Error 400 returned on REST API authentication request

book

Article ID: 227053

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Threat Defense for Active Directory

Issue/Introduction

Trying to access the Symantec Endpoint Protection Manager (SEPM) API using a defined Administrator account returns a 400 error:

Error connecting to client with address https://<SEPM server>:8446/sepm/api and port 8446, reason: 400 client Error: for url: https://10.1.1.213:8446/sepm/api/v1/identity/authenticate: {'errorCode':'400', 'appErrorCode'L ",'errorMessage': 'URLDecoder: Illegal hex characters in escape (%) pattern}.

semapisrv_log.*.log:
2021-09-28 11:44:59,727 [https-openssl-apr-0.0.0.0-8446-exec-1] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 0 in: "rd"

Or, the API may return {"errorCode": "400", "appErrorCode": "", "errorMessage": "URLDecoder: Incomplete trailing escape (%) pattern"}.

semapisrv_log.*.log:
2021-09-29 00:59:50,892 [https-openssl-apr-0.0.0.0-8446-exec-8] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: URLDecoder: Incomplete trailing escape (%) pattern 

Cause

When the administrator password contains a % (percent sign) it will be interpreted as an escape character.

For example, "Passw0%rd" is truncated to "Passw0" and the %rd throws an error due invalid hex characters.

Similarly, "Passwo%5d" would become "Passwo" and the %5d would be treated as "]", and the error may not be thrown.

Finally, if the password ends in "%", like "Passw0rd%", an error is thrown.

Resolution

Change the administrator password used with the API so that it does not contain a "%", to avoid the issue.

Additional Information

This issue may also be seen when adding a SEPM for integration with TDAD (Endpoint Threat Defense for Active Directory). TDAD core server starts to process the request, but after a few seconds it returns to the configuration screen without any error. The core logs may present a 403 error in addition to the 400.

2022-01-19 15:22:51,797 [Thread-192] DEBUG (JNThreadSepmCreate.java:77) - JNThreadSepmCreate-registerSepm verifySepmResponse status:403
2022-01-19 15:22:51,797 [Thread-192] DEBUG (JNThreadSepmCreate.java:81) - JNThreadSepmCreate-registerSepm received JSONObject:{"payload":null,"success":false,"error":"{\"errorCode\":\"400\",\"appErrorCode\":\"\",\"errorMessage\":\"URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 0 in: \\\"rd\\\"\"}","message":null}
2022-01-19 15:22:51,797 [Thread-192] DEBUG (JNUtilsCommon.java:310) - JNUtilsCommon-checkIfResponseStatusIsAcceptedOrOk Int method Start
2022-01-19 15:22:51,797 [Thread-192] DEBUG (JNUtilsCommon.java:316) - JNUtilsCommon-checkIfResponseStatusIsAcceptedOrOk Int method Finish
2022-01-19 15:22:51,797 [Thread-192] DEBUG (JNThreadSepmCreate.java:156) - JNThreadSepmCreate-registerSepm verify sepm response failed with error: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 0 in: "rd"