Data Center Security

Hello champions of all things DCS!

I'm looking at the DCS:SA REST API to solve some of my woes. I was hoping someone out there has done this before and can help me with my issue. As I understand it, this is the process for using the REST API:

1. Grab a token from the UMC

2. Run the REST API using the token as your credential (for up to 30 minutes)

3. Profit.

When I try to connect to my 6.7 server to grab the token, I get:

HTTP Status 405 - Request method 'GET' not supported

type Status report

message Request method 'GET' not supported

description The specified HTTP method is not allowed for the requested resource.

Symantec Data Center Security Server Manager

I'm using chrome for this but the same thing happens when I try it using Powershell's Invoke-WebRequest cmdlet. Weirdly when I change the method to options it tells me: Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS

Any idea what I might be doing wrong here?

Can I suggest using Postman as a client to test REST APIs,

https://www.getpostman.com/

I played about with the APIs in 6.5 SA using the Workflow REST Generator and I was using the API guides from

https://<localhost>:4443/sis-ui/api

See this Help Document for steps.

Thanks for the response Alex.

I've read that documentation but I'm not even up to that part yet. I'm having issues generating the temporary token you use to connect up to the REST API. Even if I am using postman for the REST API client, I'll need to generate the token first.

I'm also stuck at generating the intial/temp token.

Did these steps fail:

Generating the Unified Management Console authorization token

To generate UMC authorization token

1. In Chrome web browser, enter the following URL and change the UMC_IP to appropriate UMC IP hostname.

   https://UMC_IP:8443/umcservices/rest/v1.0/auth/token

2. Accept the security certificate and proceed to UMC (unsafe mode).

3. In the REST client app, enter the following URL.

   https://UMC_IP:8443/umcservices/rest/v1.0/auth/token

4. Select the HTTP method as POST.

5. Change the format to Raw and select JSON for the request.

6. In the text box, enter the following JSON.

   {"username":"<Enter the user name>","password":"<Enter the password>"}

   The password for dcsadmin is the one specified while deploying UMC. In case of an AD user, the username is domain alias name\\username and the password is the configured AD password for that user.

7. Click Send to execute the API.

   UMC authorization token is generated.

I get "HTTP Status 405 - Request method 'GET' not supported" when trying to hit the link

Just as Brian says, I get a fail at step 1. HTTP Status 405 - Request method 'GET' not supported.

I spoke to support about this. The solution is just to ignore steps 1 and 2 of the instructions (if they don't work). It'll work just fine without those steps.

That's good to know, hope they add it to the help pages!

Are you able to share what you are planning to do with the API, just curious?

The below Powershell code will grab the token too

# Change the user name, password and host variables to match your environment.
$UmcUser = "mydomian\umcadmin"
$UmcPassword = "MyInscrutablePassword"
$UmcHostname = "10.10.2.81"

$URI = "https://" + $UmcHostname + ":8443/umcservices/rest/v1.0/auth/token"
$Body = ConvertTo-Json @{username= $UmcUser; password= $UmcPassword}

$UmcToken = (Invoke-RestMethod $URI -ContentType application/json -Body $Body -Method Post).accessToken

Looking to remove assets from the database automatically as part of the decommissioning process. My client has a private cloud where virtual nodes are replaced frequently so baking removal into the process will help them out a lot. 

I've updated the script to be a bit more useful. The version below will save the token and the expiry into XML so that you can access them from other scripts. It will also import the XML and check to see if the token is expired before generating a new one. Choice!

The script below will check to see if your code has expired before asking for a new one. It'll also print out the action taken and the token. Yay!

$UmcUser = "mydomain\myumccreds" #<---Enter the UMC user name with permission to generate a token!
$UmcPassword = "MyInscrutablePassword" #<---Enter the password for the user above!
$UmcHostname = "10.10.2.81"#<---Enter the hostname for the SEPM hosting UMC!
$AccessTokenXml = '.\AccessToken.xml'#<--- This is where we save the token so you can use it outside of this script.
$TokenExpiryXml = '.\TokenExpiry.xml'#<--- This is where we save the token used by date.
function GenerateToken #<--- this is what actually generates the token!
    {$URI = "https://" + $UmcHostname + ":8443/umcservices/rest/v1.0/auth/token" #<--- Token generation URL of the UMC
    $Body = ConvertTo-Json @{username= $UmcUser; password= $UmcPassword} #<--- Building the credentials up in JSON format
    $UmcToken = Invoke-RestMethod $URI -ContentType application/json -Body $Body -Method Post #<--- Generation of the token
    $AccessToken = $UmcToken.accessToken #<--- The actual token
    $TokenExpiry = (Get-Date).AddSeconds($UmcToken.expiresIn)#<--- Working out when the token expires for later use.
    Write-Host "Token: $AccessToken"
    Write-Host "Valid until: $TokenExpiry"
    $AccessToken | Export-Clixml $AccessTokenXml #<--- Here we pop the token into an XML file for later use
    $TokenExpiry | Export-Clixml $TokenExpiryXml #<--- Same for the expiry date of the token
    }
    
If
    ((Test-Path $AccessTokenXml) -and (Test-Path $TokenExpiryXml)) #<--- First we check if we've saved the token and expiry date in xml before
    {$TokenExpiry = (Import-Clixml $TokenExpiryXml)#<--- If we have, we'll import the expiry date to check if it's lapsed
    If
        ($TokenExpiry -le $(Get-Date)){Write-Host "Token expired: Generating new token" #<--- That token is expired. Gross!
        GenerateToken}

    else {$AccessToken = (Import-Clixml $AccessTokenXml)#<--- Token is still fresh. Let's pull it out of the XML and make it available in $AccessToken
    Write-Host "Existing token $AccessToken valid until $TokenExpiry"}
    }
else {"No token found: Generating token" #<--- No XML found so let's generate from scratch.
GenerateToken}

Attachment(s)

Generate-Token_0.zip   1 KB 1 version

This is to be expected as it turns out. I bet you have a valid certificate for your UMC. The help docs assume that you are using an untrusted certificate for the UMC.

We do not :)