cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1588
Views
0
Helpful
8
Replies

CER API authentication fails on 11.5.2.20000-6

Hello,

CER API authentication fails on Emergency Responder 11.5.2.20000-6. Both on freshly installed clusters and ones upgraded from 10.5.2.

The API user has the correct roles, and I am including the MD5 hash of the password as the API documentation states:

http://{CER-IP}/cerappservices/export/authenticate/status/{user-name}/{MD5-encrypted-password}

The CER publisher responds:

<authentication><status>Authentication failed on publisher </status></authentication>

The API user is able to sign into the CER web interface /ceradmin just fine.

1 ACCEPTED SOLUTION

Accepted Solutions
nthyamag
Cisco Employee
8 REPLIES 8
nthyamag
Cisco Employee

Thank you Naveen. That fixed it.

Thanks,
Chris

Chris Deren
Hall of Fame Master

Naveen/Chris,

I am able to authenticate against CER 11.5 using SHA256, yet I am unable to authenticate against CER 10.5 using either MD5 nor SHA256. Is there something else I need to do for CER 10.5?

I was able to authenticate against 10.5 using an MD5 password; However, that only works for the GET command for authentication

For running other commands on 10.5, I had to use GET -C user:password (plaintext) and then the URL. Hope that helps.

Interestingly on 10.5 there appears to be no authentication as I was able to access all API URIs without  passing any credentials.

I'm pretty sure that the actual API calls got changed for 11.5, and they haven't updated the documentation for it yet. I've tried just about everything I can think of to pass authentication credentials with the calls in the documentation and almost nothing works. I think I've had discovery status work, when passed the credentials with a SHA256 password, but that's it.

Yes, the authentication definitely changed. I have a Python tool that works for both 10.5 and 11.5 now, for 11.5 I need to use SHA256 hashed password, but for 10.5 I dont send any password just using the API URL with no credentials and it works for all API calls (SNMP, ERL, Subnet, switch, manual phones, ports, history, cucm cluster info, telephony settings). Here is snippet of how I derive the URLs:

def request_defineURLs(job):
   URL_prefix = '/cerappservices/export/'
   URL_dict ={'SNMP':'snmpv2switch/info',

                       'ERL':'conventionalerl/info',

                       'Subnet':'ipsubnet/info',

                       'Switch':'lanswitch/info','Alert':'onsitealert/info',

                       'Manual':'manualconfphone/info',

                       'Ports':'switchport/info',

                       'History':'callhistory/info',

                       'cucm':'cucmcluster/list',

                       'telephonysetting':'telephonysetting/info'}

   if cer_version == "10":
      URL = 'http://' + ip_add + URL_prefix + URL_dict[job]

   else:
      URL = 'http://' + ip_add + URL_prefix + URL_dict[job] +'/' + username + "/" + sha_password

   return URL

I know this is from a while ago but maybe update the documentation eventually, this is frustrating to use.

Create
Recognize Your Peers
Content for Community-Ad