Solved: Re: CER API authentication fails on 11.5.2.20000-6

chris3331 · ‎02-01-2017

Hello,

CER API authentication fails on Emergency Responder 11.5.2.20000-6. Both on freshly installed clusters and ones upgraded from 10.5.2.

The API user has the correct roles, and I am including the MD5 hash of the password as the API documentation states:

http://{CER-IP}/cerappservices/export/authenticate/status/{user-name}/{MD5-encrypted-password}

The CER publisher responds:

<authentication><status>Authentication failed on publisher </status></authentication>

The API user is able to sign into the CER web interface /ceradmin just fine.

nthyamag · ‎02-03-2017

Hi,

CER 11.5.2.20000-6 does not support MD5 hash format of password. It supports only SHA256 password hash.

You can use the url as below.

http://http://{CER-IP}/cerappservices/export/authenticate/status/{user-name}/{SHA256-encrypted-password http://{CER-IP}/cerappservices/export/authenticate/status/{user-name}/{SHA256-encrypted-password {CER-IP}/cerappservices/export/authenticate/status/{user-name}/{SHA256-encrypted-password}

regards,

Naveen

View solution in original post

nthyamag · ‎02-03-2017

Hi,

CER 11.5.2.20000-6 does not support MD5 hash format of password. It supports only SHA256 password hash.

You can use the url as below.

http://http://{CER-IP}/cerappservices/export/authenticate/status/{user-name}/{SHA256-encrypted-password http://{CER-IP}/cerappservices/export/authenticate/status/{user-name}/{SHA256-encrypted-password {CER-IP}/cerappservices/export/authenticate/status/{user-name}/{SHA256-encrypted-password}

regards,

Naveen

chris3331 · ‎02-06-2017

Thank you Naveen. That fixed it.

Thanks,
Chris

Chris Deren · ‎06-07-2018

Naveen/Chris,

I am able to authenticate against CER 11.5 using SHA256, yet I am unable to authenticate against CER 10.5 using either MD5 nor SHA256. Is there something else I need to do for CER 10.5?

stevepnoble13 · ‎06-08-2018

I was able to authenticate against 10.5 using an MD5 password; However, that only works for the GET command for authentication

For running other commands on 10.5, I had to use GET -C user:password (plaintext) and then the URL. Hope that helps.

Chris Deren · ‎06-08-2018

Interestingly on 10.5 there appears to be no authentication as I was able to access all API URIs without passing any credentials.

stevepnoble13 · ‎06-08-2018

I'm pretty sure that the actual API calls got changed for 11.5, and they haven't updated the documentation for it yet. I've tried just about everything I can think of to pass authentication credentials with the calls in the documentation and almost nothing works. I think I've had discovery status work, when passed the credentials with a SHA256 password, but that's it.

Chris Deren · ‎06-08-2018

Yes, the authentication definitely changed. I have a Python tool that works for both 10.5 and 11.5 now, for 11.5 I need to use SHA256 hashed password, but for 10.5 I dont send any password just using the API URL with no credentials and it works for all API calls (SNMP, ERL, Subnet, switch, manual phones, ports, history, cucm cluster info, telephony settings). Here is snippet of how I derive the URLs:

def request_defineURLs(job):
URL_prefix = '/cerappservices/export/'
URL_dict ={'SNMP':'snmpv2switch/info',

'ERL':'conventionalerl/info',

'Subnet':'ipsubnet/info',

'Switch':'lanswitch/info','Alert':'onsitealert/info',

'Manual':'manualconfphone/info',

'Ports':'switchport/info',

'History':'callhistory/info',

'cucm':'cucmcluster/list',

'telephonysetting':'telephonysetting/info'}

if cer_version == "10":
URL = 'http://' + ip_add + URL_prefix + URL_dict[job]

else:
URL = 'http://' + ip_add + URL_prefix + URL_dict[job] +'/' + username + "/" + sha_password

return URL

Adam Pawlowski · ‎03-22-2019

I know this is from a while ago but maybe update the documentation eventually, this is frustrating to use.