alexander_d
Enthusiast
Enthusiast

vco-controlcenter REST API login

Hi everyone.

I'm trying to connect to vco-controlcenter by REST API.

We use vCO 7.3.0.5481809  <api-version>5.5.2</api-version>.

2 vCO nodes configured in cluster.

Authentication provider is set to vRA.

I'm able to connect and use API call's to https://vRO:8281/vco/api using Basic auth,but not to https://vRO:8283/vco-controlcenter/api. Tried to use Beared token from https://vRA/identity/api/tokens but still no luck.

If i open https://vRO:8283/vco-controlcenter/docs/ in browser and enter credentials - all works ok.

But when i try to use curl or postman or poweshell - it redirect any call to authentication page.

Any ideas how to fix this?

0 Kudos
4 Replies
iiliev
VMware Employee
VMware Employee

Hi,

For Control Center API, I think you should use the root user and the corresponding root password you provided during the deployment. Try something like the following

curl -ikv -u root:YOURROOTPASS https://vRO:8283/vco-controlcenter/api/server/about

0 Kudos
alexander_d
Enthusiast
Enthusiast

It doesn't work like that.

And https://vRO:8283/vco-controlcenter/api/server/about​ doesn't require authentication.

Try https://vRA:8283/vco-controlcenter/api/cluster/status instead.

0 Kudos
alexander_d
Enthusiast
Enthusiast

Found a solution here:

VMware Knowledge Base

Oauth bearer token must be used instead of Basic auth.

0 Kudos
alexander_d
Enthusiast
Enthusiast

And now fun part starts.

It perfectly works in Postman.

But doesn't work in Powershell.

$System = @(Hostname = "vRA hostname";UserName ="username"; Password= "password")

$domain = "domain"

$client_id = "id" //id taken from (grep -i cafe_cli= /etc/vcac/solution-users.properties | sed -e 's/cafe_cli=//') command on vRA appliance.

$URI = "https://$($System.Hostname)/SAAS/t/DPC/auth/oauthtoken?grant_type=password"

$Body = @{"username"=$System.UserName;"password"=$System.Password;"client_id"=$client_id;"domain"=$domain}

$Token = "Bearer " + (Invoke-RestMethod $URI -Method POST -Body $Body -ContentType "application/x-www-form-urlencoded").access_token

This allows me to get a proper bearer token... this part is ok...

But later on when I try to use it in vRO it redirects me to auth page in the output:

$vRO= "vRO hostname"

$Headers = @{"Content-Type"="application/json";"Authorization"=$Token}

$URI = "https://$vRO:8283/vco-controlcenter/api/cluster/status?validationDetails=true"

Invoke-webrequest -Method GET -Headers $Headers -Uri $URI

So i receive :

StatusCode        : 200

StatusDescription :

Content           :     <!DOCTYPE html>

                        <html>

                        <head>

                            <meta http-equiv="X-UA-Compatible" content="IE=edge">

                            <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

                            <meta conten...

RawContent        : HTTP/1.1 200

                    Strict-Transport-Security: max-age=31536000

                    X-XSS-Protection: 1; mode=block

                    X-Frame-Options: SAMEORIGIN,SAMEORIGIN

                    Pragma: no-cache,public

                    Cache-Control: no-cache, no-store,must-rev...

Forms             : {userStoreForm}

Headers           : {[Strict-Transport-Security, max-age=31536000], [X-XSS-Protection, 1; mode=block],

                    [X-Frame-Options, SAMEORIGIN,SAMEORIGIN], [Pragma, no-cache,public]...}

Images            : {@{innerHTML=; innerText=; outerHTML=<img class="login-logo-vmware hide" alt="" src="">;

                    outerText=; tagName=IMG; class="login-logo-vmware" hide; alt=; src=}, @{innerHTML=; innerText=;

                    outerHTML=<img width="65" height="10" src="/SAAS/horizon/images/vmware_logo.svg">; outerText=;

                    tagName=IMG; width=65; height=10; src=/SAAS/horizon/images/vmware_logo.svg}}

InputFields       : {@{innerHTML=; innerText=; outerHTML=<input name="isJavascriptEnabled" id="isJavascriptEnabled"

                    type="hidden">; outerText=; tagName=INPUT; name=isJavascriptEnabled; id=isJavascriptEnabled;

                    type=hidden}, @{innerHTML=; innerText=; outerHTML=<input name="areCookiesEnabled"

                    id="areCookiesEnabled" type="hidden">; outerText=; tagName=INPUT; name=areCookiesEnabled;

                    id=areCookiesEnabled; type=hidden}, @{innerHTML=; innerText=; outerHTML=<input name="dest"

                    type="hidden" value="https://-------.sepdpc.local/SAAS/auth/oauth2/authorize?response_type=c

                    ode&amp;client_id=vco-vzSu2SeW9w&amp;state=eyJzZXNzaW9uIjoiQUYxODgyMDQ0RkQ0OEU5QUM0ODJCM0Y4QTY1Qjk0

                    MTMiLCAicGF0aCI6Ii92Y28tY29udHJvbGNlbnRlci9hcGkvY2x1c3Rlci9zdGF0dXMiLCJ0ZW5hbnQiOiJEUEMifQ&amp;redi

                    rect_uri=https://-------:8283/vco-controlcenter/redispatcher/">; outerText=; tagName=INPUT;

                    name=dest; type=hidden; value=https://-------/SAAS/auth/oauth2/authorize?respon

                    se_type=code&amp;client_id=vco-vzSu2SeW9w&amp;state=eyJzZXNzaW9uIjoiQUYxODgyMDQ0RkQ0OEU5QUM0ODJCM0Y

                    4QTY1Qjk0MTMiLCAicGF0aCI6Ii92Y28tY29udHJvbGNlbnRlci9hcGkvY2x1c3Rlci9zdGF0dXMiLCJ0ZW5hbnQiOiJEUEMifQ

                    &amp;redirect_uri=https://-----:8283/vco-controlcenter/redispatcher/}, @{innerHTML=;

                    innerText=; outerHTML=<input name="useragent" type="hidden" value="">; outerText=; tagName=INPUT;

                    name=useragent; type=hidden; value=}...}

Links             : {@{innerHTML=Close; innerText=Close; outerHTML=<a class="float-r silver-button button

                    message-box-close _hidden" href="#close">Close</a>; outerText=Close; tagName=A; class="float-r"

                    silver-button button message-box-close _hidden; href=#close}}

ParsedHtml        : mshtml.HTMLDocumentClass

RawContentLength  : 10025

Use of vco-vzSu2SeW9w as client_id in token request doesnt't work because this is id from vRO.

Any ideas why it perfrectly works in Postman but cannot work in Powershell?

P.S. Tried different call methods: Invoke-webrequest and using New-Object System.Net.WebClient object. Doesn't work either.

0 Kudos