VMware Networking Community
eric_krejci
Enthusiast
Enthusiast
Jump to solution

how to nsx-t REST API authentication against VIDM?

Hello,

I have a NSX-T 2.3.1 integrated with vIDM for the "remote authentication"

I'm trying to find documentation about running REST API call with an authentication done through the vIDM.

is this possible with NSX-T or only basic authentication is currently implemented?

many thanks

Eric

Reply
0 Kudos
1 Solution

Accepted Solutions
RahulDiyewarArk
Contributor
Contributor
Jump to solution

Authenticating to vIDM

When NSX-T is configured to use VMware Identity Manager (vIDM) for authentication, you supply an Authorization header with an authentication type of "Remote". Te header content should consist of a base64-encoded string containing the username@domain and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user jsmith@example.com with passwordSk2LkPM!, include the following header with the request:

Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports

where:
BASE64 is the base64-encoded string containing the username@domain and password separated by a single colon (":"), and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k H "Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h" https://192.168.22.32/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.

View solution in original post

5 Replies
RagsRachamadugu
Contributor
Contributor
Jump to solution

I have the same question here for NSX-T 2.4. Appreciate if someone could provide any information in this regard.

Thanks Rags

Reply
0 Kudos
RahulDiyewarArk
Contributor
Contributor
Jump to solution

Authenticating to vIDM

When NSX-T is configured to use VMware Identity Manager (vIDM) for authentication, you supply an Authorization header with an authentication type of "Remote". Te header content should consist of a base64-encoded string containing the username@domain and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user jsmith@example.com with passwordSk2LkPM!, include the following header with the request:

Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports

where:
BASE64 is the base64-encoded string containing the username@domain and password separated by a single colon (":"), and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k H "Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h" https://192.168.22.32/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.

eric_krejci
Enthusiast
Enthusiast
Jump to solution

Hello,

thanks for the info and sorry for my late, late reply.

I went through this but it doesn't work.

I receive as return when I issue the curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports

{

    "module_name" : "common-services",

    "error_message" : "Internal server error has occurred.",

    "details" : "Failed to decode Bearer Authentication Token",

    "error_code" : "99"

}

any clue?

many thanks

Eric

Reply
0 Kudos
eric_krejci
Enthusiast
Enthusiast
Jump to solution

OK I got it. curl syntaxe issue:

did totally worked like that:

curl  --header "Authorization: Remote BASE64" --insecure -s --request GET https://MANAGER/api/v1/logical-ports

Eric

Reply
0 Kudos
tianhao64
VMware Employee
VMware Employee
Jump to solution

Hi @RahulDiyewarArkin, thanks for the detailed answer. Is using "Remote" instead of "Basic" in authentication header standard? I was unable to find this info from RFC 1945 section 11.1. Could you please share more info on this? The reason I am asking is that we have "Authorization: Basic" hardcoded in our client for basic auth. I'd like to get a better understanding about this new protocol so we can support it better.

Reply
0 Kudos