• State Suggested Answer
  • Locked Locked
  • Replies 19 replies
  • Answers 1 answer
  • Subscribers 97 subscribers
  • Views 16335 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rest API on 7.1 cannot authenticate

michele.polizio
over 7 years ago

Hi all,

I'm trying to access my IM through web  API:

if I get  appserver/authmodules

it returns

 
Id Caption Password Based Is Default
RoleBasedManualADS Active Directory user account (manual input/role based) false false
RoleBasedADSAccount Active Directory user account (role based) false false
DialogUser System user false true
RoleBasedPerson Employee (role based) false false
ADSAccount Active Directory user account false false
DynamicPerson Employee (dynamic) false false

I'm trying to use the DialogUser method

in the follow way:

calling auth/apphost

with in the body the following json as decribed in the documentation:

{"authString":"Module=DialogUser;User=*SystemUsername*;Password=*SystemUserPassword*"}

 

but I get a 401 - Unauthorized: Access is denied due to invalid credentials

 but the user is an admin user and has all the privileges.

Should I enabled the user to something?

 

Thanks Mik

Parents
  • 0 over 7 years ago
    Hi Mik,
    Here is a PoSH script that you can use to test. The only thing I see different is adding the accept header:


    #Demo script for using One Identity Manager
    cls

    $BaseURL = "ServerName/D1IMAppServer"
    $AuthString = "Module=DialogUser;User=*systemUSer*;Password=*Password*"

    #This is the auth URL for the web service.
    $AuthURL = "$BaseURL/auth/apphost"

    #You could do this as a string literal, but I like to build a dictionary in case we need to add more later
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add('Accept', 'application/json')

    #The body of the initial post needs to contain the authorization string.
    $AuthBody = ConvertTo-Json(@{authString = $AuthString})

    #Post the body. $response will have detail about the session.
    #It's critical that you pass the name of a varialble to hold the session.
    Try
    {
    Invoke-RestMethod -Uri $AuthURL -Method Post -Headers $headers -ContentType 'application/json' -Body $authBody -SessionVariable theSession
    }
    Catch
    {
    'Error authenticating to' + '$BaseURL: ' + $_.Exception.Message
    Break
    }

    #Now you can do whatever you want. Makes sure that you pass $theSession as a -WebSession in subsequent calls.
Reply
  • 0 over 7 years ago
    Hi Mik,
    Here is a PoSH script that you can use to test. The only thing I see different is adding the accept header:


    #Demo script for using One Identity Manager
    cls

    $BaseURL = "ServerName/D1IMAppServer"
    $AuthString = "Module=DialogUser;User=*systemUSer*;Password=*Password*"

    #This is the auth URL for the web service.
    $AuthURL = "$BaseURL/auth/apphost"

    #You could do this as a string literal, but I like to build a dictionary in case we need to add more later
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add('Accept', 'application/json')

    #The body of the initial post needs to contain the authorization string.
    $AuthBody = ConvertTo-Json(@{authString = $AuthString})

    #Post the body. $response will have detail about the session.
    #It's critical that you pass the name of a varialble to hold the session.
    Try
    {
    Invoke-RestMethod -Uri $AuthURL -Method Post -Headers $headers -ContentType 'application/json' -Body $authBody -SessionVariable theSession
    }
    Catch
    {
    'Error authenticating to' + '$BaseURL: ' + $_.Exception.Message
    Break
    }

    #Now you can do whatever you want. Makes sure that you pass $theSession as a -WebSession in subsequent calls.
Children
No Data