Hello,

i am trying to use the presence REST API but i am not able to successfully execute digest authentication.
After the first resource discovery request i send the request with authentication header.
I always receive an Http status code 401 Unauthorized, with the message: Error 401: Incorrect response

I have checked the credentials of the user in the system manager user management.
I am using the Presence handle (handle is 323) as username and the Communication Profile Password.
I have already changed the password to ensure that i am using a valid password

As client id i am using a random number, in the following case i have used 344

The Authorization header in the second request:
"Authorization: Digest username="323", realm="jabber", nonce="MTU2Mjc1MTM0MjI3NzpjMjE3YzM0NTlkNzdhMzY2NjJjMThhODhkOWRmZjVj==", uri="/services/PresenceServices/rest/cs/resources?clientId=344", response="a08cb5114772c02c735c20d165b5fd", qop=auth, nc=00000001, cnonce="d9fd98637535c67a", algorithm=MD5[\r][\n]"

Breeze Version: 3.4
Presence Version: 7.1.2.0.233
Authentication Type = Avaya (set in snapin attribute configuration)

Do i have to use the handle as clientId?
Any idea what could possibly be wrong with the digest authentication?

Hi dkalinasch,

It seems that you have administer the Presence REST API with the Enterprise authentication (hence the digest authentication mechanism being used).

In such a case, the submitted username is supposed to be equal to the user's 'Avaya Presence/IM Communication Address' (aka presence handle) and it has to include the domain part of the address e.g. 323@example.com . The submitted password (as the input into the digest algorithm) is supposed to be equal to the user's 'Communication Password'.

Best regards,
Milos Pujic

Hello,

i have double checked the user credentials. I have tried with the username handle@domain and the communication profile password.
The digest authentication does not work.

So we changed the presence snapin configuration to work with ldap and basic authentication. But the login does not work.
In the logfile of the presence snapin (filename is ps.log) i found the following entries:

2019-07-11 09:03:10,190 [WebContainer : 3] presence.auth.PostAuthenticationTokenFilter FINE - doFilter()
2019-07-11 09:03:10,190 [WebContainer : 3] model.dao.UserDao FINE - getUserByLogin(): found user from cache, d.kalinasch@domain->com.avaya.presence.dataobject.space.v7_0_1_0.UserEntry@63463f36[serviceProfileTemplateId=<null>,id=502,partitionId=1,userId=502,loginName=d.kalinasch@domaint,userName=d.kalinasch,tenantId=50,imGateway=<null>,attributes=<null>]
2019-07-11 09:03:10,190 [WebContainer : 3] presence.auth.SessionManager FINE - createSession() 502
2019-07-11 09:03:10,190 [WebContainer : 3] presence.auth.SessionManager FINE - createSession() abort; clientId not available


The last line is complaining about a clientId.From the documentation i expected, that i have to enter a random value for the client id so my request uses the following url:

https://servername/services/PresenceServices/rest/cs/resources?clientId=12345


What value do i have to use for the clientId?
Where can i find more logfile entries for the login process?

Hi dkalinasch,

We have a documentation error - I apologize.

The correct Resource discovery URI should have the "clientid" query parameter (not "clientId"). So, a good example would be:

https://<host:port>/services/PresenceServices/rest/cs/resources?clientid=12345

The value for the client ID should be a string that is preferably globally unique (e.g. an UUID) or at least unique among all clients of the user.

Regards,
Milos

Hi,

thanks for the feedback.
With the correct parameter (clientid), the authenticaton works fine.

Regards