Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
5
Replies

HTTP XMLAPI Authentication Problem

Lenard.Valdez
Level 1
Level 1

‎04-07-2022 05:31 PM - edited ‎04-07-2022 05:32 PM

Hello I'm not really a Cisco Developer, rather I am tasked to integrate Cisco's Webx to ServiceNow. So far CUCM and RISPort70 has been a breeze to connect and get the information we need, but Endpoints using session based login is causing some confusion.

 

According to Collaboration Endpoint Software 9.15 to set the session is to get the SessionId but http://<ip-address>/
xmlapi/session/begin responds with SecureClientId in the headers.

I tried both just getting the SecureClientId value and just plugging it on SessionID and straight up using SecureClientID for the Cookie header but I still end up with a 401

0 Helpful
5 Replies 5

Raffaele Lagana
Cisco Employee
Cisco Employee

‎04-08-2022 02:03 AM

Hello, the sessionId should be part of the Set-Cookie Response Header, do you see it there?

Would look something like: "Set-Cookie: SessionId=f08102c8ce5aaf8fba23a7238
cc2ef464b990e18bfbb7fb048820c0e28955c54; Path=/;
HttpOnly"

0 Helpful

Lenard.Valdez
Level 1
Level 1
In response to Raffaele Lagana

‎04-09-2022 06:20 AM - edited ‎04-09-2022 06:21 AM

Hello, That's what I expect to see from the response right? But the value of Set-Cookie starts with SessionClientId not SessionId

 

here's my request (obscured some data for security)

POST /xmlapi/session/begin HTTP/1.1
Host: 10.102.XXX.XX
Authorization: Basic <base64>

 

here's a response header from 2days ago.(obscured some data for security)

{"Referrer-Policy":["same-origin"],"X-Frame-Options":["SAMEORIGIN"],"Server":["nginx"],"Cache-Control":["no-cache, no-store"],"X-Content-Type-Options":["nosniff"],"Content-Security-Policy":["base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content","default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self' data:"],"Connection":["keep-alive"],"Set-Cookie":["SecureClientId=95cc7c01962fa97207b41614251d57d5140000e686088d0dd1ea21c9f62cXXXX; Path=/web; HttpOnly; secure"],"X-XSS-Protection":["1; mode=block"],"Date":["Thu, 07 Apr 2022 11:05:40 GMT"]}

 

0 Helpful

Raffaele Lagana
Cisco Employee
Cisco Employee
In response to Lenard.Valdez

‎04-12-2022 09:38 AM

Ok thanks, just to be sure was the token that's used here one which was authenticated by an admin?

0 Helpful

Lenard.Valdez
Level 1
Level 1
In response to Raffaele Lagana

‎04-12-2022 05:55 PM

I'm not really sure, they only gave the username/password credentials. weird thing is when we use postman its returning SecureSessionId and it works using this when using it for other api calls.

 

I only copy pasted the code generated by postman for a quick test but we're still getting SessionClientId

0 Helpful

Mike Palkovich
Cisco Employee
Cisco Employee
In response to Lenard.Valdez

‎04-13-2022 10:26 AM

Could you share the code you are using to make this post request outside of postman?  We have been trying to duplicate this but have not been able to so far. 

 

One strange thing about the response you are receiving is that its showing the path was set to /web (Path=/web) instead of "/xmlapi/session/begin".  I only see this /web path when i try to make a request to the host device without any url path, in that case it does a redirect to /web first.

 

Also could you confirm if you are being redirected (HTTP 302)to the HTTPS url when testing in postman?

0 Helpful
Customers Also Viewed These Support Documents