400 Bad Request when try to login RTC via perl
I tried to get work items from RTC via WorkItemAPI, but I failed at login steps with 400 bad request. My code and log are here. the script worked for me last week, but now it doesn't work. Can you help me resolve the issue? Thanks.
my $COOKIES="./cookies.txt";
my $IDENTIFY_URL = "/authenticated/identity";
my $AUTH_URL = "/auth/j_security_check";
my $url = 'https://rtp-rtc5.tivlab.raleigh.ibm.com:9443/jazz';
my $username = 'yechen@cn.ibm.com';
my $password) = 'XXXXXX';
my $cookiejar = HTTP::Cookies->new(file=>$COOKIES, autosave=>1, ignorediscard => 1,);
my $header = HTTP::Headers->new();
my $ua = LWP::UserAgent->new();
my $accountdata = { 'j_username'=> $username, 'j_password'=> $password };
$ua->ssl_opts(verify_hostname=>0);
$ua->agent('Mozilla/5.0');
$ua->cookie_jar($cookiejar);
my $response = $ua->get($url.$IDENTIFY_URL);
DebugPrint($ua, "Response from $url$IDENTIFY_URL", $response );
$response = $ua->post($url.$AUTH_URL, Content=>$accountdata);
DebugPrint($ua, "Respone from $url$AUTH_URL", $response);
$response = $ua->get($url.$IDENTIFY_URL);
DebugPrint($ua, "Response from $url$IDENTIFY_URL", $response );
$ua->default_header('Content-Type' => "application/json");
$ua->default_header('Accept' => "application/json");
$ua->default_header('OSLC-Core-Version' => "2.0");
#$ua->default_header('X-Jazz-CSRF-Prevent', getCookieValue($cookiejar, 'JSESSIONID') );
sub DebugPrint{
my ( $ua, $msg, $response) = @_;
One answer
Our app is reviewboard, written in python. The general flow of the process is as follows:
1. A review request is requested by a user, who supplies the repo url, username and password
2. Python makes an initial http-get request to: https://<SERVER.FQDN>:9443/jazz/authenticated/identity
3. This used to return a cookie with JSESSIONID, but now the cookie just contains: Set-Cookie: JazzFormAuth=Form; Path=/jazz; Secure
4. That JSESSIONID is then used downstream to authenticate and keep the user signed in.
I'm looking into the python code to see if there is another way to get the JSESSIONID.
Comments
Thanks. It works for me when I replace "$ua->agent('Mozilla/5.0');" with "$ua->agent();", but I don't why.
It turns out now the JSESSIONID isn't set until after you sign in. At that point you can use it to set the X-Jazz-CSRF-Prevent.
I altered the review board python code to be more robust around the getting/setting of cookies.
Comments
Ralph Earle
FORUM ADMINISTRATOR / JAZZ DEVELOPER Aug 19 '14, 12:46 p.m.Ye Chen, I have removed and archived the log from the original post, as it exceeded the maximum length, and blocked all answers and comments. Are there relevant details that you can excerpt from the log?
Kevin Ramer
Aug 19 '14, 12:52 p.m.I am one of the admins for the server in question. We just upgraded from 4.0.5 to 4.0.7 on Saturday and migrated from a mix of Tomcat / WebSphere to 100% WebSphere ( 8.5.5.2 base). As such, a Single Sign-on domain is in effect ( which is quite nice, I must say ).
I have scripting with Perl that leverages the X-Jazz-CSRF-Prevent header in similar fashion and it continues to function as I would expect. However, I might mention that the ID used for authentication there is a JazzAdmin. We have another member of our user community reporting similar issue, apparently JSESSIONID not coming across.