ONVIF authentication failure

reaganch commented 1 year ago

I'm trying to have Bluecherry record based on ONVIF event triggers, but I keep receiving the following set of messages flooding the log:

Jul  4 11:21:40 kaiju bc-server[1184]: I(2/sauron1): Starting onvif events thread 1719649856 for device 2 ...
Jul  4 11:21:40 kaiju bc-server[4119]: Oops, something went wrong:
Jul  4 11:21:40 kaiju bc-server[4119]: SOAP 1.2 fault SOAP-ENV:Sender["http://www.onvif.org/ver10/error":NotAuthorized]
Jul  4 11:21:40 kaiju bc-server[4119]: "The action requested requires authorization and the sender is not authorized"
Jul  4 11:21:40 kaiju bc-server[4119]: Detail: [no detail]
Jul  4 11:21:40 kaiju bc-server[1184]: I(2/sauron1): ONVIF events thread exiting... 
Jul  4 11:21:40 kaiju bc-server[1184]: I(2/sauron1): Starting onvif events thread 1719649856 for device 2 ...
Jul  4 11:21:40 kaiju bc-server[4120]: Oops, something went wrong:
Jul  4 11:21:40 kaiju bc-server[4120]: SOAP 1.2 fault SOAP-ENV:Sender["http://www.onvif.org/ver10/error":NotAuthorized]
Jul  4 11:21:40 kaiju bc-server[4120]: "The action requested requires authorization and the sender is not authorized"
Jul  4 11:21:40 kaiju bc-server[4120]: Detail: [no detail]
Jul  4 11:21:40 kaiju bc-server[1184]: I(2/sauron1): ONVIF events thread exiting... 
Jul  4 11:21:40 kaiju bc-server[1184]: I(2/sauron1): Starting onvif events thread 1719649856 for device 2 ...
Jul  4 11:21:41 kaiju bc-server[4121]: Oops, something went wrong:
Jul  4 11:21:41 kaiju bc-server[4121]: SOAP 1.2 fault SOAP-ENV:Sender["http://www.onvif.org/ver10/error":NotAuthorized]
Jul  4 11:21:41 kaiju bc-server[4121]: "The action requested requires authorization and the sender is not authorized"
Jul  4 11:21:41 kaiju bc-server[4121]: Detail: [no detail]
Jul  4 11:21:41 kaiju bc-server[1184]: I(2/sauron1): ONVIF events thread exiting...

The ONVIF probe and autoconfigure button at the bottom of Devices -> Settings -> Properties seems to work fine. The ONVIF Device Manager also clearly indicates that the camera is sending numerous motion detection alerts.

Testing /usr/lib/bluecherry/onvif_tool produces:

% /usr/lib/bluecherry/onvif_tool 10.11.8.75 admin <password> events_subscribe
Oops, something went wrong:
SOAP 1.2 fault SOAP-ENV:Sender["http://www.onvif.org/ver10/error":NotAuthorized]
"The action requested requires authorization and the sender is not authorized"
Detail: [no detail]

For further details, please refer to https://forums.bluecherrydvr.com/t/onvif-event-not-triggering-recording/357. The camera is a HIKVISION DS-2CD2347G2-LSU/SL and on its Settings page, ONVIF authentication is set to "Digest&ws-username token". The other option is "Digest", which does not work either and fills the logs with:

Jul  4 11:32:14 kaiju bc-server[1184]: I(2/sauron1): Starting onvif events thread 1744827968 for device 2 ...
Jul  4 11:32:14 kaiju bc-server[5739]: Oops, something went wrong:
Jul  4 11:32:14 kaiju bc-server[5739]: Error 401 fault detected[no subcode]
Jul  4 11:32:14 kaiju bc-server[5739]: "HTTP Error"
Jul  4 11:32:14 kaiju bc-server[5739]: Detail: <!DOCTYPE html>
Jul  4 11:32:14 kaiju bc-server[5739]: <html><head><title>Document Error: Unauthorized</title></head>
Jul  4 11:32:14 kaiju bc-server[5739]: <body><h2>Access Error: 401 -- Unauthorized</h2>
Jul  4 11:32:14 kaiju bc-server[5739]: <p>Authentication Error: This onvif request requires authentication information</p>
Jul  4 11:32:14 kaiju bc-server[5739]: </body>
Jul  4 11:32:14 kaiju bc-server[5739]: </html>
Jul  4 11:32:14 kaiju bc-server[1184]: I(2/sauron1): ONVIF events thread exiting... 
Jul  4 11:32:14 kaiju bc-server[1184]: I(2/sauron1): Starting onvif events thread 1744827968 for device 2 ...
Jul  4 11:32:14 kaiju bc-server[5740]: Oops, something went wrong:
Jul  4 11:32:14 kaiju bc-server[5740]: Error 401 fault detected[no subcode]
Jul  4 11:32:14 kaiju bc-server[5740]: "HTTP Error"
Jul  4 11:32:14 kaiju bc-server[5740]: Detail: <!DOCTYPE html>
Jul  4 11:32:14 kaiju bc-server[5740]: <html><head><title>Document Error: Unauthorized</title></head>
Jul  4 11:32:14 kaiju bc-server[5740]: <body><h2>Access Error: 401 -- Unauthorized</h2>
Jul  4 11:32:14 kaiju bc-server[5740]: <p>Authentication Error: This onvif request requires authentication information</p>
Jul  4 11:32:14 kaiju bc-server[5740]: </body>
Jul  4 11:32:14 kaiju bc-server[5740]: </html>
Jul  4 11:32:14 kaiju bc-server[1184]: I(2/sauron1): ONVIF events thread exiting...

reaganch commented 1 year ago

Just noticed that the camera settings page also indicates the ONVIF version as 19.12. Thought this might be relevant, in case Bluecherry does not support this version of ONVIF.

curtishall commented 1 year ago

Blocked by #602

reaganch commented 1 year ago

Just noticed something strange. When I have two cameras connected, I receive the flood of ONVIF authentication failures described above. When I either physically disconnect one of the cameras or disable it in the server browser interface, however, I am able to successfully subscribe to ONVIF events with the other connected camera (messages below). Nevertheless, no recordings are triggered despite ONVIF event trigger messages being actively sent by the camera (confirmed using the ONVIF Device Manager).

Jul  5 12:53:22 kaiju bc-server[1345]: I(3/sauron2): Switching to new recording schedule 'triggered'
Jul  5 12:53:22 kaiju bc-server[1345]: I(3/sauron2): Starting onvif events thread 3056305728 for device 3 ...
Jul  5 12:53:22 kaiju bc-server[1345]: I(3/sauron2): Subscribed to ONVIF events at http://10.11.8.76/onvif/Events/PullSubManager_20230705T005322Z_2

bluecherrydvr / bluecherry-apps

ONVIF authentication failure #600