Forum Discussion

prole92_221949

Cirrus

Jul 13, 2016

Solved

BIG-IP 11.6.1 iControl REST API access issues

Hi guys, I'm having issues with BIG-IP version 11.6.1 and iControl REST API. On previous versions I was able to create an administrator account on the BIG-IP and use it to access the iControl RE...

Tikka_Nagi_1315
Jul 14, 2016
The behavior changed as part of an enhancement to allow role based access to REST resources. You can create different users as follows:

Create new user in GUI or TMSH. Make sure to assign that user the appropriate role (e.g. Manager, etc)
GET to /mgmt/shared/authz/users to verify that the user shows up in the users
GET /mgmt/shared/authz/roles/iControl_REST_API_User and save contents
Update userReferences property from the role resource you got in step 3 "userReferences": [ { "link": "https://localhost/mgmt/shared/authz/users/" }
Do a PUT (or PATCH) to /mgmt/shared/authz/roles/iControl_REST_API_User with the modified userReferences array property
Verify that the role is updated with the user reference: GET /mgmt/shared/authz/roles/iControl_REST_API_User
Perform an icontrol command with that user to verify

Note: if the role that you assigned in step 1 does not have access to a resource then you still won’t be able to read/write it

bobmacks_329472

Nimbostratus

Aug 09, 2017

Hi,

Sorry for re-opening an old thread but I'm wondering if the RBAC setup to REST services have changed in 12.1.2?

I can confirm Basic Auth works okay if the user has an admin role but fails with a 401 authentication error when I try to retrieve a login token when sending a POST to /mgmt/shared/authn/login with username, password and login provider in the JSON body.

The same user can login without issues via the web UI so I suspected the issue is most likely an RBAC issue for REST.

Thanks in advance,

Bobby

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)