CA Service Management

  • Private Community
Back to discussions
Expand all | Collapse all

Connection problem via CA sdm REST API

  • 1.  Connection problem via CA sdm REST API

    Posted Aug 10, 2017 12:38 PM

    Hello;
    I am trying to connect to CA sdm via the REST API using a secret key and an access key that I generate on sdm ca. I use the hash algorithm HmacSHA1 but it returns the code 500

     

    Response status code: 201
    Response body:
    {"rest_access":{"@id":"400626","@REL_ATTR":"400626","@COMMON_NAME":"349510855","link":{"@href":"http:\/\/vnasdmt9:8050\/caisd-rest\/rest_access\/400626","@rel":"self"},"access_key":349510855,"expiration_date":1502987715,"secret_key":"EC22DFC022274FAC02E47526781FD47A34181FAD"}}
    AccessKey: 349510855
    SecretKey EC22DFC022274FAC02E47526781FD47A34181FAD
    signature: n%2BeNGwwEEmlMdeaYrToYakTviqo%3D
    Execute GET request for http://vnasdmt9:8050/caisd-rest/cnt
    Response status code: 500
    Response body:
    <ns1:XMLFault xmlns:ns1="<ns1:faultstring" rel="nofollow" target="_blank">http://cxf.apache.org/bindings/xformat"><ns1:faultstring xmlns:ns1="com.ca.ServicePlus.rest.framework.service.exception.UnauthorizedException</ns1:faultstring></ns1:XMLFault" rel="nofollow" target="_blank">http://cxf.apache.org/bindings/xformat">com.ca.ServicePlus.rest.framework.service.exception.UnauthorizedException</ns1:faultstring></ns1:XMLFault>

     

     



  • 2.  Re: Connection problem via CA sdm REST API

    Broadcom Employee
    Posted Aug 10, 2017 02:16 PM

    Hello THinhinane,

     

    Can you try using below header with the access key you obtained from the login call earlier?

    X-AccessKey=349510855

     

    You may also need to request the attributes by X-Obj-Attrs  header  

     

    GET /caisd-rest/grpmem HTTP/1.1 Host: localhost Accept: application/xml X-Obj-Attrs: *

     

    Ref: REST HTTP Methods - CA Service Management - 14.1 - CA Technologies Documentation 

     

    Hope this helps

     

    thx

    _R



  • 3.  Re: Connection problem via CA sdm REST API

    Posted Aug 10, 2017 02:34 PM

    Here is the header, I specify the key that I get and the signature also:

     

            Map <String, String> HeadersToSign = new HashMap<String, String>(); 

            HMACUtil hmacUtil = new HMACUtil(SecretKey);
            String signature = hmacUtil.signHeader("GET", resourceURI, HeadersToSign);

            GetMethod get = new GetMethod(endpointGET);
            get.addRequestHeader("Accept" , "application/xml");
            get.addRequestHeader("Authorization", "SDM " + AccessKey + ":" + signature);
            get.addRequestHeader("X-Obj-Attrs" , "userid, last_name");

     

    Here is the error that it returns in the file of the log: 
    08/10 11:25:17.165 [http-bio-8050-exec-2] ERROR CustomAuthenticator 122 Authorization Failed for Custom Authentication. HMAC values do not match.

     



  • 4.  Re: Connection problem via CA sdm REST API

    Posted Sep 28, 2017 02:10 PM

    Hey THinhinane,

     

    Is this still an issue for you? If so, I would recommend opening a support case so that an engineer can better assist you with this problem via webex/phone.

     

    Regards, 

    Brandon Persad



  • 5.  Re: Connection problem via CA sdm REST API

    Posted Oct 01, 2017 05:39 PM

     

     

    Hello,

     

          the problem is solved, I had the necessary help.

     

    Thank you

     

    Thin_hinane



  • 6.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 03:05 AM

    Hi Thinhianane,

    Glad to see that this has been fixed.

    Will you share the root cause with the community here in case someone run the same issue in the future

    Thanks,

    /J



  • 7.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 07:13 AM
      |   view attached

     

    Hello;

    ok I will do it with pleasure

    Have a good day

     

    De : jmayer

    Envoyé : 2 octobre 2017 03:05

    À : Thinhinane Alliche <Thinhinane.Alliche@education.gouv.qc.ca>

    Objet : Re:  - Re: Connection problem via CA sdm REST API

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Connection problem via CA sdm REST API

     

    reply from JEROME MAYER<https://communities.ca.com/people/jmayer?et=watches.email.thread> in CA Service Management - View the full discussion<https://communities.ca.com/message/242011287-re-connection-problem-via-ca-sdm-rest-api?commentID=242011287&et=watches.email.thread#comment-242011287>



  • 8.  Re: Connection problem via CA sdm REST API
    Best Answer

    Posted Oct 02, 2017 07:47 AM

    Hello:

    My connection problem is set. I decided to use the way I'm going to scale in the following example:

     

    Step 1: Obtain a security key using a valid user ID and password (ADMIN)

    Here is the class that can do it:

     

    see attached file AccessKey.txt

     

    Step2: Send requests to the server with the key obtained in the header

    Example of method:

     

    see attached file Method.txt

     

    De : jmayer

    Envoyé : 2 octobre 2017 03:05

    À : Thinhinane Alliche <Thinhinane.Alliche@education.gouv.qc.ca>

    Objet : Re: - Re: Connection problem via CA sdm REST API

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Connection problem via CA sdm REST API

     

    reply from JEROME MAYER<https://communities.ca.com/people/jmayer?et=watches.email.thread> in CA Service Management - View the full discussion<https://communities.ca.com/message/242011287-re-connection-problem-via-ca-sdm-rest-api?commentID=242011287&et=watches.email.thread#comment-242011287>

    Attachment(s)

    zip
    Method.txt.zip   558 B 1 version
    zip
    AccessKey.txt.zip   1 KB 1 version


  • 9.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 08:14 AM

    Thanks for sharing

    You finally decided to use basic authentication in stead of a more robust use cert.

    Make sure that you at less use SSL connection to the restURL to avoid sniffing of the credentials.

    /J



  • 10.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 08:29 AM

    Thanks Jerome! @Thinhinane  are you all set on this one?  Can we mark it as answered?

    Thanks!
    Jon I.



  • 11.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 08:54 AM

    Jon_Israel, Yes, for my part, the problem is solved!

    thank you

    Tina



  • 12.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 08:51 AM

    yes, I used the basic connection because the information only circulates on our internal network, so I do not find it necessary to use the hash algorithm in this case, but otherwise I will have been safer



  • 13.  Re: Connection problem via CA sdm REST API

    Posted Oct 02, 2017 09:00 AM

    HI Thinhinane,

    either if only internal  I will strongly recommend to use SSL for you REST URL when using basic as any one having access to you internal network may easily have access to retrieve the credential if not the case yet.

    In fact best practice will say that any credentials must never be transported in clear text for any reason.

    My 2 cents

    /J



  • 14.  Re: Connection problem via CA sdm REST API

    Posted Nov 09, 2017 03:38 AM

    Hi Jerome, on this topic just one query. What is the default 'expiry duration' for the REST API access_key? I read somewhere 168 hours, can you pls confirm? Thanks!



  • 15.  RE: Re: Connection problem via CA sdm REST API

    Posted May 30, 2020 02:24 PM
      |   view attached
    I appreciate the original post is now over 3 years old but it was the only post I found whilst looking for help regarding the error 500 when trying to use the REST services with signed HMAC key. When the post said resolved I thought I had found the answer, but the posted answer appears to be stop using HMAC and switch back to BASIC Auth mode. Not being in a position where I could follow this approach, I had to investigate further and now have the signed key working and thought I would share here for anyone else that comes looking for an answer.

    The 500 error as discussed in post 3 above occurs because "HMAC values do not match." and this can be seen in the log file jrest.log. The reason that they don't match however is because the value presented to be signed is missing a magic bit of text that does not get a mention in the documentation or the examples provided in the samples folder.

    So if you enable the two required options with their default values hmac_algorithm (HmacSHA1) and string_to_sign_fields () the values that get entered into the NX.env file are :
    @NX_HMAC_ALGORITHM=HmacSHA1
    @NX_STRING_TO_SIGN_FIELDS=NoVaLue

    What I have identified is the "NoVaLue" string needs to form part of the missing magic text and the value presented for signing therefore needs to be of the format: <REQUEST_METHOD> + "\n" + <REQUEST_URI> + "\n" + "novalue" + "="
    So for performing a GET method on contacts the value to be signed becomes: GET\n/caisd-rest/cnt\nnovalue=

    Attached is a java example I created combining the two samples SampleSDMAuth and SampleUsingSecretKey found in the folder C:\Program Files (x86)\CA\Service Desk Manager\samples\sdk\rest\java\test2_auths

    Hope this helps someone :-)



    Attachment(s)

    zip
    joe.zip   1 KB 1 version
    Original Message