Announcement

Collapse
No announcement yet.

Failed user authentication using Digest after latest firmware update.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Failed user authentication using Digest after latest firmware update.

    With firmware version 1.5.0.0A14, I was able to access webAPIs using curl statements with basic user auth as for instance
    curl -u admin:PASSWORD -X POST http://%hostIP%/export/config

    After the update to 1.5.0.0A25, with the default auth being Digest now, I'm unable to access the webAPIs via curl or Postman. I tried
    curl --digest -u admin:PASSWORD -X POST http://%hostIP%/export/config

    and see a 401-Authorization failed response. Same with Postman web client.

    I could not find any documentation specifying the headers needed for REST calls with the changed authentication scheme.

    Please help!

  • #2
    Originally posted by byFlow View Post

    After the update to 1.5.0.0A25, with the default auth being Digest now, I'm unable to access the webAPIs via curl or Postman. I tried
    curl --digest -u admin:PASSWORD -X POST http://%hostIP%/export/config

    and see a 401-Authorization failed response. Same with Postman web client.
    I just tested this with A25 and it worked. Did you reset configuration to default after upgrading the firmware? Since there are new configuration fields in the new firmware, it's always a good idea to do that.

    I would double-check that you indeed have it set to digest:
    [ATTACH]148[/ATTACH]

    Another option is to try with curl --anyauth instead of --digest. This will work whether it's using Basic or Digest.

    As for Postman, unfortunately the Digest support is not great there.

    Comment


    • #3
      Originally posted by mariano View Post
      I just tested this with A25 and it worked. Did you reset configuration to default after upgrading the firmware? Since there are new configuration fields in the new firmware, it's always a good idea to do that.

      I would double-check that you indeed have it set to digest:
      [ATTACH]148[/ATTACH]

      Another option is to try with curl --anyauth instead of --digest. This will work whether it's using Basic or Digest.

      As for Postman, unfortunately the Digest support is not great there.
      Thanks for your quick reply!

      You were right. The configuration was set to Digest, however, I had issues in my uri. I am now able to execute request via curl.

      However, I'm using javascript to call the services which requires me to pass authorization headers as in Postman. I have tried
      Authorization : Digest username="admin", realm="config", nonce="", uri="/export/config", qop=auth, nc="", cnonce="", response="f48d298a6c9c1299083b9a2de793a265", opaque=""

      but it fails with a 401. Can you please point out whats wrong here?

      Comment


      • #4
        Digest Authentication requires multiple requests. The first request, the server will respond with 401 and a nonce. You then use that nonce to hash the password and do another request with the proper authentication information.

        For example:
        https://stackoverflow.com/questions/...authentication

        There's also some JS libraries out there to do this. Here's an example:
        https://github.com/inorganik/digest-auth-request

        Comment


        • #5
          Thanks!

          I have a few more questions.

          Is there a service that can be used to get the usernames and roles of all users of the module?
          Is there a service to access details of the currently logged in user?
          Is there a document that can be referred to for this?

          Comment


          • #6
            You can get the list of users that are configured on the xPico Wi-Fi by using the WebAPI to export the User group. For example the default configuration:

            Code:
            <?xml version="1.0" standalone="yes"?>
            <!-- Automatically generated XML -->
            <!DOCTYPE configrecord [
               <!ELEMENT configrecord (configgroup+)>
               <!ELEMENT configgroup (configitem+)>
               <!ELEMENT configitem (value+)>
               <!ELEMENT value (#PCDATA)>
               <!ATTLIST configrecord version CDATA #IMPLIED>
               <!ATTLIST configgroup name CDATA #IMPLIED>
               <!ATTLIST configgroup instance CDATA #IMPLIED>
               <!ATTLIST configitem name CDATA #IMPLIED>
               <!ATTLIST configitem instance CDATA #IMPLIED>
               <!ATTLIST value name CDATA #IMPLIED>
            ]>
            <configrecord version = "0.1.0.1">
               <configgroup name = "User" instance = "admin">
                  <configitem name = "Password">
                     <value>&lt;Configured&gt;</value>
                  </configitem>
                  <configitem name = "Privilege">
                     <value>Admin</value>
                  </configitem>
               </configgroup>
            </configrecord>
            There is no service to get the currently logged in user.

            Documentation on how the user level access controls work is here:
            http://wiki.lantronix.com/developer/...ccess_controls

            Comment


            • #7
              For user management on our portal, we require the details of the currently logged in user. How can I get this given you don't have a service for it yet?
              Is there a way to access the embedded HTTP server files so then I can write a service to return logged in user information?

              Comment


              • #8
                One option would be to manage the username on the client, like a page that doesn't require authentication for the user to enter their credentials, then use Javascript to request the data that requires authentication using the entered credentials.

                If you need a new service on the xPico Wi-Fi, then you should contact your local Lantronix Sales person or FAE to see if it's possible.

                Mariano

                Comment

                Working...
                X