Observed unknow behavior while using REST-Service url with curl script in IBM ALM server
Our developer teams have provided one REST service url (syntax below) to get the components details from the stream:
This service has been deployed on alm-007 server and alm-008 server. So, the service is available on both server. And the above Rest service call, I am call on command prompt with below script. set USER=ABC set PWD=**** set COOKIES=cookies.txt curl.exe -k -c %COOKIES% https:// alm-007/cm/authenticated/identity curl.exe -k -L -b %COOKIES% -c %COOKIES% -d j_username=%USER% -d j_password=%PWD% https:// alm-007/cm /authenticated/j_security_check curl.exe -k -b %COOKIES% "https:// alm-007/cm/service/ service/xyz.server.scm.metadata.IPersistWorkspaceMetadataService?StreamName=PQR_JKL-FS_Stream1&SnapshotName= PQR_JKL-FS_Snapshot1" -o output.txt With alm-007 server the above script is working fine, all the information I can see on the generated output.txt file. But in case of alm-008 server same script is not working. Its say authfailed. Response script from server in command prompt
<html>
<script type="text/javascript">
/ <![CDATA[ /
</html>
What will be region for this. I couldn’t be able to understand the behavior of server. Or Is my approach is wrong ? Note : Both the server has SSO. |
One answer
You receive this response when you are not correctly sending Authentication information to the API. I have two blog posts that explain both Oauth1.0a and OIDC authentication with ELM servers... Here's OIDC - API Authentication Method in ELM – OIDC and here's OAuth1.0a API Authentication Method in ELM – Oauth 1.0a Comments
Raj Kumar
commented May 03 '23, 2:30 a.m.
But how come its working for one server address and for another doesn't. In above example for alm-007 its working but for alm-008 its not working, with same user id and similar kind of server setup.
The authentication code looks suspiciously like you are trying to use form based authentication and not SSO.
Ian Barnard
commented May 05 '23, 7:46 a.m.
| edited May 05 '23, 8:57 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I'm not aware that the curl approach is unviable (i.e. if it works it works), but AFAIK this sequence only works for Liberty FORM authentication, this two-step method GET then POST does the essential steps same as your browser with curl being told to follow 302 redirects on the POST by option -L
Raj Kumar
commented May 09 '23, 7:51 a.m.
Using of Curl/Postman make any difference? It is all about authenticated only.
If I look in ALM user profile management in both the server. I can only found one difference that is , its shows below message on the top of user profile in alm-08 server.
"Because this server is connected to an external user registry, some user details including User ID, E-Mail Address, and Repository Permissions are read-only. To modify these read-only details, you must make the changes in the external user registry" Is this can be a region for this issue?
Ralph Schoon
commented May 09 '23, 8:15 a.m.
| edited May 09 '23, 8:19 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
You need to be authenticated to do the next steps. You can Firefox RESTClient to authenticate and then do the next calls. This makes it easy to ignore the complexity of authentication. But you still do not know how to execute it in cURL.
The information above means that the system in question is using LDAP or JAS or another external system for the authentication. If this is different for both systems it is very likely that this is the reason for the authentication issue. It is absolutely possible that the other system has a different password than the first one. Log in for the different servers to make sure it is not the password.
Ralph Schoon
commented May 09 '23, 8:20 a.m.
| edited May 09 '23, 8:21 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Note, even if the password is correct and the same for each system, if the one server uses Form Based Authentication and the other uses SSO or another of the supported options, you would need to use different authentication options in cURL.
Ian Barnard
commented May 09 '23, 11:28 a.m.
| edited May 09 '23, 11:28 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
You might find out something about the authentication sequence for each server by recording a HAR file in your browser while logging in, and (manually) comparing the sequences looking for major differences.
Ralph Schoon
commented May 09 '23, 12:28 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Google is also always a good idea. Maybe these help:
showing 5 of 8
show 3 more comments
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.