You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Parth Jagirdar (JIRA)" <ji...@apache.org> on 2013/07/09 22:03:49 UTC

[jira] [Created] (CLOUDSTACK-3426) UCS: Session cookie refresh must be supported.

Parth Jagirdar created CLOUDSTACK-3426:
------------------------------------------

             Summary: UCS: Session cookie refresh must be supported.
                 Key: CLOUDSTACK-3426
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3426
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: API, Management Server
    Affects Versions: 4.2.0
         Environment: Master with UCS and Baremetal
            Reporter: Parth Jagirdar
            Priority: Blocker


A stale cookie will raise authentication error and subsequent API calls will fail.

We need a mechanism to refresh cookie based on recommendations below.


While executing listUCSProfiles::

{ "listucsprofileresponse" : {"uuidList":[],"errorcode":530,"cserrorcode":9999,"errortext":"ucs call failed:\nsubmitted doc:<configFindDnsByClassId cookie=\"1372458054/13f7441f-5f86-4668-911f-8cad3f9be693\" classId=\"lsServer\" />\nresponse: <configFindDnsByClassId cookie=\"1372458054/13f7441f-5f86-4668-911f-8cad3f9be693\" response=\"yes\" errorCode=\"552\" invocationResult=\"service-unavailable\" errorDescr=\"Authorization required\"> </configFindDnsByClassId>\n"} }



Here is the description from UCS API programming guide. (Full version here:: http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/api/overview.html#wp1127584)

Failed Requests
The response to a failed request includes XML attributes for errorCode and errorDescr. The following is an example of a response to a failed request:
<configConfMo dn="fabric/server"
          cookie="<real_cookie>"
          response="yes"
          errorCode="103"
          invocationResult="unidentified-fail"
          errorDescr="can't create; object already exists.">
</configConfMo>


>From forums (http://developer.cisco.com/web/unifiedcomputing/community/-/message_boards/message/2774526?p_p_auth=iBnpvD2j)

And from here (http://developer.cisco.com/web/unifiedcomputing/blogroll/-/blogs/ucs-xml-api-hello-world)

We have an authentication cookie but this cookie will expire in two hours, the output from the aaaLogin recommends a cookie refresh every 10 minutes. To refresh the authentication cookie use the aaaRefresh method.


So basically we need a mechanism for cookie refresh. Which we do not have for now.

When I tried to add a new manager (so that cookie is fresh ??) ListProfiles succeeded. 



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira