Closed zmance-ddn closed 10 months ago
Yes, there's a SessionService subcommand that lets you both create and delete sessions.
You'd first make the session like this:
> redfishtool -u root -p password -r 192.168.1.50 SessionService login
{
"SessionId": "2",
"SessionLocation": "/redfish/v1/SessionService/Sessions/2",
"X-Auth-Token": "MY_SESSION_TOKEN"
}
Copy the SessionId and X-Auth-Token; SessionId is used to log out, and X-Auth-Token is used in subsequent requests.
You then use the token with the -t
argument, or use it in another tool you have.
> redfishtool -t MY_SESSION_TOKEN -r 192.168.1.50 --Auth Session Systems list
{
"_Path": "/redfish/v1/Systems",
"Name": "System Collection",
"Members@odata.count": 1,
"Members": [
{
"Id": "1",
"@odata.id": "/redfish/v1/Systems/1",
"AssetTag": ""
}
]
}
When done, you delete the session like this:
> redfishtool -t MY_SESSION_TOKEN -r 192.168.1.50 --Auth Session SessionService logout -i 2
Also take note that in your curl request, the Id
property 2401af5cb65750c5359ecadd4d07bce0
is not the same as the token for subsequent request. If it turns out they are the same, that can lead to someone potentially hijacking another user's sessions if they have the ability to view the session list.
You'll need to view the X-Auth-Token
response header from your curl request to see the actual token (which in your case is in your headers.txt file), and use that value with the -t
argument in redfishtool.
@mraineri Thank you for the quick response. I appreciate the gentle reminder to RTFM =)
Here is how I can generate token with curl command. How can I do the same with this tool? As a test, I tried using token from curl command with RFT, but was still not able to connect.
Is it because I need to use insecure method (like curl cmd?) Any help? Do I have set headers and use raw http commands?