = "https://:5700"

proxies = {
    "http": "",
    "https": "",
}

token_body = {
        "domain": "domain.se",
        "username": "username",
        "password": "password"
    }


# attemt 1
def get_token():
    url = base_url + "/v2/auth/token"
    token = jwt.encode(payload=token_body, key="secret")
    headers = {
        "Accept": "application/json",
        "Content-type": "application/json",
        "Authorization": "Bearer " + token
    }
    response = requests.post(url, headers=headers, proxies=proxies, verify=False)
    data = json.loads(response.text)
    # pprint(data)

# attempt 2
def basic_auth():
    url = base_url + "/v2/auth/token"
    headers = {
        "Content-type": "application/json",
        "Accept": "application/json"}
    response = requests.post(url, headers=headers, auth=("domain\\username", "password"), data=token_body, proxies=proxies, verify=False)
    data = json.loads(response.text)
    pprint(data)

# attempt 3
def basic_auth2():
    url = base_url + "/v2/auth/token"
    headers = {
        "Content-type": "application/json",
        "Accept": "application/json"}
    response = requests.post(url, headers=headers, data=token_body, proxies=proxies, verify=False)
    data = json.loads(response.text)
    pprint(data)

def main():
    print("-----jwt-----")
    get_token()

    print("-----Basic auth------")
    basic_auth()

    print("-----Basic auth 2------")
    basic_auth2()
    

if __name__ == "__main__":
    main()

 

 

 

 

 

 get_token() Results:

 

 

 

{'code': 'SAE-080011',
 'details': {'additionalErrors': [],
             'additionalInfo': {},
             'detailedDescription': '',
             'responseAction': ''},
 'message': 'This session timed out. Refresh and try again.',
 'type': 'ERROR'}

 

 

 

 

 

basic_auth() Results:

 

 

 

{'code': 'SAE-080003',
 'details': {'additionalErrors': [],
             'additionalInfo': {},
             'detailedDescription': '',
             'responseAction': ''},
 'message': "We couldn't continue with this authorization key. Enter a new "
            'key, then try again.',
 'type': 'ERROR'}

 

 

 

 

 

basic_auth2() Results:

 

 

 

{'code': 'SAE-080002',
 'details': {'additionalErrors': [],
             'additionalInfo': {},
             'detailedDescription': '',
             'responseAction': ''},
 'message': 'Authorisation Header is missing!',
 'type': 'ERROR'}

 

 

 

 

 

None of the methods work and the documentation seems to be wrong about sending the credentials via the body since it only seems to care about my authentication header.

To summarize my main questions.
1. Which method is the right one?
2. What am i missing?
3. In the first method the secret key in the jwt.encode(key=?).. Where do i get that from or what is that? Im not familiar with jwt's..

 And yes, API is enabled in the settings

DELL-Chris H

Moderator

 • 

8.8K Posts

October 20th, 2022 13:00

Andrija,

 

 

What you can do is try manually running cURL

 

For example. 

 

[root@localhost ~]# Auth=$(curl -k -d '{"username":"admin","password":"password"}' -H 'Content-Type: application/json' https://SCG:5700/SupportAssist/api/v2/auth/token 2>/dev/null | grep "accessToken" | head -1)
[root@localhost ~]# echo $Auth
"accessToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwicm9sZSI6IlNDR0FkbWlucyIsInJlcXVlc3RpbmdJUCI6IjEwMC45Mi4yMDQuMjI0IiwiYXBwTW9kZSI6IkFQUExJQU5DRVMiLCJhcGlVc2FnZU1vZGUiOiJSZXN0IiwiaW5zdGFuY2VJRCI6ImI1dk1IbC9iRk5Ld0FmMkpqQUpzQjRURXVxQURsZmF5NGVHWHNXNWZOUDl0WFpPYVhzemdCS0c0YXdJdlU1OEpWUXdxbnVpNnpDNnRLWkpWeVE1UWVRPT0iLCJ0b2tlblR5cGUiOiJBQ0NFU1MiLCJ1dWlkIjoiNTE1OTcwZGItMjVjMi00YmY1LWIwNDQtZWE2NmE0MGNlNGJhIiwiaWF0IjoxNjY2MTk1OTk4LCJleHAiOjE2NjYxOTc3OTh9.jT2W1LfDfK--DRHvGMATQ1Nh_cIm9wHqMbxCpLMg1ok",

 

DELL-Chris H

Moderator

 • 

8.8K Posts

October 19th, 2022 11:00

Androo_Ericsson,

 

Looking at the configuration, and since you are trying to specify using an AD account instead of local, you will need to leave domain out entirely for local.

So you just need to change this part to this

"domain": "https://dell.to/3VB8A9D"

Let me know if this helps.

 

Androo_Ericsson

4 Posts

October 20th, 2022 04:00

Hi!

We have an ldap with the displayname "company.com" So i can not authenticate using local. 
When we log in with the webui. Then i choose the LDAP-company.com domain. 

I have tried using a local account without a domain but that does not work either. 

br

Andrija 

Androo_Ericsson

4 Posts

October 24th, 2022 05:00

Ah thanks. So my base URI was wrong and in python the credential data has to passed in the requests json param and not data. 
Example: 

def basic_auth():
    url = base_url + "/SupportAssist/api/v2/auth/token"
    headers = {"Content-Type": "application/json"}
    response = requests.post(url, headers=headers, json=creds, proxies=proxies, verify=False)

 
Could not have figured it out without your curl example. Thanks! 

View More

View All

No Events found!

Top