HTTP ERROR 401 -> Invalid signature for signature method HMAC-SHA1
725 views
Skip to first unread message
Marlus Misael
May 16, 2012, 8:25:00 AM5/16/12
to eureka-st...@googlegroups.com
Hi team, how you're doing?
I was running es almost a year and everything was doing well. So, i had to move from the port 8080 to 9090 and right now, the activity gadget stop working.
Follow below the entire message that i've got from firebug. My ES version is 1.1
Do you have any clue?
throw 1; < don't be evil' >{"http://173.230.135.99:9090/api/0/full/getSystemSettings/%7B%7D":{"body":"\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"/\u003e\n\u003ctitle\u003eError 401 Invalid signature for signature method HMAC-SHA1\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\u003ch2\u003eHTTP ERROR 401\u003c/h2\u003e\n\u003cp\u003eProblem accessing /api/0/full/getSystemSettings/%7B%7D. Reason:\n\u003cpre\u003e Invalid signaturefor signature method HMAC-SHA1\u003c/pre\u003e\u003c/p\u003e\u003chr /\u003e\u003ci\u003e\u003csmall\u003ePowered by Jetty://\u003c/small\u003e\u003c/i\u003e\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\n\u003c/body\u003e\n\u003c/html\u003e\n","oauthErrorText":"\n\n==== Original request:\nGET /api/0/full/getSystemSettings/%7B%7D\n\nHost: 173.230.135.99:9090\nX-Shindig-AuthType: oauth\nX-Forwarded-For: 200.171.169.210\nX-shindig-dos: on\n\n\n====\n==== Sent request 1:\nGET /api/0/full/getSystemSettings/%7B%7D?oauth_body_hash=2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D&opensocial_owner_id=d10f6382-4067-4ada-b726-badb4d72d766&opensocial_viewer_id=d10f6382-4067-4ada-b726-badb4d72d766&opensocial_app_id=22&opensocial_app_url=http%3A%2F%2F173.230.135.99%3A9090%2Forg%2Feurekastreams%2Fgadgets%2Factivitygadget.xml&oauth_version=1.0&oauth_timestamp=1337170683&oauth_nonce=4206548204709266812&oauth_consumer_key=PUT_CONSUMER_KEY_HERE&oauth_signature_method=HMAC-SHA1&oauth_signature=mrpuavOdK2rHE%2FiXzyDnu6prFFI%3D\n\nHost: 173.230.135.99:9090\nX-Shindig-AuthType: oauth\nX-Forwarded-For: 200.171.169.210\nX-shindig-dos: on\n\n\n==== Received response 1:\nHTTP/1.1 401\r\n\r\nCache-Control: must-revalidate,no-cache,no-store\r\nContent-Length: 1478\r\nContent-Type: text/html;charset=ISO-8859-1\r\nDate: Wed, 16 May 2012 12:18:03 GMT\r\nServer: Jetty(7.4.1.v20110513)\r\nWWW-Authenticate: OAuth\r\n\r\n\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"/\u003e\n\u003ctitle\u003eError 401 Invalid signature for signature method HMAC-SHA1\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\u003ch2\u003eHTTP ERROR 401\u003c/h2\u003e\n\u003cp\u003eProblem accessing /api/0/full/getSystemSettings/%7B%7D. Reason:\n\u003cpre\u003e Invalid signature for signature method HMAC-SHA1\u003c/pre\u003e\u003c/p\u003e\u003chr /\u003e\u003ci\u003e\u003csmall\u003ePowered by Jetty://\u003c/small\u003e\u003c/i\u003e\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e\n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e\n\n\u003c/body\u003e\n\u003c/html\u003e\n\r\n\n====","DataHash":"ghqlhugi8ecse92bme0kjev354","rc":401}}
Best Regards,
Marlus Misael
Rob Keane
May 16, 2012, 8:43:18 AM5/16/12
to eureka-st...@googlegroups.com
Check you oauthconsumer table and confirm that the entry for the activity gadget has the correct port.
Marlus Misael
May 16, 2012, 9:23:31 AM5/16/12
to eureka-st...@googlegroups.com
it's ok:
--
Atenciosamente,
Marlus Misael
1 | 1 | | PUT_CONSUMER_KEY_HERE | PUT_CONSUMER_SECRET_HERE | http://173.230.135.99:9090/org/eurekastreams/gadgets/activitygadget.xml | eurekastreams | HMAC-SHA1 |
Atenciosamente,
Marlus Misael
Marlus Misael
May 16, 2012, 9:58:55 AM5/16/12
to eureka-st...@googlegroups.com
Hello Rob,
Might there be any chance that this issue is regarding to the firewall ?Best Regards,
Atenciosamente,
Marlus Misael
Cesar Devera
May 17, 2012, 9:15:43 AM5/17/12
to Eureka Streams Development
Marlus,
it is probably NOT related to the firewall, since you ARE getting the
http 401 response (if the problem was with firewall, you would get a
connection refused of something related).
the "Invalid signature for signature method HMAC-SHA1" happens because
each oauth request is signed with a hash of several parameters, and
among them the http port. my guess is that somewhere the port is
hardcoded to 8080, and your request is not being validated since you
are using 9090.
I also bet that you already searched the source code for 8080 and
found nothing, so, I'm afraid something is hard-coded in the Apache
Shindig infrastructure (jars, properties, xml, maven calls, I don't
know).
also, according to previous contact with Marlus, the only gadgets
showing this problem are the ones created from streams (stream
gadgets). the other gadgets like FeedReader are working fine.
anyone else out there using Eureka in non-standard ports like 9090?
hope this helps.
regards,
Cesar
----------
it is probably NOT related to the firewall, since you ARE getting the
http 401 response (if the problem was with firewall, you would get a
connection refused of something related).
the "Invalid signature for signature method HMAC-SHA1" happens because
each oauth request is signed with a hash of several parameters, and
among them the http port. my guess is that somewhere the port is
hardcoded to 8080, and your request is not being validated since you
are using 9090.
I also bet that you already searched the source code for 8080 and
found nothing, so, I'm afraid something is hard-coded in the Apache
Shindig infrastructure (jars, properties, xml, maven calls, I don't
know).
also, according to previous contact with Marlus, the only gadgets
showing this problem are the ones created from streams (stream
gadgets). the other gadgets like FeedReader are working fine.
anyone else out there using Eureka in non-standard ports like 9090?
hope this helps.
regards,
Cesar
----------
On 16 maio, 10:58, Marlus Misael <marlus.mis...@gmail.com> wrote:
> Hello Rob,
> Might there be any chance that this issue is regarding to the firewall ?
> Best Regards,
> Marlus
>
> 2012/5/16 Marlus Misael <marlus.mis...@gmail.com>
> Hello Rob,
> Might there be any chance that this issue is regarding to the firewall ?
> Best Regards,
> Marlus
>
>
>
>
>
>
>
>
>
>
> > it's ok:
>
> > 1 | 1 | | PUT_CONSUMER_KEY_HERE |
> > PUT_CONSUMER_SECRET_HERE |http://173.230.135.99:9090/org/eurekastreams/gadgets/activitygadget.xml
> > | eurekastreams | HMAC-SHA1 |
>
> > 2012/5/16 Rob Keane <rob.ke...@gmail.com>
>
>
>
>
>
>
>
>
> > it's ok:
>
> > 1 | 1 | | PUT_CONSUMER_KEY_HERE |
> > PUT_CONSUMER_SECRET_HERE |http://173.230.135.99:9090/org/eurekastreams/gadgets/activitygadget.xml
> > | eurekastreams | HMAC-SHA1 |
>
>
> >> Check you oauthconsumer table and confirm that the entry for the activity
> >> gadget has the correct port.
>
> >> On May 16, 2012, at 8:25 AM, Marlus Misael <marlus.mis...@gmail.com>
> >> Check you oauthconsumer table and confirm that the entry for the activity
> >> gadget has the correct port.
>
> >> wrote:
>
> >> Hi team, how you're doing?
> >> I was running es almost a year and everything was doing well. So, i had
> >> to move from the port 8080 to 9090 and right now, the activity gadget stop
> >> working.
> >> Follow below the entire message that i've got from firebug. My ES version
> >> is 1.1
> >> Do you have any clue?
>
> >> throw 1; < don't be evil' >{"http://173.230.135.99:9090/api/0/full/getSystemSettings/%7B%7D":{"body":"\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"/\u003e\n\u003ctitle\u003eError 401 Invalid signature for signature method HMAC-SHA1\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\u003ch2\u0 03eHTTP ERROR 401\u003c/h2\u003e\n\u003cp\u003eProblem accessing /api/0/full/getSystemSettings/%7B%7D. Reason:\n\u003cpre\u003e Invalid signature for signature method HMAC-SHA1\u003c/pre\u003e\u003c/p\u003e\u003chr /\u003e\u003ci\u003e\u003csmall\u003ePowered by Jetty://\u003c/small\u003e\u003c/i\u003e\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\n\u003c/body\u003e\n\u003c/html\u003e\n","oauthErrorText":"\n\n==== Original request:\nGET /api/0/full/getSystemSettings/%7B%7D\n\nHost: 173.230.135.99:9090\nX-Shindig-AuthType: oauth\nX-Forwarded-For: 200.171.169.210\nX-shindig-dos: on\n\n\n====\n==== Sent request 1:\nGET /api/0/full/getSystemSettings/%7B%7D?oauth_body_hash=2jmj7l5rSw0yVb%2FvlWAY kK%2FYBwk%3D&opensocial_owner_id=d10f6382-4067-4ada-b726-badb4d72d766&opens ocial_viewer_id=d10f6382-4067-4ada-b726-badb4d72d766&opensocial_app_id=22&o pensocial_app_url=http%3A%2F%2F173.230.135.99%3A9090%2Forg%2Feurekastreams% 2Fgadgets%2Factivitygadget.xml&oauth_version=1.0&oauth_timestamp=1337170683 &oauth_nonce=4206548204709266812&oauth_consumer_key=PUT_CONSUMER_KEY_HERE&o auth_signature_method=HMAC-SHA1&oauth_signature=mrpuavOdK2rHE%2FiXzyDnu6prF FI%3D\n\nHost: 173.230.135.99:9090\nX-Shindig-AuthType: oauth\nX-Forwarded-For: 200.171.169.210\nX-shindig-dos: on\n\n\n==== Received response 1:\nHTTP/1.1 401\r\n\r\nCache-Control: must-revalidate,no-cache,no-store\r\nContent-Length: 1478\r\nContent-Type: text/html;charset=ISO-8859-1\r\nDate: Wed, 16 May 2012 12:18:03 GMT\r\nServer: Jetty(7.4.1.v20110513)\r\nWWW-Authenticate: OAuth\r\n\r\n\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"/\u003e\n\u003ctitle\u003eError 401 Invalid signature for signature method HMAC-SHA1\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\u003ch2\u0 03eHTTP ERROR 401\u003c/h2\u003e\n\u003cp\u003eProblem accessing /api/0/full/getSystemSettings/%7B%7D. Reason:\n\u003cpre\u003e Invalid signature for signature method HMAC-SHA1\u003c/pre\u003e\u003c/p\u003e\u003chr /\u003e\u003ci\u003e\u003csmall\u003ePowered by Jetty://\u003c/small\u003e\u003c/i\u003e\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\u003cbr/\u003e \n\n\u003c/body\u003e\n\u003c/html\u003e\n\r\n\n====","DataHash":"ghqlhugi8 ecse92bme0kjev354","rc":401}}
>
> >> Hi team, how you're doing?
> >> I was running es almost a year and everything was doing well. So, i had
> >> to move from the port 8080 to 9090 and right now, the activity gadget stop
> >> working.
> >> Follow below the entire message that i've got from firebug. My ES version
> >> is 1.1
> >> Do you have any clue?
>
Message has been deleted
Kevin Meredith
Apr 15, 2013, 5:06:06 PM4/15/13
to eureka-st...@googlegroups.com
Hey Xeta - did you figure out how to resolve this issue? If so, please share as I'm encountering it now.
Thanks.
Thanks.
Reply all
Reply to author
Forward
0 new messages