Forum Discussion

Vinne73's avatar
Vinne73
Icon for Cirrus rankCirrus
Jan 24, 2018

LTM 13.x iControlREST with non admin accounts: 401 Authorization failed

Hi,

 

I found info about this problem on previous software releases, and being or not being able to use non admin accounts with iControl. However, I'm running LTM 13.0.0.3.

 

I've created a user account and it has the role "Manager" on a certain partition. This user can log in on the GUI, en do what he needs to do.

 

When I try to access iControl via REST the user/pass is accepted. (if not, you get a different error) Then I get a "code": 401, "message": "Authorization failed: ..." error.

 

The user is in Common, but if I make it in the partition he has rights to, it makes no difference.

 

If I create the user with full admin rights, i can use iControl REST.

 

I'm 100% sure this works on my other Big-IP, release 11.6.2.1. It also worked on 11.6.1.1.

 

Config is identical.

 

So.. is there any way somebody else has gotten this to work? A non admin user that can access iControlREST on 13.x?

 

Thanks in advance Vincent

 

iControlREST
security

1 Reply

Sort By
  • Satoshi_Toyosa1's avatar
    Satoshi_Toyosa1
    Icon for Employee rankEmployee
    Jan 24, 2018

    Instead of using Basic Auth (sending an Based-64 encoded username/password in the HTTP Authorization header), please try Token-Based authentication.

    1. Get an authentication token by sending (

      POST
      ) the username/password to 
      /mgmt/shared/authn/login
      .

    2. Use that token in the 

      X-F5-Auth-Token
      header for any requests afterword.

    The token times out after 1200s (20 min).

    Please refer to "About iControl and authentication for user accounts" section (p. 20) of the iControl® REST API User Guide Version 13.0.