Nettrix server login failed, resp code 401
MisakaTAT opened this issue · 9 comments
This is my server root service json, i use gofish login the server, but response http status 401, response message tell me please input corrent X-Auth-Token or username and password, i think maybe is sessions service struct caused? if you need more info, please tell me, thanks!
{
"@odata.context": "/redfish/v1/$metadata#ServiceRoot.ServiceRoot",
"@odata.id": "/redfish/v1",
"@odata.type": "#ServiceRoot.v1_5_1.ServiceRoot",
"Id": "RootService",
"Name": "Root Service",
"Vendor": "Nettrix",
"Product": "R620G30",
"RedfishVersion": "1.5.0",
"UUID": "XXXXX-XXXXX-XXXX-XXXX-XXXXXX",
"Systems": {
"@odata.id": "/redfish/v1/Systems"
},
"Chassis": {
"@odata.id": "/redfish/v1/Chassis"
},
"Managers": {
"@odata.id": "/redfish/v1/Managers"
},
"SessionService": {
"@odata.id": "/redfish/v1/SessionService"
},
"AccountService": {
"@odata.id": "/redfish/v1/AccountService"
},
"EventService": {
"@odata.id": "/redfish/v1/EventService"
},
"UpdateService": {
"@odata.id": "/redfish/v1/UpdateService"
},
"JsonSchemas": {
"@odata.id": "/redfish/v1/JsonSchemas"
},
"CompositionService": {
"@odata.id": "/redfish/v1/CompositionService"
},
"TelemetryService": {
"@odata.id": "/redfish/v1/TelemetryService"
},
"Links": {
"Sessions": {
"@odata.id": "/redfish/v1/SessionService/Sessions"
}
}
}But use postman post request https://bmc-ip/redfish/v1/SessionService/Sessions, I can get correct session id and token.
this is request body
"UserName": "root",
"Password": "xxxxx"Hi @MisakaTAT. That ServiceRoot structure looks correct. Can you step through and verify it is correctly extracting /redfish/v1/SessionService/Sessions as the target for POSTing that session creation to?
Everything from what you've shared looks correct. It is odd that it would return a 401 error as the session creation should be doing exactly what you've tested using postman.
I've never interacted with a Nettrix server, but at least so far everything looks normal based on the output you've shared.
ok, i well step test for later.
Hi @stmcginnis , I think we've just found the crux of this problem.
if post https://bmc-ip/redfish/v1, i can get correct resp, like this.
{
"@odata.context": "/redfish/v1/$metadata#ServiceRoot.ServiceRoot",
"@odata.id": "/redfish/v1",
"@odata.type": "#ServiceRoot.v1_5_1.ServiceRoot",
"Id": "RootService",
"Name": "Root Service",
"Vendor": "Nettrix",
"Product": "R620G30",
"RedfishVersion": "1.5.0",
"UUID": "XXXXX-XXXXX-XXXX-XXXX-XXXXXX",
"Systems": {
"@odata.id": "/redfish/v1/Systems"
},
"Chassis": {
"@odata.id": "/redfish/v1/Chassis"
},
"Managers": {
"@odata.id": "/redfish/v1/Managers"
},
"SessionService": {
"@odata.id": "/redfish/v1/SessionService"
},
"AccountService": {
"@odata.id": "/redfish/v1/AccountService"
},
"EventService": {
"@odata.id": "/redfish/v1/EventService"
},
"UpdateService": {
"@odata.id": "/redfish/v1/UpdateService"
},
"JsonSchemas": {
"@odata.id": "/redfish/v1/JsonSchemas"
},
"CompositionService": {
"@odata.id": "/redfish/v1/CompositionService"
},
"TelemetryService": {
"@odata.id": "/redfish/v1/TelemetryService"
},
"Links": {
"Sessions": {
"@odata.id": "/redfish/v1/SessionService/Sessions"
}
}
}but post https://bmc-ip/redfish/v1/, resp code 401, resp body like this.
{
"error": {
"code": "Security.1.0.0.LoginFailure",
"message": "Invalid Authentication",
"@Message.ExtendedInfo": [{
"@odata.type": "#Message.v1_0_5.Message",
"Message": "Invalid Authentication",
"MessageId": "Security.1.0.0.LoginFailure",
"Resolution": "please input correct X-Auth-Token or username/password",
"Severity": "Critical",
"MessageArgs": [],
"RelatedProperties": []
}]
}
}I think this error because of uri required auth, this is my debug screenshot, get DefaultServiceRoot err is not null. I think maybe we can change DefaultServiceRoot for /redfish/v1? or if /redfish/v1/ get error try use /redfish/v1. What can I do for you?
I think after getting the right solution, i can fixed it and pr.
Or we can allow custom root service path? do you have any ideas?
It looks like Nettrix is treating the trailing / different than the path without it. So far at least, they appear to be the only ones.
I believe it actually is "more correct" to use /redfish/v1 to access the Service Root, versus using /redfish/v1/. So we definitely could drop that trailing / from common.DefaultServiceRoot. We may need some folks that can help verify that works OK on some of the more mainstream systems.
We could add another method that allows providing a custom service path, but since the Redfish specification explicitly declares what path it should be under, I would rather not go down this route unless we have a very strong reason to do so.
Actually... I reread the Redfish specification, and I think this is an issue that Nettrix needs to fix. The specification clearly states the ServiceRoot should be access by using redfish/v1/, so their support of only redfish/v1 is not adhering to the specification. I would recommend contacting Nettrix to report this as a bug in their Redfish implementation.
| URI | Returns | Note |
|---|---|---|
| /redfish/v1/ | Redfish service root. | Services shall support this URI. |
You can point them at the specification here: https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.15.1.pdf
Hmm, I agree with you, Nettrix appear to be the only ones, So far at least....
Ok, I will try contacting nettrix to report this question, Thanks for your follow this issues!
If it's necessary because of Nettrix not being able to update for some time, it may be reasonable to add a check for a "not authorized" status code in the fetch of the ServiceRoot and only in that case have a retry that attempts to perform the GET again by dropping the trailing / from the path.
We would definitely still want the default to be its current value since that is what is expected, but if we are in a failure condition anyway, it wouldn't be much overhead to have a retry.