It's all about the answers!

Ask a question

RTC REST: Getting authrequired even when sending user/password

Phillip Viana (1126) | asked Jun 03 '16, 3:10 p.m.

I am trying to access basically functionality in Jazz using curl. I am sending my user and password (Basic Auth) and I get "authrequired" even though I'm sure the credentials are correct. Any thoughts?

$ curl -i -k -u myuser:mypwd "https://myserver:9443/jazz/whoami"
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Wed, 31 Dec 1969 18:00:00 CST
Set-Cookie: JSESSIONID=E5A6248CA48EB036B0704AEAF2A2A970; Path=/; Secure; HttpOnly
X-com-ibm-team-repository-web-auth-msg: authrequired
Location: https://myserver:9443/jazz/secure/authenticated/identity?redirectPath=%2Fjazz%2Fwhoami
Content-Length: 0
Date: Fri, 03 Jun 2016 19:07:39 GMT

One answer

permanent link
sam detweiler (12.5k6189201) | answered Jun 03 '16, 3:46 p.m.
edited Jun 03 '16, 3:46 p.m.
Its a two pass process.. the 1st pass gets the session cookie (and the Auth required)
the second pass USES the cookie..

here is a little curl script (windows)

set COOKIES=.\cookies.txt

set USER=uuuu
set PASSWORD=ppppp
set HOST=https://localhost:9446

rem get the session cookie
curl -k -c %cookies% "%host%/jts/authenticated/identity" >nul

rem use the session cookie to logon
curl -k -L -b %COOKIES% -c %COOKIES% -d j_username=%USER% -d j_password=%PASSWORD% %host%/jts/authenticated/j_security_check >nul

rem use the cookie to get the catalog
curl -k -L -b %COOKIES% -H "Accept: application/xml" %host%/ccm/oslc/workitems/catalog

curl -k -L -b %COOKIES% -H "Accept: application/xml" %host%/ccm/oslc/contexts/_GYeCsFT4EeKDJbr7x3deog/workitems/services.xml

curl -k -L -b %COOKIES% -H "Accept: application/xml" %host%/ccm/oslc/contexts/_GYeCsFT4EeKDJbr7x3deog/workitems

set o="curl -k -L -b %COOKIES% %host%/ccm/rpt/repository/workitem?fields=workitem/workItem/itemHistory\[modifiedBy/name='sam'\]/(stateId|predecessor|state/name|modified|modifiedBy/name|modified)"
echo %o%

Phillip Viana commented Jun 03 '16, 4:01 p.m.

Thanks for the answer Sam. 

I followed your steps and I was able to get the cookies and verified that the cookie file contains new information after the call to jts/authenticated/identity.

However, on the second step (authentication) I'm getting a 408 Request timeout.

Your answer

Register or to post your answer.