Hello,
I have a NSX-T 2.3.1 integrated with vIDM for the "remote authentication"
I'm trying to find documentation about running REST API call with an authentication done through the vIDM.
is this possible with NSX-T or only basic authentication is currently implemented?
many thanks
Eric
When NSX-T is configured to use VMware Identity Manager (vIDM) for authentication, you supply an Authorization header with an authentication type of "Remote". Te header content should consist of a base64-encoded string containing the username@domain and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.
For example, to authenticate a request using the credentials of user jsmith@example.com with passwordSk2LkPM!, include the following header with the request:
Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h
The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:
curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports
where:
BASE64 is the base64-encoded string containing the username@domain and password separated by a single colon (":"), and
MANAGER is the IP address or host name of the NSX manager
For example:
curl -k H "Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h" https://192.168.22.32/api/v1/logical-ports
Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.
I have the same question here for NSX-T 2.4. Appreciate if someone could provide any information in this regard.
Thanks Rags
When NSX-T is configured to use VMware Identity Manager (vIDM) for authentication, you supply an Authorization header with an authentication type of "Remote". Te header content should consist of a base64-encoded string containing the username@domain and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.
For example, to authenticate a request using the credentials of user jsmith@example.com with passwordSk2LkPM!, include the following header with the request:
Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h
The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:
curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports
where:
BASE64 is the base64-encoded string containing the username@domain and password separated by a single colon (":"), and
MANAGER is the IP address or host name of the NSX manager
For example:
curl -k H "Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h" https://192.168.22.32/api/v1/logical-ports
Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.
Hello,
thanks for the info and sorry for my late, late reply.
I went through this but it doesn't work.
I receive as return when I issue the curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports
{
"module_name" : "common-services",
"error_message" : "Internal server error has occurred.",
"details" : "Failed to decode Bearer Authentication Token",
"error_code" : "99"
}
any clue?
many thanks
Eric
OK I got it. curl syntaxe issue:
did totally worked like that:
curl --header "Authorization: Remote BASE64" --insecure -s --request GET https://MANAGER/api/v1/logical-ports
Eric
Hi @RahulDiyewarArkin, thanks for the detailed answer. Is using "Remote" instead of "Basic" in authentication header standard? I was unable to find this info from RFC 1945 section 11.1. Could you please share more info on this? The reason I am asking is that we have "Authorization: Basic" hardcoded in our client for basic auth. I'd like to get a better understanding about this new protocol so we can support it better.