Clarity Service Management

Expand all | Collapse all

Connection problem via CA sdm REST API

Jump to Best Answer
  • 1.  Connection problem via CA sdm REST API

    Posted 08-10-2017 12:38 PM

    Hello;
    I am trying to connect to CA sdm via the REST API using a secret key and an access key that I generate on sdm ca. I use the hash algorithm HmacSHA1 but it returns the code 500

     

    Response status code: 201
    Response body:
    {"rest_access":{"@id":"400626","@REL_ATTR":"400626","@COMMON_NAME":"349510855","link":{"@href":"http:\/\/vnasdmt9:8050\/caisd-rest\/rest_access\/400626","@rel":"self"},"access_key":349510855,"expiration_date":1502987715,"secret_key":"EC22DFC022274FAC02E47526781FD47A34181FAD"}}
    AccessKey: 349510855
    SecretKey EC22DFC022274FAC02E47526781FD47A34181FAD
    signature: n%2BeNGwwEEmlMdeaYrToYakTviqo%3D
    Execute GET request for http://vnasdmt9:8050/caisd-rest/cnt
    Response status code: 500
    Response body:
    <ns1:XMLFault xmlns:ns1=" xmlns:ns1="com.ca.ServicePlus.rest.framework.service.exception.UnauthorizedExceptionhttp://cxf.apache.org/bindings/xformat">com.ca.ServicePlus.rest.framework.service.exception.UnauthorizedException</ns1:faultstring></ns1:XMLFault>

     

     



  • 2.  Re: Connection problem via CA sdm REST API

    Posted 08-10-2017 02:16 PM

    Hello THinhinane,

     

    Can you try using below header with the access key you obtained from the login call earlier?

    X-AccessKey=349510855

     

    You may also need to request the attributes by X-Obj-Attrs  header  

     

    GET /caisd-rest/grpmem HTTP/1.1 Host: localhost Accept: application/xml X-Obj-Attrs: *

     

    Ref: REST HTTP Methods - CA Service Management - 14.1 - CA Technologies Documentation 

     

    Hope this helps

     

    thx

    _R



  • 3.  Re: Connection problem via CA sdm REST API

    Posted 08-10-2017 02:34 PM

    Here is the header, I specify the key that I get and the signature also:

     

            Map <String, String> HeadersToSign = new HashMap<String, String>(); 

            HMACUtil hmacUtil = new HMACUtil(SecretKey);
            String signature = hmacUtil.signHeader("GET", resourceURI, HeadersToSign);

            GetMethod get = new GetMethod(endpointGET);
            get.addRequestHeader("Accept" , "application/xml");
            get.addRequestHeader("Authorization", "SDM " + AccessKey + ":" + signature);
            get.addRequestHeader("X-Obj-Attrs" , "userid, last_name");

     

    Here is the error that it returns in the file of the log: 
    08/10 11:25:17.165 [http-bio-8050-exec-2] ERROR CustomAuthenticator 122 Authorization Failed for Custom Authentication. HMAC values do not match.

     



  • 4.  Re: Connection problem via CA sdm REST API

    Posted 09-28-2017 02:10 PM

    Hey THinhinane,

     

    Is this still an issue for you? If so, I would recommend opening a support case so that an engineer can better assist you with this problem via webex/phone.

     

    Regards, 

    Brandon Persad



  • 5.  Re: Connection problem via CA sdm REST API

    Posted 10-01-2017 05:39 PM

     

     

    Hello,

     

          the problem is solved, I had the necessary help.

     

    Thank you

     

    Thin_hinane



  • 6.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 03:05 AM

    Hi Thinhianane,

    Glad to see that this has been fixed.

    Will you share the root cause with the community here in case someone run the same issue in the future

    Thanks,

    /J



  • 7.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 07:13 AM
      |   view attached

     

    Hello;

    ok I will do it with pleasure

    Have a good day

     

    De : jmayer

    Envoyé : 2 octobre 2017 03:05

    À : Thinhinane Alliche <Thinhinane.Alliche@education.gouv.qc.ca>

    Objet : Re:  - Re: Connection problem via CA sdm REST API

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Connection problem via CA sdm REST API

     

    reply from JEROME MAYER<https://communities.ca.com/people/jmayer?et=watches.email.thread> in CA Service Management - View the full discussion<https://communities.ca.com/message/242011287-re-connection-problem-via-ca-sdm-rest-api?commentID=242011287&et=watches.email.thread#comment-242011287>



  • 8.  Re: Connection problem via CA sdm REST API
    Best Answer

    Posted 10-02-2017 07:47 AM

    Hello:

    My connection problem is set. I decided to use the way I'm going to scale in the following example:

     

    Step 1: Obtain a security key using a valid user ID and password (ADMIN)

    Here is the class that can do it:

     

    see attached file AccessKey.txt

     

    Step2: Send requests to the server with the key obtained in the header

    Example of method:

     

    see attached file Method.txt

     

    De : jmayer

    Envoyé : 2 octobre 2017 03:05

    À : Thinhinane Alliche <Thinhinane.Alliche@education.gouv.qc.ca>

    Objet : Re: - Re: Connection problem via CA sdm REST API

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Connection problem via CA sdm REST API

     

    reply from JEROME MAYER<https://communities.ca.com/people/jmayer?et=watches.email.thread> in CA Service Management - View the full discussion<https://communities.ca.com/message/242011287-re-connection-problem-via-ca-sdm-rest-api?commentID=242011287&et=watches.email.thread#comment-242011287>

    Attachment(s)

    zip
    Method.txt.zip   558B 1 version
    zip
    AccessKey.txt.zip   1K 1 version


  • 9.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 08:14 AM

    Thanks for sharing

    You finally decided to use basic authentication in stead of a more robust use cert.

    Make sure that you at less use SSL connection to the restURL to avoid sniffing of the credentials.

    /J



  • 10.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 08:29 AM

    Thanks Jerome! @Thinhinane  are you all set on this one?  Can we mark it as answered?

    Thanks!
    Jon I.



  • 11.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 08:54 AM

    Jon_Israel, Yes, for my part, the problem is solved!

    thank you

    Tina



  • 12.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 08:51 AM

    yes, I used the basic connection because the information only circulates on our internal network, so I do not find it necessary to use the hash algorithm in this case, but otherwise I will have been safer



  • 13.  Re: Connection problem via CA sdm REST API

    Posted 10-02-2017 09:00 AM

    HI Thinhinane,

    either if only internal  I will strongly recommend to use SSL for you REST URL when using basic as any one having access to you internal network may easily have access to retrieve the credential if not the case yet.

    In fact best practice will say that any credentials must never be transported in clear text for any reason.

    My 2 cents

    /J



  • 14.  Re: Connection problem via CA sdm REST API

    Posted 11-09-2017 03:38 AM

    Hi Jerome, on this topic just one query. What is the default 'expiry duration' for the REST API access_key? I read somewhere 168 hours, can you pls confirm? Thanks!