Hey Demas, I am the person who wrote the article that Anshul mentioned. So here is your problem...
There are two ways to 'connect' to CloudStack. 1. Using the API with your 'api_key' and 'secret_key'. 2. Using the API with your 'username' and 'password' (and then a cookie and sessionkey). When you are using the CS UI, you are actually using the second authentication method. How it works is, when you enter your 'username' and 'password' it will attempt to log you in. On success it will return TWO pieces of identity. 1. The 'sessionkey', which you are referred to, which needs to be passed in the URL on every subsequent request. 2. AND a 'JSESSIONID' cookie which needs to be saved in your BROWSER'S cookies and must be present on each subsequent request. This 'JSESSIONID' is added to your session (in my script) with the following. This means that all subsequent requests will have this cookie set. # setup cookie handling self.caller = urllib2.build_opener(urllib2.HTTPCookieProcessor()) urllib2.install_opener(self.caller) Your problem is; if you create the logged in session from a script, that script can be written to handle the cookie management but the browser that you are trying to access that console VM url with does not have the 'JSESSIONID' cookie. If you try to do this programmatically, you will battle with this because most of the time you will ACTUALLY be creating the session from your server side and tracking the cookie on your server (not in the client). You will notice that if you go and login to CloudStack and then hit the URL that you have specified, it works. If you logout of CS and then hit that same URL, it won't work. Basically, you need your browser to have the 'JSESSIONID' cookie. The ONLY way I have been able to solve this type of problem is as follows. Note: I have done this for the NetScaler, but I have not done this for CloudStack (yet), but the principle should apply. Create a web page (which mimics the CloudStack Login page basically), which submits a login form to CloudStack. On success of the CLIENT SIDE REQUEST to login, it will set the client cookie in the browser for you. Then you just have to put the console URL they should have access to on the page (with that user's sessionkey) and they will be able to navigate to it. That might be clear as mud, but that is basically your only option. Good luck. :) Cheers, Will On Wed, Jun 4, 2014 at 11:22 AM, dimas yoga pratama <smid...@gmail.com> wrote: > Hello, > can anyone answer my question? > > I create a custom web portal that provide some provisioning for user > I want user can access cloudstack VM from my web , but I kept gtting this > message: "Access denied. Invalid web session or API key in request" > > I already pass the sessionkey like this : > > http://10.151.32.11:8080/client/console?cmd=access&vm=018f88b2-4edc-4e6d-b318-3ec02029180f&sessionkey=d01AlQ2ZzwKBVqB2Rkj0qsHP/aw= > > > I google it and i found in order to access the console VM I need a token, > is there any easy way to access console VM from outside the MS? :( > > > thanks, please answer my question, > Dimas. >
