SiteScope- Ver. 11.24.241 64-bit JVM, build 165. RHEL 64bit
Ok, now my question,
We have two SiteScope installations:
1) SiteScope configured for 1-way SSL with username/password authentication
2) SiteScope configured for 2-way SSL (client certificate authentication) and LDAP.
We are attempting to use the SiteScope API to get monitor data from SiteScope.
As a starting point, we are using the API examples in SITESCOPE_HOME/examples/integrations/api
We are able to run the get_configuration.sh example against our server #1 that uses username/password authentication but get errors when we run it against the second SiteScope that uses 2-way SSL. Specifically, we get a '500 Internal Server Error'
To support client certificate authentication for the examples we modified the examples/integrations/api/bin/run_api_call.sh script to add SSL-related properties that point to the JKS keystore and truststore, specifically:
When I look at the error log on the SiteScope server I see the following:
javax.servlet.ServletException: The username was not found in client certificate
When we ran the SiteScope hardening script to configure SiteScope for 2-way SSL we specified that we wish to use 'Other Name' when asked for 'Please enter username property in client certificate AlternativeSubjectName field". This configured SiteScope to extract the email address from our client certificates and use that as the username.
Should we be able to use the SiteScope API with our 2-way SSL-enabled SiteScope?
If so, what username/password should we provide for the API calls that require them? (Our 2-way SSL SiteScope doesn't use username/password authentication so we typically don't define them)