Hi, Looks like the signature generation was an issue This should work and generate the right signature
<?php $endpoint = 'http://csurl:8080/client/console'; $apiKey = 'SH3j2o3CLpKKAUHc1ubTsiHEdchITQRhzgv7Fjt4-0I4bcKmTn6E9Y6GNCrke_hpYgFlGyIA'; function getSignature($queryString) { $secretKey = '5nyeq6svs47WjTTAsXHmFmV2ZOT7fJakuDL9raSjmeQXaP_irOH-n6DW2zAl9Q'; $hash = hash_hmac("sha1", $queryString, $secretKey, true); $base64encoded = base64_encode($hash); return urlencode($base64encoded); } $arg['apikey'] = $apiKey; $arg['cmd'] = 'access'; $arg['vm'] = 'd692f12c-80d7-33b4-a880-224d3239a527'; //ksort($arg); $query2 = http_build_query($arg); $query2 = str_replace("+", "%20", $query2); $query2 .= "&signature=" . getSignature(strtolower($query2)); echo $query2 ?> You can check the signature with the management server logs 2021-03-31 04:03:58,279 DEBUG [c.c.s.ConsoleProxyServlet] (qtp1233705144-520:null) (logid:) User signature: OwUEVSBqVPv9lv4ZIR6yfhg CFo= is not equaled to computed signature: OwUEVSBqVPv9lv4ZIR6yfhg+CFo= >From the response, you can get the URL of the console session from an iframe >in the response <html><title>my-vm</title><frameset><frame src="http://10.0.0.0/resource/noVNC/vnc.html?port=8080&token=cgSFHGdXY502cfW-rkXhbPpE436L8ndmF4Dd2R2xb1SlVHGIoCmCMFvnZXCPTSm8X7KQ6BFtyswc_Ias5NndQk6BIEPGXBSlQ6kZuL6GnrqIiRl70tb3Yq_2jKQRJMR7ix4ghVEoSK-5w6PhmLzCeNZC4NcX3ir4h0SY_Y9jfxqBT5fIOiLnM3F8uQWYjof6FcdwjPb0vhqDKMWlwhQNxRKBOGqKlkv0J3XVl_y86jTDaK8PL6d2BOD5kqS7NS_HFcKhFwLldiZONRZCxjOtECS7tsCyCqXLJFFSdeiaJuY<view-source:http://94.156.173.24/resource/noVNC/vnc.html?port=8080&token=cgSFHGdXY502cfW-rkXhbPpE436L8ndmF4Dd2R2xb1SlVHGIoCmCMFvnZXCPTSm8X7KQ6BFtyswc_Ias5NndQk6BIEPGXBSlQ6kZuL6GnrqIiRl70tb3Yq_2jKQRJMR7ix4ghVEoSK-5w6PhmLzCeNZC4NcX3ir4h0SY_Y9jfxqBT5fIOiLnM3F8uQWYjof6FcdwjPb0vhqDKMWlwhQNxRKBOGqKlkv0J3XVl_y86jTDaK8PL6d2BOD5kqS7NS_HFcKhFwLldiZONRZCxjOtECS7tsCyCqXLJFFSdeiaJuY>"></frame></frameset></html> ________________________________ From: Dinesh Mohanty <dineshwebl...@gmail.com> Sent: Wednesday, March 31, 2021 4:15 PM To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: noVNC console reuqest using curl Hi, I tried this and have same issue with CS 4.15: <?php $endpoint = 'http://csurl:8080/client/console'; [http://csurl:8080/client/console';] $apiKey = 'SH3j2o3CLpKKAUHc1ubTsiHEdchITQRhzgv7Fjt4-0I4bcKmTn6E9Y6GNCrke_hpYgFlGyIA'; $secretKey = '5nyeq6svs47WjTTAsXHmFmV2ZOT7fJakuDL9raSjmeQXaP_irOH-n6DW2zAl9Q'; function getSignature($queryString) { $hash = @hash_hmac("SHA1", $queryString, $secretKey, true); $base64encoded = base64_encode($hash); return urlencode($base64encoded); } $arg['cmd'] = 'access'; $arg['vm'] = 'd692f12c-80d7-33b4-a880-224d3239a527'; $arg['apikey'] = $apiKey; //ksort($arg); $query2 = http_build_query($arg); $query2 = str_replace("+", "%20", $query2); $query2 .= "&signature=" . getSignature(strtolower($query2)); $ch2 = curl_init(); curl_setopt($ch2, CURLOPT_URL, $endpoint); //$url curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch2, CURLOPT_TIMEOUT, '3'); curl_setopt($ch2, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch2, CURLOPT_SSL_VERIFYPEER, false); curl_setopt ($ch2, CURLOPT_POSTFIELDS, $query2); curl_setopt ($ch2, CURLOPT_POST, 1); $headers = array(); $headers[] = 'Content-Type: application/x-www-form-urlencoded'; curl_setopt($ch2, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch2, CURLOPT_VERBOSE, true); curl_setopt($ch2, CURLOPT_STDERR, fopen(dirname(__FILE__).'/errorlog.txt', 'w')); $json2 = curl_exec($ch2); if (curl_errno($ch2)) { $json2 = json_encode(array('createdomainresponse' => array('errortext' => curl_error($ch2)))); } curl_close($ch2); $response2 = json_decode($json2, true); echo '<pre>'; print_r($json2); echo '</pre>'; Access denied. Invalid web session or API key in request On 2021/03/31 06:31:13, Alireza Eskandari wrote: > There is no official document about getting console of VM so you can use> > this workflow (notice that this works for old console):> > You don't need to call login API method. Just POST a request with these> > parameters:> > cmd=access&vm=&apikey=&signature=> > to this endpoint:> > http:///client/console> > (Note that API endpoint of CloudStack is: http://> > /client/api)> > You will get a response like this:> > vm-name> > > From the above response we should provide a pop up or new tab for “src”> > attribute of “frame” tag> > which is:> > http://xxx.xxx.xxx.xxx/ajax?token=hL2gz4eojpms9DpGyj0YmeCREvL_I8_AigH1CfWiwXKbiPK55507CZsjj1LT4cK1y8XQ_YeLS0gx3M2WC7Kch0JoTIjGEl0yOB6LOyOwDhVQ6WgYzRAglDeTtIYCvgU8glQLpWYl7FLhqhtB0MhwwGeAI6qokK1YWqznplNhBgz5L3I0vMFuNAuaKsmKn3JepAuc1OKnizO4t9tmp9WgZYGhXiq13W3ZBAYUs1bgxPKKoPTC24_W2bMCVZA8YcePamU1ww5atI5hhXjaywRw> > > On Tue, Mar 30, 2021 at 11:34 PM WHMCSModule Networks Support <> > supp...@whmcsmodule.net> wrote:> > > > Hi Team,> > >> > >> > > As title said how to achive this part i.e using curl request get the novnc> > > access.> > >> > > Till now:> > > I got user session key from user login> > >> > > say:> > > Array ( [loginresponse] => Array ( [username] => admin [userid] =>> > > f8fc2819-863a-11eb-8ae3-005056bd05cc [domainid] =>> > > a69b2912-863a-11eb-8ae3-005056bd05cc [timeout] => 1800 [account] => admin> > > [firstname] => admin [lastname] => cloud [type] => 1 [timezone] => UTC> > > [timezoneoffset] => 0.0 [registered] => false [sessionkey] =>> > > 2emqvIDPkF1oDciRE8rVfvS2yqE ) )> > >> > > Access denied. Invalid web session or API key in request> > >> > > My PHP Code:> > > > > 'SH3j2o3CLpKQrDoWNBMuf6EWoKAUHc1ubTsiHEdchITQRhzgv7Fjt4-0I4bcKmTn6E9Y6GNCrkeA';> > > $secretKey => > > '5nyeq6svs47WjTq4SYhl0388ikljBTAsXHmFmV2ZOT7fJakuDL9raSjmeQXaP_irOH-n6DW2zAl9Q';> > > function getSignature($queryString) { $hash = @hash_hmac("SHA1",> > > $queryString, $secretKey, true); $base64encoded = base64_encode($hash);> > > return urlencode($base64encoded); } $args['username'] = "admin";> > > $args['password'] = "V5grK%mks9"; $args['domain'] = "/"; $args['command'] => > > 'login'; $args['response'] = "json"; $args['apikey'] = $apiKey;> > > $args['timestamp'] = round(microtime(true) * 1000); ksort($args); $query => > > http_build_query($args); $query = str_replace(" ", " ", $query); $query> > > .= "&signature=" . getSignature(strtolower($query)); $ch = curl_init();> > > curl_setopt($ch, CURLOPT_URL, $endpoint); //$url curl_setopt($ch,> > > CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, '3');> > > curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch,> > > CURLOPT_SSL_VERIFYPEER, false); curl_setopt ($ch, CURLOPT_POSTFIELDS,> > > $query); curl_setopt ($ch, CURLOPT_POST, 1); $json = curl_exec($ch); if> > > (curl_errno($ch)) { $json = json_encode(array('createdomainresponse' =>> > > array('errortext' => curl_error($ch)))); } curl_close($ch); $response => > > json_decode($json, true); //The above used to generate user session echo> > > ' '; print_r($response); echo ' '; $arg['cmd'] = 'access';> > > $arg['vm'] = 'd692f12c-80d7-44b4-a880-224d3239a527'; $arg2['apikey'] => > > $apiKey; $arg2['timestamp'] = round(microtime(true) * 1000); ksort($arg);> > > $query2 = http_build_query($arg2); $query3 = http_build_query($arg);> > > $query2 = str_replace(" ", " ", $query2); $query2 .= "&signature=" .> > > getSignature(strtolower($query2)); $endpoint2 = '> > > http://localhost:8080/client/console'; $url2 = $endpoint2 . "?" . $query3> > > . '&sessionkey='.$response['loginresponse']['sessionkey']; $ch2 => > > curl_init(); curl_setopt($ch2, CURLOPT_URL, $url2); //$url> > > curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch2,> > > CURLOPT_TIMEOUT, '3'); $headers = array(); $headers[] = 'sessionkey:> > > '.$response['loginresponse']['sessionkey'].''; curl_setopt($ch2,> > > CURLOPT_HTTPHEADER, $headers); curl_setopt($ch2, CURLOPT_VERBOSE, true);> > > curl_setopt($ch2, CURLOPT_STDERR, fopen(dirname(__FILE__).'/errorlog.txt',> > > 'w')); $json2 = curl_exec($ch2); if (curl_errno($ch2)) { $json2 => > > json_encode(array('createdomainresponse' => array('errortext' =>> > > curl_error($ch2)))); } curl_close($ch2); $response2 = json_decode($json2,> > > true); echo ' '; print_r($json2); echo ' ';> > >> > david.jum...@shapeblue.com www.shapeblue.com 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
