Authentication Methods

Redfish requires the use of a compliant TLS connection to transport the data. TSM Redfish interface supports both Basic Authentication and Session Login Authentication. Per Redfish specification, the only resource that can be accessed without requiring authentication is the service root /redfish/v1/.

HTTP Basic Authentication (as defined by RFC7235) uses HTTP Authentication header field to authenticate requests from a user agent or client (like a web browser) to TSM Redfish service. The value of this header consists of credentials containing the authentication information of the user agent for the realm of the resource being requested. Below is an example of doing this operation in curl:

curl https://10.10.0.128/redfish/v1/Systems/1 -X GET -k -H "Content-type: application/json" -H "Authorization: Basic VVNFUklEOlBBU1NXMFJE"

The credentials in this example are base64 encoding string of USERID:PASSW0RD.

A client or user agent can also create a Redfish login session via the Session management interface described in Session Management section of this guide. The client creating login session should save session-auth-token returned from the HTTP response header field X-Auth-Token. The session-auth-token is used to authenticate subsequent requests by setting the HTTP request header X-Auth-Token with the session-auth-token. Below is an example of doing this operation in curl:

curl https://10.10.0.128/redfish/v1/Systems/1 -X GET -k -H "Content-type: application/json" -H "X-Auth-Token: session-auth-token"

The maximum open session count is set to 16 and session could have timeout.