I'm playing with the new ReviewBoard API with a test installation of RB 1.5, and can't seem to get basic authentication to work. I'm testing it just by typing "http://ourserver/api/info/" into Firefox, entering my username and password when it asks, but I keep getting 401 UNAUTHORIZED responses.
I've taken a Wireshark trace and it looks like the client is doing the right thing. Moreover I can log in fine using the normal login page, which seems to use a different mechanism. (After logging in from the login page I can access the API resources because it uses the cookie thereafter.)
Is there anything I need to do to get this to work?
Thanks,
Colin
Latest News at: http://www.indigovision.com/news2010.php
--
Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to reviewboard...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Hi Christian,
Thanks for the speedy reply. I’ve tried with the FQDN and IP address as well as the plain hostname and I get the same result. The wireshark trace shows that it’s using Basic Authentication as described in the API docs. (I can send you the wireshark trace if you think it would help).
The server is running Apache 2.2.16 on Fedora 14. We imported all of the configuration and data from our 1.0.9 installation in order to test the new version.
It uses Active Directory as the authentication back-end. Could that be part of the problem? I changing my account to use a sha1 password instead but it made no difference.
Colin
scanned for viruses and spam by indigovision
If you consider this email spam, please forward to
sp...@emailfiltering.com
Few questions.
1) While rb-site install there is user created. Is authentication
login works fine for this user?
2) When You login as AD user: what do You see in logs when You login
using login page, and what if You use API?
--
><> Jan Koprowski
1) I couldn't tell you, it wasn't me who set up the server. I'll try to find out from my colleague who did.
2) When I log in using the login page using my AD password I see the following line repeated many times:
2010-11-06 09:50:10,143 - DEBUG - Search root dc=indigovision,dc=com
When I login using my SHA1 password, or type the wrong password, I see the following once:
2010-11-06 09:42:23,967 - WARNING - Active Directory: Failed login for user cfc
When I try to access the API URLs I don't see anything at all. Do I maybe need to increase the logging level?
Thanks,
Colin
> --------------------------------------------------------------------
> ----------------
> scanned for viruses and spam by indigovision
> If you believe this email is spam, please forward to
> sp...@emailfiltering.com
> 1) I couldn't tell you, it wasn't me who set up the server. I'll try
> to find out from my colleague who did.
I got this information and tried again with the username and password that were set up during installation. Authentication failed in the same way as before.