Skip to main content

Authentication Methods

Redfish requires the use of a compliant TLS connection to transport the data. XCC Redfish interface supports both “Basic Authentication” and “Session Login Authentication”. Per Redfish specification, the only resource that can accessed without requiring authentication is the service root “/redfish/v1/”.

HTTP Basic Authentication (as defined by RFC7235) uses HTTP "Authorization" header field to authenticate requests from a user agent or client (like a web browser) to XCC Redfish service. The value of this header consists of credentials containing the authentication information of the user agent for the realm of the resource being requested. Below is an an example of doing this operation in curl:

curl https://10.10.0.128/redfish/v1/Systems/1 -X GET -k -H "Content-type: application/json" 
-H "Authorization: Basic VVNFUklEOlBBU1NXMFJE"
The credentials in this example are base64 encoding string of “USERID:PASSW0RD”, which can be generated by command:
echo -n “USERID:PASSW0RD” | base64.

A client or user agent can also create a Redfish login session via the Session management interface described in “‎Session Management” section of this guide. The client creating login session should save “session-auth-token” returned from the HTTP response header field “X-Auth-Token”. The “session-auth-token” is used to authenticate subsequent requests by setting the HTTP request header "X-Auth-Token” with the "session-auth-token". Below is an an example of doing this operation in curl:

curl https://10.10.0.128/redfish/v1/Systems/1 -X GET -k -H "Content-type: application/json" 
-H "X-Auth-Token: session-auth-token"

The maximum open session count is set to 16 and session could have timeout.