HCX - HTTP Cookies unsupported for PowerCLI/API authentication
Article ID: 321606
Updated On:
Products
VMware HCX
Issue/Introduction
From HCX 4.5 release onwards, HCX APIs require "x-hm-authorization" for making authentication call.
Note: This will be applicable to Internal API clients & PowerCLI modules used for HCX workflows and operations.
Note: This will be applicable to Internal API clients & PowerCLI modules used for HCX workflows and operations.
Resolution
In earlier versions of HCX, HCX standalone and vCenter plugin both UI were using http cookies set by the web server for authentication of API requests.
HTTP cookies were removed to fix remote plugin vulnerability found in vCenter 8.0.
Steps to get the "x-hm-authorization" token:
HTTP cookies were removed to fix remote plugin vulnerability found in vCenter 8.0.
Steps to get the "x-hm-authorization" token:
- Create a session by making "/api/sessions" call
POST:
https://<hcx_manager_IP_FQDN>/hybridity/api/sessions
BODY:
{
"authType" : "password",
"username" : "[email protected]",
"password" : "<vCenter_SSO_Pwd>"
}
2. Copy "x-hm-authorization" token generated in the response header and use it for making any subsequent HCX PowerCLI/API calls accordingly.
Feedback
Yes
No
Powered by
