Further developments from this question: Powershell Token Authentication when connecting to vRealize Business Standard 7.0
I have followed the vRealize Business Standard documentation (vRealize Business Standard 7.0 Documentation Center) to retrieve a token from the vRealize Automation server, and pull an out-of-the-box report from the vRealize Business server. The wget commands I'm using are below:
wget --no-check-certificate -S -q --header "Accept: application/json" --header='Content-Type: application/json' --post-data '{"username":"[username]","password":"[password]","tenant":"[tenant"}' -O - https://[vRealizeAutomationServer]/identity/api/tokens
(This successfully retrieves a token from the server.)
wget --no-check-certificate -S -q --header "Accept: text/plain" --header="Content-Type: text/plain" --header "accept-encoding: gzip" --header="Authorization: Bearer [token]" -O - https://[vRealizeBusinessServer]/itfm-cloud/rest/reports/export-filters/servers>out.xls
This command returns the following error:
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1098
Date: Thu, 17 Mar 2016 01:05:35 GMT
Connection: keep-alive
I have sent a similar call using Powershell's Invoke-RestMethod (Seen in the link at the top of this post), which returns a similar error. Can anyone recommend a way to fix this, or point me towards the source of the problem?
Hi,
The commands you are using look fine. Are you copying the 'Bearer Token' properly? As I see the error is "401 Unauthorized", my first suspicion would be on the token, either it may not be properly copied or expired. Was there any long gap between token generation and usage?
Thanks for the reply.
I executed the second command barely a minute after the first. Here's the output, with the token usage:
wget --no-check-certificate -S -q --header "Accept: application/json" --header='Content-Type: application/json' --post-data '{"username":"[username]","password":"[password]","tenant":"[tenant]"}' -O - https://[vRealizeAutomationServer]/identity/api/tokens
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 373
Date: Thu, 17 Mar 2016 21:25:16 GMT
Connection: keep-alive
{"expires":"2016-03-18T05:25:16.000Z","id":"MTQ1ODI0OTkxNjc4Nzo3OWNkMjI3YmQxYjk0YTE4MGI1NTp0ZW5hbnQ6bnpjbG91ZHVzZXJuYW1lOmNjdXJyeUB2c3BoZXJlLmxvY2FsZXhwaXJhdGlvbjoxNDU4Mjc4NzE2MDAwOjQ5Yzg0Nzc1MTQ1Njg5ZjZiZDc2OTgxN2I2YmU2MDhkMWRhMTRhMTQ2Mzk0ZDBmNWEyNjg5OTkzMDA2ZTllMTdjYmRlMTFkYmViNjc4NDM0ZDdlNTRjYTc5OTQwODBlNGQwZGY3NjEyZWYzMWJhYmE3NDI4OTBlMzY0N2I5ZmEx","tenant":"[tenant]"}
wget --no-check-certificate -S -q --header "Accept: text/plain" --header="Content-Type: text/plain" --header "accept-encoding: gzip" --header="Authorization: Bearer MTQ1ODI0OTkxNjc4Nzo3OWNkMjI3YmQxYjk0YTE4MGI1NTp0ZW5hbnQ6bnpjbG91ZHVzZXJuYW1lOmNjdXJyeUB2c3BoZXJlLmxvY2FsZXhwaXJhdGlvbjoxNDU4Mjc4NzE2MDAwOjQ5Yzg0Nzc1MTQ1Njg5ZjZiZDc2OTgxN2I2YmU2MDhkMWRhMTRhMTQ2Mzk0ZDBmNWEyNjg5OTkzMDA2ZTllMTdjYmRlMTFkYmViNjc4NDM0ZDdlNTRjYTc5OTQwODBlNGQwZGY3NjEyZWYzMWJhYmE3NDI4OTBlMzY0N2I5ZmEx" -O - https://[vRealizeBusinessServer]/itfm-cloud/rest/reports/export-filters/servers>out.xls
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1098
Date: Thu, 17 Mar 2016 21:26:12 GMT
Connection: keep-alive
Is there possibly some configuration that needs to be done on the Business Standard server to accept these tokens, or something along those lines?
Hi Conrad,
You don't need to do any extra configuration beyond than add the right permissions in vRB to the user you're using to request the token. Like you can see, the token request is in vRA so you get a valid token because the user has permissions in vRA, but when you use this token for vRB the user doesn't have selected the right vRB roles that enable the user to get the reports or access to vRB.
wget --no-check-certificate -S -q --header "Accept: application/json" --header='Content-Type:application/json' --post-data '{"username":"root","password":"VMware1!","tenant":"vsphere.local"}' -O- https://vra.corp.local/identity/api/tokens
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 403
Date: Mon, 23 May 2016 20:50:30 GMT
{"expires":"2016-05-24T04:50:31.000Z","id":"MTQ2NDAzNjYzMTA4Mjo3Nzc0YTFhYzhkMDA4NjJiODc0Yzp0ZW5hbnQ6dnNwaGVyZS5sb2NhbHVzZXJuYW1lOmNvbmZpZ3VyYXRpb25hZG1pbkB2c3BoZXJlLmxvY2FsZXhwaXJhdGlvbjoxNDY0MDY1NDMxMDAwOjdiY2I3MWM5NGFlNmYzN2I4ODc5MzIzZWRjYjAyNDQ2NTFhYWJkN2QzNGYyZmQ4NTNlNjk2NjE4MjNmMTA3YzRlZmIyYTM1MzI5OTRkNTZiNGEyZTk5NWY3ZTg2ZTY4OTMwOTVlMGU0OTFjNTMxZjBhNWJhNjQ2MjMxMDkwMjI0","tenant":"vsphere.local"}
wget --no-check-certificate -S -q --header "Accept: text/plain" --header='Content-Type:text/plain' --header "accept-encoding: gzip" --header="Authorization: Bearer MTQ2NDAzNjYzMTA4Mjo3Nzc0YTFhYzhkMDA4NjJiODc0Yzp0ZW5hbnQ6dnNwaGVyZS5sb2NhbHVzZXJuYW1lOmNvbmZpZ3VyYXRpb25hZG1pbkB2c3BoZXJlLmxvY2FsZXhwaXJhdGlvbjoxNDY0MDY1NDMxMDAwOjdiY2I3MWM5NGFlNmYzN2I4ODc5MzIzZWRjYjAyNDQ2NTFhYWJkN2QzNGYyZmQ4NTNlNjk2NjE4MjNmMTA3YzRlZmIyYTM1MzI5OTRkNTZiNGEyZTk5NWY3ZTg2ZTY4OTMwOTVlMGU0OTFjNTMxZjBhNWJhNjQ2MjMxMDkwMjI0" -O- https://vrb-main.corp.local/itfm-cloud/rest/reports/export-filters/servers>out.xls
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Disposition: attachment;filename=servers_export_2016-05-23_20-36-22.xls
Cache-Control: no-cache, max-age=0, no-store, must-revalidate, proxy-revalidate
Content-Type: application/vnd.ms-excel;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 23 May 2016 20:36:22 GMT
Regards,
Jose