UIM API 401 Unauthorized Error with JWT Authentication
search cancel

UIM API 401 Unauthorized Error with JWT Authentication

book

Article ID: 396521

calendar_today

Updated On: 05-06-2025

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Error in the uimapi.log:

2025-04-30 16:26:39.554 [https-jsse-nio-443-exec-33]  DEBUG com.ca.uimapi.config.UimApiJWTVerificationFilter:doFilter:87 config.UimApiJWTVerificationFilter - Recieved request from: xx.xx.xx.xx
2025-04-30 16:26:39.554 [https-jsse-nio-443-exec-33]  ERROR com.ca.uimapi.config.UimApiJWTVerificationFilter:doFilter:97 config.UimApiJWTVerificationFilter - Missing or invalid authentication information

Environment

  • DX UIM 23.4 or higher
  • UIMAPI

Resolution

Steps:

Notice in the wasp.cfg, the setting "useBasicAuthFor..."

...If JWT token enablement is done on OC wasp then it is recommended to set useBasicAuthForUIMAPI = false to honor the JWT session handling.

Similarly for the OI Connector, you must also enable the https_enabled checkbox in the OC configuration section of the OI Connector configuration UI.

Also for JWT session handling set the OC wasp probe-> useBasicAuthForRest = false

In UIM, Basic Authentication is enabled by default for wasp and web service endpoints.


JWT authentication


  • To use JWT token authentication, we need to set the useBasicAuthForUIMAPI attribute to false in the wasp.cfg file. Additionally, to execute UIM API endpoints, the user must have the appropriate ACL with "Web Service" permissions.

  • If LDAP authentication is used, the LDAP group must be mapped to the corresponding ACL, which should have the "Web Service" permission enabled.

  • If the user is an OC Account user, they can only access resources that are mapped to their account.
    • For example, an account user cannot execute the getAccounts endpoint as they do not have the required permissions. In such cases, the UIM API will return a 401 Unauthorized error.

These are the primary checks UIM performs to execute any UIM API endpoint.

We have tested with both a NimBUS user defined via IM and an Account user (using LDAP and account admin) and everything works as expected.

1. Make sure you're not hitting the wrong endpoint,

    and

2. The current account user MUST have permission to view the data.

For all APIs, users need to have "Web Service" permission:

In addition, each API has functional specific permissions. For /uimapi/devices call, users need to have "Basic Management" permission.

A list of each API call type and the required ACL/permission seems to be missing from the UIMAPI techdocs/swagger.


For webservices this IS documented for each call type. Please refer to:

webservices_rest Call Reference

Additional Information