4 Replies Latest reply on Apr 22, 2019 5:20 AM by alexander_d

    vco-controlcenter REST API login

    alexander_d Novice

      Hi everyone.

      I'm trying to connect to vco-controlcenter by REST API.

      We use vCO 7.3.0.5481809  <api-version>5.5.2</api-version>.

      2 vCO nodes configured in cluster.

      Authentication provider is set to vRA.

      I'm able to connect and use API call's to https://vRO:8281/vco/api using Basic auth,but not to https://vRO:8283/vco-controlcenter/api. Tried to use Beared token from https://vRA/identity/api/tokens but still no luck.

      If i open https://vRO:8283/vco-controlcenter/docs/ in browser and enter credentials - all works ok.

      But when i try to use curl or postman or poweshell - it redirect any call to authentication page.

      Any ideas how to fix this?

        • 1. Re: vco-controlcenter REST API login
          iiliev Champion
          Community WarriorsVMware Employees

          Hi,

           

          For Control Center API, I think you should use the root user and the corresponding root password you provided during the deployment. Try something like the following

           

          curl -ikv -u root:YOURROOTPASS https://vRO:8283/vco-controlcenter/api/server/about
          
          • 3. Re: vco-controlcenter REST API login
            alexander_d Novice

            Found a solution here:

            VMware Knowledge Base

            Oauth bearer token must be used instead of Basic auth.

            • 4. Re: vco-controlcenter REST API login
              alexander_d Novice

              And now fun part starts.

              It perfectly works in Postman.

              But doesn't work in Powershell.

              $System = @(Hostname = "vRA hostname";UserName ="username"; Password= "password")

              $domain = "domain"

              $client_id = "id" //id taken from (grep -i cafe_cli= /etc/vcac/solution-users.properties | sed -e 's/cafe_cli=//') command on vRA appliance.

              $URI = "https://$($System.Hostname)/SAAS/t/DPC/auth/oauthtoken?grant_type=password"

              $Body = @{"username"=$System.UserName;"password"=$System.Password;"client_id"=$client_id;"domain"=$domain}

              $Token = "Bearer " + (Invoke-RestMethod $URI -Method POST -Body $Body -ContentType "application/x-www-form-urlencoded").access_token

              This allows me to get a proper bearer token... this part is ok...

              But later on when I try to use it in vRO it redirects me to auth page in the output:

              $vRO= "vRO hostname"

              $Headers = @{"Content-Type"="application/json";"Authorization"=$Token}

              $URI = "https://$vRO:8283/vco-controlcenter/api/cluster/status?validationDetails=true"

              Invoke-webrequest -Method GET -Headers $Headers -Uri $URI

              So i receive :

              StatusCode        : 200

              StatusDescription :

              Content           :     <!DOCTYPE html>

                                      <html>

                                      <head>

                                          <meta http-equiv="X-UA-Compatible" content="IE=edge">

                                          <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

                                          <meta conten...

              RawContent        : HTTP/1.1 200

                                  Strict-Transport-Security: max-age=31536000

                                  X-XSS-Protection: 1; mode=block

                                  X-Frame-Options: SAMEORIGIN,SAMEORIGIN

                                  Pragma: no-cache,public

                                  Cache-Control: no-cache, no-store,must-rev...

              Forms             : {userStoreForm}

              Headers           : {[Strict-Transport-Security, max-age=31536000], [X-XSS-Protection, 1; mode=block],

                                  [X-Frame-Options, SAMEORIGIN,SAMEORIGIN], [Pragma, no-cache,public]...}

              Images            : {@{innerHTML=; innerText=; outerHTML=<img class="login-logo-vmware hide" alt="" src="">;

                                  outerText=; tagName=IMG; class="login-logo-vmware" hide; alt=; src=}, @{innerHTML=; innerText=;

                                  outerHTML=<img width="65" height="10" src="/SAAS/horizon/images/vmware_logo.svg">; outerText=;

                                  tagName=IMG; width=65; height=10; src=/SAAS/horizon/images/vmware_logo.svg}}

              InputFields       : {@{innerHTML=; innerText=; outerHTML=<input name="isJavascriptEnabled" id="isJavascriptEnabled"

                                  type="hidden">; outerText=; tagName=INPUT; name=isJavascriptEnabled; id=isJavascriptEnabled;

                                  type=hidden}, @{innerHTML=; innerText=; outerHTML=<input name="areCookiesEnabled"

                                  id="areCookiesEnabled" type="hidden">; outerText=; tagName=INPUT; name=areCookiesEnabled;

                                  id=areCookiesEnabled; type=hidden}, @{innerHTML=; innerText=; outerHTML=<input name="dest"

                                  type="hidden" value="https://-------.sepdpc.local/SAAS/auth/oauth2/authorize?response_type=c

                                  ode&amp;client_id=vco-vzSu2SeW9w&amp;state=eyJzZXNzaW9uIjoiQUYxODgyMDQ0RkQ0OEU5QUM0ODJCM0Y4QTY1Qjk0

                                  MTMiLCAicGF0aCI6Ii92Y28tY29udHJvbGNlbnRlci9hcGkvY2x1c3Rlci9zdGF0dXMiLCJ0ZW5hbnQiOiJEUEMifQ&amp;redi

                                  rect_uri=https://-------:8283/vco-controlcenter/redispatcher/">; outerText=; tagName=INPUT;

                                  name=dest; type=hidden; value=https://-------/SAAS/auth/oauth2/authorize?respon

                                  se_type=code&amp;client_id=vco-vzSu2SeW9w&amp;state=eyJzZXNzaW9uIjoiQUYxODgyMDQ0RkQ0OEU5QUM0ODJCM0Y

                                  4QTY1Qjk0MTMiLCAicGF0aCI6Ii92Y28tY29udHJvbGNlbnRlci9hcGkvY2x1c3Rlci9zdGF0dXMiLCJ0ZW5hbnQiOiJEUEMifQ

                                  &amp;redirect_uri=https://-----:8283/vco-controlcenter/redispatcher/}, @{innerHTML=;

                                  innerText=; outerHTML=<input name="useragent" type="hidden" value="">; outerText=; tagName=INPUT;

                                  name=useragent; type=hidden; value=}...}

              Links             : {@{innerHTML=Close; innerText=Close; outerHTML=<a class="float-r silver-button button

                                  message-box-close _hidden" href="#close">Close</a>; outerText=Close; tagName=A; class="float-r"

                                  silver-button button message-box-close _hidden; href=#close}}

              ParsedHtml        : mshtml.HTMLDocumentClass

              RawContentLength  : 10025

               

              Use of vco-vzSu2SeW9w as client_id in token request doesnt't work because this is id from vRO.

              Any ideas why it perfrectly works in Postman but cannot work in Powershell?

              P.S. Tried different call methods: Invoke-webrequest and using New-Object System.Net.WebClient object. Doesn't work either.