search cancel

<Data_Aggregator>:8581/rest/ responds with HTTP ERROR 401 Unauthorized

book

Article ID: 244413

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

After CAPM upgrade from 3.7.4 to 21.2.7 I noticed that if I go to DA server - http://<DA_IP>:8581/rest/ I get:

I tested accessing that URL with curl directly on the DA node:

"curl -u admin -vk http://localhost:8581/rest"

[[email protected] ~]# curl -u admin -v -s -k -X GET http://localhost:8581/rest/
Enter host password for user 'admin':
* About to connect() to localhost port 8581 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8581 (#0)
* Server auth using Basic with user 'admin'
> GET /rest/ HTTP/1.1
> Authorization: Basic SDweqwfsfqweSDsssd8866=
> User-Agent: curl/7.29.0
> Host: localhost:8581
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Set-Cookie: JSESSIONID=node01q7etqwesvq1381sf7aomij216974.node0; Path=/; HttpOnly
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 367
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 Forbidden</title>
</head>
<body><h2>HTTP ERROR 403 Forbidden</h2>
<table>
<tr><th>URI:</th><td>/rest/</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>Forbidden</td></tr>
<tr><th>SERVLET:</th><td>RestServlet</td></tr>
</table>

</body>
</html>
* Connection #0 to host localhost left intact

 

In the
/opt/app/IMDataAggregator/apache-karaf-4.3.3/data/log/AuthenticationLog.log
I see:

ERROR | 925756901-322120 | 2022-03-15T15:13:44,567 | AuthenticationLog | entication.impl.DaBaseServiceIml  306 | ager.core.authentication |       | Basic authorization error - failed to contact sso service. The sso service may be down.
java.net.ConnectException: Connection refused (Connection refused)

Eventually I run the SSL Health Check and see that not all tests are passing:

[[email protected] bin]# ./SslConfig
SSL Configuration
This utility allows you to check your SSL configuration and enable Performance Center to use SSL.

Preferred language
        1 : English (US)
        2 : Français
        3 : 日本語
Select your preferred language: 1
Initializing application...

Options
        1 : SSL Health Check
        2 : Configure SSL
        3 : Revert to Default Settings
        4 : Import the Data Aggregator certificate
        5 : Help
        6 : Quit
Select your option: 1
SSL Health Check
Are you sure you want to perform an SSL Health Check [y/n]?: y
Performing SSL Health Check

============= Validating Single Sign On Settings =============
        Validating Local Settings (Scheme)
                Passed
        Validating Local Settings (Port)
                Passed
        Validating Remote Settings (Scheme)
                Critical: The value for the URL scheme for Single Sign On is not set to https
                        Run SsoConfig and set the Remote Value for the Single Sign On Scheme to https
        Validating Remote Settings (Port)
                Critical: The value for the port for Single Sign On is not set
                        Run SsoConfig and set the Remote Value for the Single Sign On Port to your desired port (For example: 8382)
        Validating Local and Remote Settings (Port)
                Critical: Local and remote Ports do not match
                        Typically the Local Override and Remote Value are the same. Run SsoConfig and set the values for the Single Sign On Port to your desired port (For example: 8382)
        Validating start.ini Settings
                Passed
        Validating ssl.ini Settings
                Passed
        Validating SSO Properties
                Passed
        Validating Settings in CAPerformanceCenter.xml
                Critical: The entry SignInPageProductDefaultUrl port is incorrect in file /opt/CA/PerformanceCenter/sso/webapps/sso/configuration/CAPerformanceCenter.xml
                Critical: The entry SingleSignOnWebServiceUrl port is incorrect in file /opt/CA/PerformanceCenter/sso/webapps/sso/configuration/CAPerformanceCenter.xml
                        Edit CAPerformanceCenter.xml in the Single Sign On webapps/sso/configuration directory. The Scheme values should be https. The Port values should be set to the Performance Center port (For example: 8182). If duplicates were found, they must be moved to a backup directory
        Validating Settings in CADataAggregator.xml
                Critical: The entry SingleSignOnWebServiceUrl port is incorrect in file /opt/CA/PerformanceCenter/sso/webapps/sso/configuration/CADataAggregator.xml
                        Edit CADataAggregator.xml in the Single Sign On webapps/sso/configuration directory. The SingleSignOnWebServiceUrl Scheme value should be https. The SingleSignOnWebServiceUrl Port value should be set to the Performance Center port (For example: 8182). The SignInPageProductDefaultUrl values should match your Data Aggregator scheme and port. If duplicates were found, they must be moved to a backup directory
        Validating SSL Certificate
                Passed

============= Validating Performance Center Settings =============
        Validating Local Settings (Scheme)
                Passed
        Validating Local Settings (Port)
                Critical: The value for the port for Performance Center is not set
                        Run SsoConfig and set the Local Override for the Performance Center Port to your desired port (For example: 8182)
        Validating Remote Settings (Scheme)
                Warning: The value for the URL scheme for Performance Center is not set to https
                        Run SsoConfig and set the Remote Value for the Performance Center Scheme to https
        Validating Remote Settings (Port)
                Warning: The value for the port for Performance Center is not set
                        Run SsoConfig and set the Remote Value for the Performance Center Port to your desired port (For example: 8182)
        Validating Local and Remote Settings (Port)
                Warning: Local and remote Ports do not match
                        Typically the Local Override and Remote Value are the same. Run SsoConfig and set the values for the Performance Center Port to your desired port (For example: 8182)
        Validating start.ini Settings
                Passed
        Validating ssl.ini Settings
                Critical: The entry jetty.ssl.port is incorrect in file /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
                Critical: The entry jetty.httpConfig.securePort is incorrect in file /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
                Critical: The entry jetty.https.port is incorrect in file /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
                        Edit the Performance Center ssl.ini file in the start.d directory. Ensure the port entries match your Performance Center Port, the passwords match the password used to import the certificate, and the key and trust store paths point to your keystore
        Validating SSL Certificate
                Passed

Environment

Release : 21.2

Component : HTTPS configuration

Cause

Incomplete / faulty HTTPS configuration of CAPM nodes

Resolution

  • revert back to HTTP and complete the HTTPS configuration again
    OR
  • address SSL Health Check suggestions

Additional Information

How to run SSL Health Check:

Check for Configuration Issues

Attachments