cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cparmar
Level 2

REST API - Enabling Security

I'm having some problems enabling the Secuirty for the REST API. I'm running the following command to generate the producer settings:

./flexnetlsconfig.sh -prop ./fne-prop.txt -o ./producer-settings.xml -id ./IdentityClientServer.bin -admin-password 1P@ssw0rd -producer-password 1P@ssw0rd


in order to set the admin and producer passwords to 1P@ssw0rd. In the fne-prop.txt I have the following
security.enabled=true
security.token.duration=30m


When I try to log in (using the WebUI (flsm), through flexnetadmin.sh, or through a REST API Client), the flexnetls.log shows the following:
 09:37:05,297 INFO  Authorize request for user "admin"
09:37:05,300 WARN Empty encoded password
09:37:05,301 WARN Authorization attempt at uri=/api/1.0/instances/~/authorize failed for user admin (error BadCredentialsException)


For example, the syntax I'm using to see features with the flexnetadmin.sh is:
./flexnetlsadmin.sh -server http://:7070/ -authorize admin 1P@ssw0rd -features


Anyone seen any similar issues? The server is running on CentOS 6.7, I'm using FNE Server 2016.08

Thanks
Labels (1)
0 Kudos
(1) Reply
cparmar
Level 2

The issue turned out to be that when I had been testing this functionality by uninstalling, reconfiguring, and re-installing the License Server that the data directory (I]/var/opt/flexnetls/{WHATEVER}/ folder) was not being cleared and was locked to the original password when it was first installed (in this case I first installed it with no password). Uninstalling the License Server, deleting the data directory, and then re-installing the license server fixed this issue.

Just a FYI, this means if someone:
[LIST=1]
  • installs the license server
  • changes the admin password from the defaultRESTpassword one provided to someOtherPassword
  • uninstalls the license server (without deleting the data directory)
  • re-installs the license server


    then the password for the RESTful API is someOtherPassword, NOT defaultRESTpassword
  • 0 Kudos