Hi,
I finally managed to get access to the Avaya Web Gateway installation at the customer location where my application will be running. It is version 3.8.1.0.153. I tried running the devclient sample application in a Chrome browser with following url:
https://AAWG_IP:8443/devclient/testapp/index.html?calledNumber=123&displayname=MG
I found out about this devclient in Oceana deployment guide, chapter "Configure the reference authorization service". I enabled the devclient and the token-generation-service by renaming them to .war extension. After that I can open the above URL. However, it displays an error message:
Type help for supported commands, or go to
https://x.x.x.x:8443/devclient/testapp/resources/TestToolCheatSheet.pdf
WebRTC Internals debugging:
chrome://webrtc-internals
Request a token
ERROR: Failed to request the token.please check the token generation service.. ()
csa>
When I enabled debug logs, I found this in CSA logs:
WARN 25 Nov 2020 19:11:16,976 http-apr-8451-exec-9 com.avaya.token - (TokenApplication.java:17) Token application starting
FINE 25 Nov 2020 19:11:16,976 http-apr-8451-exec-9 com.avaya.token - (TokenGenResource.java:61) Call to generate the encrypted token with data:use:csaGuest calledNumber:123 displayName:MG callingNumber:null Expiration:null
FINEST 25 Nov 2020 19:11:16,976 http-apr-8451-exec-9 com.avaya.token - (TokenGenResource.java:78) Path invoked to call CSA token:https://<AAWG_FQDN>:8443/csa/resources/tokens
FINEST 25 Nov 2020 19:11:16,976 http-apr-8451-exec-9 com.avaya.token - (TokenGenResource.java:80) Invoking the request
FINEST 25 Nov 2020 19:11:16,976 http-apr-8451-exec-9 com.avaya.token - (TokenGenResource.java:83) The status received after invoking the request401
ERROR 25 Nov 2020 19:11:16,976 http-apr-8451-exec-9 com.avaya.token - (TokenGenResource.java:90) Can't retrieve information from token Services:401
I tried to execute the same request manually using curl:
curl -k -vvv -H "Accept: application/vnd.avaya.csa.tokens.v1/json" -H "Content-Type: application/vnd.avaya.csa.tokens.v1/json" --data '{"use":"csaGuest","calledNumber:456","displayName":"MG","callingNumber":"","Expiration":""}' https://<AAWG_FQDN>:8443/csa/resources/tokens
* About to connect() to <AAWG_FQDN> port 8443 (#0)
* Trying x.x.x.x...
* Connected to <AAWG_FQDN> (x.x.x.x) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: C=US,O=Avaya,CN=<AAWG_FQDN>
* start date: Sep 24 09:45:48 2020 GMT
* expire date: Sep 24 09:45:48 2022 GMT
* common name: <AAWG_FQDN>
* issuer: O=AVAYA,OU=MGMT,CN=System Manager CA
> POST /csa/resources/tokens HTTP/1.1
> User-Agent: curl/7.29.0
> Host: <AAWG_FQDN>:8443
> Accept: application/vnd.avaya.csa.tokens.v1/json
> Content-Type: application/vnd.avaya.csa.tokens.v1/json
> Content-Length: 100
>
* upload completely sent off: 100 out of 100 bytes
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Wed, 25 Nov 2020 19:08:03 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 1033
< Connection: keep-alive
< Set-Cookie: route=5caedf178fc386244c3c7ac70f5281c3f7394287; Path=/; sameSite=none; Secure; HttpOnly
< WWW-Authenticate: Basic realm="ApplicationRealm", ESGToken realm="ApplicationRealm", Bearer realm="ApplicationRealm", charset="UTF-8"
< Content-Language: en
< X-Served-By: <AAWG_FQDN>
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=631138519
< P3P: CP="Not Supported"
< Pragma: no-cache
< Cache-Control: no-cache,no-store,must-revalidate,private
< X-Load-Balancer: <AAWG_FQDN>
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT
< Access-Control-Allow-Headers: Authorization, Accept, DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,X-Avaya-Requested-With,If-Modified-Since,Cache-Control,Content-Type
< Access-Control-Expose-Headers: Retry-After
<
<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3>Apache Tomcat</h3></body></html>
* Connection #0 to host <AAWG_FQDN> left intact
So, indeed I am getting a HTTP 401 Unauthorized error. So is the sample application. Problem is, I am unable to find any more logs, based on the displayname parameter (I tried entering something more unique) I couldn't find any more logs to see the root cause.
My question is: is the mentioned token-generation-service.war the one I am supposed to use for production, or is it just a sample app? Also, what am I missing to get a proper response and not 401? Is it maybe configuration issue? I tied to set REST and OAMP certificate policies to NONE, OPTIONAL, OPTIONAL_NO_CA, I'm getting the same response in all cases.
Regards,
Gabor