ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

HTTPAPI - "This page requires a user-id & password" error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTPAPI - "This page requires a user-id & password" error

    Hi All

    Could someone please me help me on fixing the issue.

    Issue : I am trying to execute an RPGLE code to get the access token from servicenow URL. The credentials and the BASIC auth parameters are all working in POSTMAN and also in SOAPUI. I could get the access token from both of these applications. I have attached the screenshots

    But, when I write an RPGLE program using Scotts's API, I am getting "This page requires a user-id & password". Below is the debug dump, I had to mask or change some url/pwd for security reasons.

    Code:
    HTTPAPI Ver 1.31 released 2016-02-03                                                      
    NTLM Ver 1.4.0 released 2014-12-22                                                        
    OS/400 Ver V7R3M0                                                                         
    
    New iconv() objects set, PostRem=1208. PostLoc=0. ProtRem=819. ProtLoc=0                  
    http_setauth(): entered                                                                   
    http_url_post(): entered                                                                  
    http_persist_open(): entered                                                              
    http_long_ParseURL(): entered                                                             
    DNS resolver retrans: 2                                                                   
    DNS resolver retry  : 2                                                                   
    DNS resolver options: x'00000136'                                                         
    DNS default domain: man.cox.com                                                           
    DNS server found: 10.104.40.199                                                           
    DNS server found: 10.141.54.199                                                           
    Nagle's algorithm (TCP_NODELAY) disabled.                                                 
    SNI hostname set to: dummy.service-now.com      (// I have changed it deliberately)
    
    Dump of server-side certificate information:                    
    ----------------------------------------------------------------
    Cert Validation Code = 6000                                     
    -----BEGIN CERTIFICATE-----                                     
    MIIGvjCCBaagAwIBAgIPUDReNy3zYAAAAABQ6+bHMA0GCSqGSIb3DQEBCwUAMIG6
    MQswCQYDVQQGEwJVUzEWM-------
    N7LUyd9JxpuitPa5UB4aFYFE6RkEEDhLWNjlniLjPkngwj/MoakVvr+ghcI9i/E7
    gxxmYC0Zo7Gyb/saCOvfYF9CM9sk5dL1K8r+DGAr+EPHnmEFAgMBAAGjggMRMIID                                    
    -------------------------------------------------------------------------------------     
    -----END CERTIFICATE-----                                                                                
    Serial Number: 50:34:5E:37:2D:F3:60:00:00:00:00:50:EB:E6:C7                                              
    Common Name: *.service-now.com                                                                           
    Country: US                                                                                              
    State/Province: California                                                                               
    Locality: San Diego                                                                                      
    Org Unit: ServiceNow                                                                                     
    Issuer CN: Entrust Certification Authority - L1K                                                         
    Issuer Country: US                                                                                       
    Issuer Org: Entrust, Inc.                                                                                
    Issuer Org Unit: (c) 2012 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms    
    Version: 3                                                                                               
    not before: 20190108130557    
    
    Protocol Used: TLS Version 1.2                                     
    http_persist_post(): entered                                       
    http_persist_req(POST) entered.                                    
    http_long_ParseURL(): entered                                      
    http_long_ParseURL(): entered                                      
    do_oper(POST): entered                                             
    There are 0 cookies in the cache                                   
    POST /oauth_token.do?grant_type=password&client_id=test&client_secret=test&username=test&password=test HTTP/1.1   
    Host: dummy.service-now.com                                   
    User-Agent: http-api/1.31                                          
    Authorization: Basic YjcwM2Q0NWQ1MDI4Y  
    Content-Type:application/x-www-form-urlencoded                     
    username: test
    password: test
    
     recvresp(): entered                                                                                                                           
    recvresp(): entered                                                                            
    HTTP/1.1 401 Unauthorized                                                                      
    Set-Cookie: JSESSIONID=2853E3547472FFCEDF3C75D8A3ECDF48; Path=/; HttpOnly;Secure               
    Set-Cookie: glide_user_route=glide.ad36cb81f4566bb31b9b4dc8426b67ef; Max-Age=2147483647; Expire
    X-Is-Logged-In: false                                                                          
    X-Transaction-ID: 88ad1b7a1bb0                                                                 
    Content-Type: application/json;charset=utf-8                                                   
    Content-Length: 60                                                                             
    Date: Thu, 18 Apr 2019 02:45:58 GMT                                                            
    Server: ServiceNow                                                                             
    Set-Cookie: BIGipServerpool_dev=2390906890.41790.0000; path=/; Httponly; Secure         
    Strict-Transport-Security: max-age=63072000; includeSubDomains                                 
    Connection: close
    
    SetError() #13: HTTP/1.1 401 Unauthorized                   
    recvresp(): end with 401                                    
    recvdoc parms: identity 60                                  
    SetError() #36: This page requires a user-id & password     
    
    SetError() #36: This page requires a user-id & password      
    AuthPlugin_mustReceiceAuthErrorPage(): entered               
    http_close(): entered
    The RPGLE code is as below

    Code:
    H dftactgrp(*no)                                                       
    H BndDir('HTTPAPI':'QC2LE':'YAJL')                                     
     /copy libhttp/qrpglesrc,httpapi_h                                     
    D cvCRLF          C                   x'0d25'                          
    D cmd             pr                  extpgm('QCMDEXC')                
    D  command                     200A   const                            
    D  length                       15P 5 const                            
    
    D myJSON          S          65535A   Varying                          
    D rc              s             10I 0                                  
    D msg             s             52A                                    
    D Enc             s                   like(HTTP_URL_ENCODER)           
    D data            s               *                                    
    D size            s             10I 0                                  
    D  ppAuthUsr      s             24A                                    
    D  ppAuthPwd      s             24A                                    
    D  ppAuthUrl      s           1024A                                    
    D  authToken      s             24A                                    
    D docNode         S                   Like(yajl_val)                       
    D val             S                   Like(yajl_val)                       
    D addnlHdr        PR                                                       
    D                            32767A   Varying                              
     /include qrpglesrc,yajl_h                                                 
     /Free                                                                     
         *inlr = *on;                                                          
                ppAuthUsr = 'test';                
                ppAuthPwd = 'test';                                        
    
                http_debug(*ON:'/tmp/rragavan.txt') ;                          
                http_xproc(HTTP_POINT_ADDL_HEADER: *null);                     
                http_setCCSIDs( 1208: 0 );                                     
                http_setauth(HTTP_AUTH_BASIC : ppAuthUsr : ppAuthPwd);         
                http_xproc(HTTP_POINT_ADDL_HEADER: %paddr('ADDNLHDR'));        
    
    
         // Prepare the JSON Body                                              
           myJson = '   ';                                                     
           size = %len(%trim(myJson));                                         
        // Post to Auth Endpoint and retrieve a new OAuth Token                   
          ppAuthUrl = 'https://dummy.service-now.com/oauth_token.do'         
                    + '?grant_type=password&client_id=test'         
                    + '&client_secret=test&username='           
                    + 'test&password=test';                         
    
          rc = http_url_post( ppAuthUrl                                           
                                 :data                                            
                                 :size                                            
                                 :'/tmp/testpost.html'                            
                                 :HTTP_TIMEOUT                                    
                                 :HTTP_USERAGENT);                                
    
                if (rc <> 1);                                                     
                    msg = http_error();                                           
                    dsply msg;                                                    
                    return;                                                       
                endif;                                                            
                cmd('DSPF ''/tmp/testpost.html''': 200);    
    return;                                     
       /end-free                             
    
     *------------------------------------------------------------------------*     
     * Procedure - addnlHdr for Mashery token Authorisation                   *     
     *------------------------------------------------------------------------*     
    P addnlHdr        B                                                             
    D addnlHdr        PI                                                            
    D  header                    32767A   Varying                                   
    D  authUsr        s             24A                                             
    D  authPwd        s             24A                                             
    
     /Free                                                                          
        AuthUsr = 'test';                               
        AuthPwd = 'test';                                                       
        header = 'Content-Type:' + 'application/x-www-form-urlencoded'              
                                 + cvCRLF;                                          
        header += 'username: ' + %trim(authUsr) + cvCRLF;                           
        header += 'password: ' + %trim(authPwd) + cvCRLF;                           
    
     /End-Free                                                                      
    P addnlHdr        E
    Please help me on what I am doing wrong here and what need to be fixed. Thanks a lot for your help in advance..

  • #2
    There's a parameter for content-type on http_url_post. The way you're doing it, you'll end up with two content-types. Can you explain why you are trying to bypass the one HTTPAPI provides? Is there some reason it is not adequate?

    You are adding your own custom headers of 'username' and 'password'. I'm not familiar with this particular service, but I'm very skeptical of that, as I've never heard of this before, they are not normal/standard headings. You should only do this if you know that this site requires a non-standard item like this.

    For the regular HTTP authentication, you should be using http_setAuth().

    Comment


    • #3
      Hi Scott

      Thank you very much for your response. I made the changes as per your advice and still getting the same error.

      I am very confident about the AuthURL as this is the way i pass in SOAPUI and POSTMAN to get the token correctly. Only I am stuck here in IBMi.

      Could you please correct me is there anything i need to set for "data" and "size" parameters? Is there anything I am making mistake in PARSEHEADER procedure?

      Code:
      H dftactgrp(*no)                                                            
      H BndDir('HTTPAPI':'QC2LE':'YAJL')                                          
       /copy libhttp/qrpglesrc,httpapi_h                                          
      D cvCRLF          C                   x'0d25'                              
      D cmd             pr                  extpgm('QCMDEXC')                    
      D  command                     200A   const                                
      D  length                       15P 5 const                                
      
      D rc              s             10I 0                                      
      D msg             s             52A                                        
      D Enc             s                   like(HTTP_URL_ENCODER)                
      D data            s               *                                        
      D size            s             10I 0                                      
      D  ppAuthUsr      s             24A                                        
      D  ppAuthPwd      s             24A                                        
      D  ppAuthUrl      s           1024A                                        
      D  authToken      s             24A                                        
      
      D docNode         S                   Like(yajl_val)                        
      D val             S                   Like(yajl_val)          
       /include qrpglesrc,yajl_h                                    
       /Free                                                        
         *inlr = *on;                                                        
         ppAuthUsr = 'test';                      
         ppAuthPwd = 'test';                                              
      
       // Post to Auth Endpoint and retrieve a new OAuth Token                
         ppAuthUrl = 'https://dummy.service-now.com/oauth_token.do'      
                   + '?grant_type=password&client_id=test'      
                   + '&client_secret=password&username='        
                   + 'test&password=test';                      
      
         http_debug(*ON:'/tmp/rragavan.txt') ;                                
         http_setCCSIDs( 1208: 0 );                                          
         http_setauth(HTTP_AUTH_BASIC : ppAuthUsr : ppAuthPwd);              
      
      
         rc = http_url_post( ppAuthUrl                                        
                               :data                                                
                               :size                                                
                               :'/tmp/testpost.html'                                
                               :HTTP_TIMEOUT                                        
                               :HTTP_USERAGENT                                      
                               :'application/x-www-form-urlencoded');              
      
            if (rc <> 1);                                                          
                msg = http_error();                                                
                dsply msg;                                                          
                return;                                                            
            endif;                                                                  
      
            cmd('DSPF ''/tmp/rragavan.txt''': 200);                                
            return;                                                                
      
          /end-free                                                                
      *------------------------------------------------------------------------*    
      * parseHeader - Parse response and get accessToken                       *    
      *------------------------------------------------------------------------*    
      P parseHeader     B                                                    
      D parseHeader     PI            10I 0                                  
      D  ppFD                         10I 0 value                            
      D  ppData                         *   value                            
      D  ppLen                        10I 0 value                            
       *                                                                    
      D ptr             S               *                                    
      D msgPtr          S               *                                    
      D data            S          65535A   based(ptr)                      
      D msg             S          65535A   Inz                              
      D msgLen          S             10I 0 Inz                              
      D savMsg          S          65535A   Static                          
      D savMsgLen       S             10I 0 Static                          
      D errMsg          S            500A   Varying Inz(' ')                
      D docNode         S                   Like(yajl_val)                  
      D val             S                   Like(yajl_val)                  
      D strValue        S          65535A   Varying                          
       *                                                                    
       /Free                                                                
         ptr = ppData;                                                          
         msg = data;                                                            
         msgLen = ppLen;                                                        
      
         http_xlate(msgLen:msg:TO_EBCDIC);                                      
      
         If savMsg <> ' ';                                                      
            msg = %Trim(savMsg) + %SubSt(msg:1:msgLen);                          
            msgLen += savMsgLen;                                                
         EndIf;                                                                  
      
         msgPtr = %Addr(msg);                                                    
         docNode = yajl_buf_load_tree(msgPtr:msgLen:errMsg);                    
       If docNode <> *Null;                                                      
          val = yajl_object_find(docNode:'accessToken');                        
          strValue = yajl_get_string(val);                                      
          authToken = %trim(strValue);                                          
      
          savMsg = ' ' ;                                                        
          savMsgLen = 0;                                                        
        Else;                                                                  
           savMsg = %SubSt(msg:1:msgLen);                                      
           savMsgLen  = msgLen;                                                
        EndIf;                                                                
      
        yajl_tree_free(docNode);                                              
      
        return ppLen;                                                          
      
       /End-Free                                                              
      P parseHeader     E

      Comment


      • #4
        I am very confident about the AuthURL as this is the way i pass in SOAPUI and POSTMAN to get the token correctly. Only I am stuck here in IBMi.
        This comment doesn't help me.

        If you are asking how to do the same thing in HTTPAPI that you've done in another program, you'll need to tell me WHAT you are doing in the other program, not just that "it works". If you tell me what you are doing in SoapUI, I can tell you how to do the same thing with HTTPAPI. (I prefer SoapUI insstead of Postman if possible, please.)

        Could you please correct me is there anything i need to set for "data" and "size" parameters?
        I am not familiar with this web service, I cannot tell you what data is expected. (size should be the size, in bytes, of the 'data' parameter) Again, if you have this working in SoapUI or PostMan, then surely you know what data you're sending?!

        Is there anything I am making mistake in PARSEHEADER procedure?
        This procedure confuses me.
        1. You are not calling it anywhere that I can see?
        2. I can't tell you if it's right or wrong as I don't know what the JSON document you're parsing looks like.
        3. it is named 'parse header', yet doesn't seem to work with headers at all, it works with a json document.

        So I can't tell you if it's right or wrong, but I can tell you that it's confusing the way you've presented it.

        Comment

        Working...
        X