Absent Member.. ZachShupp Absent Member..
Absent Member..
932 views

OO 10.51 API Authentication Method

We have been looking at OO's API and like what we can do with it, we do have a script we wrote to help a few of our applications communicate with it. This required us to have a user name and password in the script which we really dont like, i saved it as base64. Is it possible to set up some encrypted password where OO could decrypt it?

Labels (1)
Tags (2)
0 Likes
11 Replies
Micro Focus Expert
Micro Focus Expert

Re: OO 10.51 API Authentication Method

Hi,

In theory you could try to encrypt the password using OO's  password encryption tool ( oo_folder\central\bin\encrypt-password ) and then provide the result in the script. In theory OO when faced with an encrypted string in this format will try to  decrypt it before using it, therefore it may work.

Keep in mind that since it is not OO sending this string, but an external party the string may also be taken quite literally and not work.

Hope this helps,

Vlad

0 Likes
lrevnic Absent Member.
Absent Member.

Re: OO 10.51 API Authentication Method

Hello,

OO has a mechanism to store credentials in what are called System Accounts. Can you detail why storing credentials in System Accounts does not work for you?

Best regards,

Lucian

0 Likes
Absent Member.. ZachShupp Absent Member..
Absent Member..

Re: OO 10.51 API Authentication Method

I have tried passing the encrypted string and it didnt work. We have created an internal account with accesss to just that one flow. On our network we are very strick with security and access to certian applications. OO is one of those applications as the main OO System account we  have has high rights to our network. This would be a nice feature to the API for some of us that have to deal with very strick security requirements.

0 Likes
Bridges Respected Contributor.
Respected Contributor.

Re: OO 10.51 API Authentication Method

Did you encrypted the password and encode the credentials back into base64 to be passed as the Authorization?  I pass it in the header and not in the script when making a REST call.

0 Likes
Absent Member.. ZachShupp Absent Member..
Absent Member..

Re: OO 10.51 API Authentication Method

I did and it failes to authenticate. I even tried just loggin into the gui the same way to see if that worked. Have you gotten it to work?

0 Likes
Bridges Respected Contributor.
Respected Contributor.

Re: OO 10.51 API Authentication Method

It works for me, but I'm on version 10.22.

Here are my steps(assuming  internal account already setup):

  1. Encrypted password with encrypt-password.bat
  2. Base64 encode the credentials:    username:encrypted_password
  3. Add authorization header to REST call:   Authorization: Basic encoded_Crendential

 

0 Likes
lrevnic Absent Member.
Absent Member.

Re: OO 10.51 API Authentication Method

Have you checked if the issue you are facing is not related to the CSRF protection flag that was added in 10.50?

(you may see auth issues when doing HTTP POST/PUT but not GET)

HTH,

Lucian

0 Likes
Absent Member.. ZachShupp Absent Member..
Absent Member..

Re: OO 10.51 API Authentication Method

So i just followed the above steps again and used our powershell function to make the call to "/rest/v1/roles" just to see if i get anything back and i get the below error.

"Exception calling "Add" with "2" argument(s): "Specified value has invalid CRLF characters"

0 Likes
lrevnic Absent Member.
Absent Member.

Re: OO 10.51 API Authentication Method

Hi,

For CSRF see the "CSRF Protection in HPE OO 10.x" section from the API guide on how to work with servers having this protection activated (reccomended).

Basically what you need to do is to populate as well X-CSRF-TOKEN header with a token received from the OO server.

HTH,

Lucian

 

0 Likes
Absent Member.. ZachShupp Absent Member..
Absent Member..

Re: OO 10.51 API Authentication Method

This is an issue before the request is even getting sent out. It looks like it dosent like the base64 string.

0 Likes
lrevnic Absent Member.
Absent Member.

Re: OO 10.51 API Authentication Method

Hi ZachShupp,

Let's have a call on this. My email address is revnic@hpe.com.

Best regards,

Lucian

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.