Hi All, Here I am using RestAPI to connect to the device. I am always getting the http 401 error even my credentials are right and able to reach the same url using webbrowser. Can anybody help me to get ride of this. Here are my Java console logs Regards, Prakash.K

2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Get connection: HttpRoute[{s}->https://:443], timeout = 0 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - [HttpRoute[{s}->https://:443]] total kept alive: 0, total issued: 0, total allocated: 0 out of 20 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - No free connections [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Available capacity: 2 out of 2 [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Creating new connection [HttpRoute[{s}->https://:443]] 2014-05-02 22:23:40,859 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnectionOperator - Connecting to /:443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Sending request: POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "POST /mgmt/tm/sys/software/volume/ HTTP/1.1[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Type: application/json[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Length: 82[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Host: :443[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.1 (java 1.5)[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Type: application/json 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Length: 82 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Host: :443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Connection: Keep-Alive 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.1 (java 1.5) 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - >> "{"username":"*****","password":"********","services":["platform","namespace"]}" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 401 F5 Authorization Required[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Date: Sat, 03 May 2014 12:57:12 GMT[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Server: Apache[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "WWW-Authenticate: Basic realm="Enterprise Manager"[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Vary: accept-language,accept-charset[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Frame-Options: SAMEORIGIN[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Accept-Ranges: bytes[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Content-Type-Options: nosniff[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-XSS-Protection: 1; mode=block[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Strict-Transport-Security: max-age=16070400; includeSubDomains[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Keep-Alive: timeout=4, max=100[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Type: text/html; charset=iso-8859-1[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Language: en[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Receiving response: HTTP/1.1 401 F5 Authorization Required 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.headers - << HTTP/1.1 401 F5 Authorization Required

Not sure what your initial request looks like, but it may be worthwhile to test the same with cURL at the command line: curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/software/volume -d '{...post data...}' Also, and this may just be an artifact of your logs, but note the credentials do not go in the POST data. They need to presented however your Java-based app would work with HTTP Basic authentication.

May be can try 'admin' if you are using a different user.

If you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.

Providing right credential to connect the F5 device using RestAPI is always throwing 401 error

12 Replies

Prakash_Krishna
Nimbostratus
May 03, 2014
2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Get connection: HttpRoute[{s}->https://:443], timeout = 0 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - [HttpRoute[{s}->https://:443]] total kept alive: 0, total issued: 0, total allocated: 0 out of 20 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - No free connections [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Available capacity: 2 out of 2 [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Creating new connection [HttpRoute[{s}->https://:443]] 2014-05-02 22:23:40,859 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnectionOperator - Connecting to /:443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Sending request: POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "POST /mgmt/tm/sys/software/volume/ HTTP/1.1[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Type: application/json[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Length: 82[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Host: :443[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.1 (java 1.5)[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Type: application/json 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Length: 82 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Host: :443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Connection: Keep-Alive 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.1 (java 1.5) 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - >> "{"username":"*****","password":"********","services":["platform","namespace"]}" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 401 F5 Authorization Required[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Date: Sat, 03 May 2014 12:57:12 GMT[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Server: Apache[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "WWW-Authenticate: Basic realm="Enterprise Manager"[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Vary: accept-language,accept-charset[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Frame-Options: SAMEORIGIN[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Accept-Ranges: bytes[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Content-Type-Options: nosniff[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-XSS-Protection: 1; mode=block[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Strict-Transport-Security: max-age=16070400; includeSubDomains[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Keep-Alive: timeout=4, max=100[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Type: text/html; charset=iso-8859-1[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Language: en[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Receiving response: HTTP/1.1 401 F5 Authorization Required 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.headers - << HTTP/1.1 401 F5 Authorization Required
Kevin_Stewart
Employee
May 03, 2014
Not sure what your initial request looks like, but it may be worthwhile to test the same with cURL at the command line:

curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/software/volume -d '{...post data...}'

Also, and this may just be an artifact of your logs, but note the credentials do not go in the POST data. They need to presented however your Java-based app would work with HTTP Basic authentication.
kunjan_118660
Cumulonimbus
May 03, 2014
May be can try 'admin' if you are using a different user.
- Sergei_Genchev_
  Nimbostratus
  Jul 24, 2014
  If you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.
kunjan
Nimbostratus
May 03, 2014
May be can try 'admin' if you are using a different user.
- Sergei_Genchev_
  Nimbostratus
  Jul 24, 2014
  If you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.
Richard_Tocci_7
Historic F5 Account
Sep 11, 2014
In 11.5.1, REST will only accept the admin account credentials. Other users that perform other roles, currently, will not work with REST - you will continue to get 401 responses from REST. This should be fixed in an upcoming hotfix.

Log a case to Support for further updates. I hear tell of a way to allow other "admin" users to perform REST calls but it requires a script to be run. This is also supposed to be fixed in an upcoming hotfix.
brad_11480
Nimbostratus
Mar 14, 2017
any information on what version(s) this has been corrected in? I just upgraded to 12.1.1 and i have users who are not able to use the RestAPI. They get 401. What right does the user require? I would hope that it would reflect the same rights structure and not require them to be admin.
- nyif5_225400
  Nimbostratus
  Aug 02, 2017
  Hi I am having the same 401 auth error. Did any one get the resolution. Or we just need to use the admin user for RestAPI ?
- Jad_Tabbara__J1
  Cirrostratus
  Aug 02, 2017
  You need to use admin user for RestApi
- brad_11480
  Nimbostratus
  Aug 02, 2017
  Really?? admin user only? There is no security model for the RestAPI? This renders the use of the RestAPI to be very limited in scope. It certainly can't be used for monitoring systems as the credentials would be required on those systems to call the RestAPI.
  
  This means that anyone who needs to use it basically has the 'keys to the kingdom' and can use those credentials to do whatever they wish on the systems.
  
  Note that generating a token is useless alternative since they expire in 8 hours.
  
  Ref below comment about it being corrected in a subsequent 'hotfix' I'm on 12. no relief.