[jira] [Created] (CLOUDSTACK-3426) UCS: Session cookie refresh must be supported.

Tue, 09 Jul 2013 13:04:53 -0700 

Parth Jagirdar created CLOUDSTACK-3426:
------------------------------------------

             Summary: UCS: Session cookie refresh must be supported.
                 Key: CLOUDSTACK-3426
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3426
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: API, Management Server
    Affects Versions: 4.2.0
         Environment: Master with UCS and Baremetal
            Reporter: Parth Jagirdar
            Priority: Blocker


A stale cookie will raise authentication error and subsequent API calls will 
fail.

We need a mechanism to refresh cookie based on recommendations below.


While executing listUCSProfiles::

{ "listucsprofileresponse" : 
{"uuidList":[],"errorcode":530,"cserrorcode":9999,"errortext":"ucs call 
failed:\nsubmitted doc:<configFindDnsByClassId 
cookie=\"1372458054/13f7441f-5f86-4668-911f-8cad3f9be693\" classId=\"lsServer\" 
/>\nresponse: <configFindDnsByClassId 
cookie=\"1372458054/13f7441f-5f86-4668-911f-8cad3f9be693\" response=\"yes\" 
errorCode=\"552\" invocationResult=\"service-unavailable\" 
errorDescr=\"Authorization required\"> </configFindDnsByClassId>\n"} }



Here is the description from UCS API programming guide. (Full version here:: 
http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/api/overview.html#wp1127584)

Failed Requests
The response to a failed request includes XML attributes for errorCode and 
errorDescr. The following is an example of a response to a failed request:
<configConfMo dn="fabric/server"
          cookie="<real_cookie>"
          response="yes"
          errorCode="103"
          invocationResult="unidentified-fail"
          errorDescr="can't create; object already exists.">
</configConfMo>


>From forums 
>(http://developer.cisco.com/web/unifiedcomputing/community/-/message_boards/message/2774526?p_p_auth=iBnpvD2j)

And from here 
(http://developer.cisco.com/web/unifiedcomputing/blogroll/-/blogs/ucs-xml-api-hello-world)

We have an authentication cookie but this cookie will expire in two hours, the 
output from the aaaLogin recommends a cookie refresh every 10 minutes. To 
refresh the authentication cookie use the aaaRefresh method.


So basically we need a mechanism for cookie refresh. Which we do not have for 
now.

When I tried to add a new manager (so that cookie is fresh ??) ListProfiles 
succeeded. 



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to