Support

Expand all | Collapse all

Jama REST API unauthorized

  • 1.  Jama REST API unauthorized

    Posted 07-07-2019 22:59
    Hello,

    I'm trying to communicate between Jama and LabView using the REST-API, but it doesn't really work. I always get the return that I'm not authorized. My Account working well in Jama and if I'm using Swagger, only if I using LabView it doesn't work (I simply use the HTML GET/POST methods).
    {"meta":{"status":"Unauthorized","timestamp":"2019-07-08T05:22:27.377+0000","message":""}}​

    Has anybody experience in this? 



    ------------------------------
    Heiko Schindler
    SICK AG
    ------------------------------


  • 2.  RE: Jama REST API unauthorized

    Posted 07-08-2019 08:45
    Hi Heiko:

    If it is a problem only LabView, I am wondering if this might be an authentication problem. Are you using SAML or LDAP? If so, it could be a problem with Jama recognizing you as the user. I would talk to your System Administrator to see how you are set up there. Are you able to screenshot the error message you are receiving?

    Best,

    ------------------------------
    Chloe Elliott
    Jama Software
    Portland OR
    ------------------------------



  • 3.  RE: Jama REST API unauthorized

    Posted 07-08-2019 21:52
    Hi Chloe,

    I don't think that it is a problem with LabView, maybe it is a problem with the library for REST / HTTP.
    SAML or LDAP --> no idea

    The REST API is, by our system administrator, not restricted for every user. If I'm using Swagger, it works well.
    Also there is no error message, only the answer from JAMA REST like I posted above

    {"meta":{"status":"Unauthorized","timestamp":"2019-07-08T05:22:27.377+0000","message":""}}​​


    ------------------------------
    Heiko Schindler
    SICK AG
    ------------------------------



  • 4.  RE: Jama REST API unauthorized

    Posted 08-23-2021 10:24
    I am attempting to use the LabVIEW HTTP client functions to communicate with the JAMA REST API.  I believe I am past the credentialing with the toolkit using the OpenHandle where the user name and password are provided and a reference is created. I then set the following headers:

    I then use the Get function with the following URL:
    http://<servername>/contour/rest/latest/projects

    Instead of getting a listing of projects I get:
    HTTP/1.1 400 Bad Request
    Server: nginx
    Date: Mon, 23 Aug 2021 17:15:27 GMT
    Content-Type: text/html
    Content-Length: 150
    Connection: close
    Strict-Transport-Security: max-age=63072000

    Any thoughts/suggestions as to why I am not getting a proper response? A listing of commands and headers that are needed to be performed in a general sense would be helpful.

    Thanks,
    Joe



    ------------------------------
    Joe Collura
    ------------------------------



  • 5.  RE: Jama REST API unauthorized

    Posted 08-23-2021 15:01
    Hello Joe, thank you for reaching out.

    Everything looks correct. The error appears to be an issue with authentication. From your comment " using the OpenHandle where the user name and password are provided" it sounds like you are using "basic auth" which requires a username and password. 


    If you have SAML enabled basic auth will not work as Jama is not providing the authentication, your IDP is. If you have SAML enabled then you will need to use OAuth as the authentication type. Info on authentication types can be found here

    Please let me know if they have any further questions. 

    ------------------------------
    [Amanda] [Jennewein] She/Her]
    [Manager, Customer Support]
    [Jama Software]
    [Portland] [OR]
    ------------------------------



  • 6.  RE: Jama REST API unauthorized

    Posted 08-24-2021 05:02
    Thank you Amanda, it does not appear that I have access to the OAuth setup in my profile where I can get my secret word. I read on our ALM page that we are set up for basic authentication. I can use swagger successfully with no issues.

    Until I receive more information, I am thinking the issue is with NI's authentication function. I am in a discussion forum on NI's webpage to confirm LabVIEW's authorization function will, "...provide your username and password in the header of the request following the RFC 2617 standard"




    ------------------------------
    Joe Collura
    ------------------------------



  • 7.  RE: Jama REST API unauthorized

    Posted 08-24-2021 08:03
    So I am now at the same place as the original post to this thread with this message.
    {"meta":{"status":"Unauthorized","timestamp":"2021-08-24T14:37:47.773+0000","message":""}}

    I had to set a cookie file so that the jama-csrf-token is set. The entry is as follows with the specifics removed:
    .<servername> TRUE / FALSE 0 jama-csrf-token <tokenidremovedforprivacy>

    Here are the headers returned from the server
    HTTP/1.1 401
    Server: nginx
    Date: Tue, 24 Aug 2021 14:37:47 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    jamaFishTag: {"originHost":"<removed>","originUUID":"<removed>","tenantId":null,"breadCrumbDTOs":[]}
    x-jama-node:
    X-Content-Type-Options: nosniff
    X-FRAME-OPTIONS: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Set-Cookie: jamaContourServerTime=1629815867768; Path=/
    Set-Cookie: jamaContourSessionExpiry=1629815867768; Path=/
    Pragma: no-cache
    Cache-Control: no-cache,no-store
    sunset: Fri, 22 May 2020 00:00:00 GMT
    x-sunset: Fri, 22 May 2020 00:00:00 GMT
    Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
    Access-Control-Allow-Headers: Content-Type, Accept, Authorization, api_key
    Strict-Transport-Security: max-age=31536000




    ------------------------------
    Joe Collura
    ------------------------------



  • 8.  RE: Jama REST API unauthorized

    Posted 08-24-2021 08:40
    I also found this in the cookie file.

    # Netscape HTTP Cookie File
    # https://curl.haxx.se/docs/http-cookies.html
    # This file was generated by libcurl! Edit at your own risk.

    ------------------------------
    Joe Collura
    ------------------------------



  • 9.  RE: Jama REST API unauthorized

    Posted 08-24-2021 09:06

    Hi Joe,

    I just saw your thread.  I may not be fully up to speed to what is going on here, but let me try to help.  I see that you are using a jama-csrf token from the cookies.  You should not need this to authenticate via REST API.  in order to authenticate to the rest api basic authentication you can do the following:

    Basic Authentication

    Most rest clients have an easy interface for basic authentication. You must provide your username and password in the header of the request following the RFC 2617 standard

    Note: This type of authentication will not work in a SAML/SSO environment.

    Examples for username: "myusername" and password: "mypassword"


    Header
    Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk

    Name: "Authorization", value: "Basic AUTHORIZATION", where AUTHORIZATION is a Base64-encoded presentation of "myusername:mypassword"

    Curl Example
    curl -u myusername:mypassword http://basepath/rest/v1/projects

    Best Regards,



    ------------------------------
    Nick McHale
    Jama Software
    ------------------------------



  • 10.  RE: Jama REST API unauthorized

    Posted 08-24-2021 11:04
    I confirmed with the admins that we are using SSL. LabVIEW configures SSL with a client CA, lient Key file, and key code as described below.  Any ideas where I can get these?

    https://zone.ni.com/reference/en-XX/help/371361R-01/lvcomm/http_client_configssl/#Input2

    ------------------------------
    Joe Collura
    ------------------------------



  • 11.  RE: Jama REST API unauthorized

    Posted 08-24-2021 09:02
    Thank you, @Joe It may an appropriate time to submit a support ticket, if you have already received additional information, and the steps to resolve are not working on the authentication side of things.

    ------------------------------
    [Amanda] [Jennewein] She/Her]
    [Manager, Customer Support]
    [Jama Software]
    [Portland] [OR]
    ------------------------------



  • 12.  RE: Jama REST API unauthorized

    Posted 08-24-2021 11:36
    Thanks Nick, that was the last piece of the puzzle. This is what I had to do:

    So, I got a response from the server and made it through the three gates of security to establish contact.

     

    1) The user name and password in open handle do nothing for the JAMA authentication.

    2) I had to make a custom header "Authorization" with the value "Basic <username>:<password>"

    3) My server is setup for SSL, and I only had to create a certificate for the CA certificate file input. This was done in chrome by clicking on the lock icon in the address bar, and exporting a 64 bit cer file.

    4) Verify Server is set to false. Setting it to true will generate an error on the GET command.

    5) I needed a cookie file so that the jama-csrf-token could be generated

     

    I hope this helps anyone else who may have to interface with JAMA with LabVIEW. The LabVIEW snippet is located in this forum on the NI website.

    https://forums.ni.com/t5/LabVIEW/JAMA-amp-the-RESTful-interface/m-p/4174212#M1206357



    ------------------------------
    Joe Collura
    ------------------------------