x-auth-token header difference between 9 and 7/8?

[capriguy84]

(This issue is not related to the python script in repo, but rather trying to reproduce the same in Ocaml.)

I am having a weird issue where I can create X-auth-token in idrac v7,8 but NOT in v9. I get below error in idrac9. I tried different Http libraries in Ocaml including (Cohttp and (Httpaf) but all are returning the same error. I kept minimal header info but still same error.

FTR, I am using the new updated uri '/redfish/v1/SessionService/Sessions' on idrac9. In fact, I am querying /redfish/v1/SessionService and getting the sessions/@data.id for right uri for each idrac version. It's different for idrac7,8.

I am passing username and password in payload and using no authentcation in headers. Seems right as per the python example here. Am I missing anything?

    "error": { 
        "code": "Base.1.0.GeneralError",
        "message": "A general error has occurred. See ExtendedInfo for more information.",
        "@Message.ExtendedInfo": { 
            "@odata.type": "gMessage.v1_0_0.Message",
            "MessageId": "Base.1.0.InternalError",
            "Message": "internal error, Unacceptable header specified in request"
        }

Response Headers after failure:
 (status_code (406))
    (response
     (((encoding (Fixed 389))
       (headers
        ((accept-ranges bytes) (content-length 389)
         (content-type application/json)
         (date "Thu, 22 Apr 2021 05:21:33 GMT")
         (etag "\"185-5b55b1c5c0d80\"")
         (last-modified "Mon, 30 Nov 2020 23:10:06 GMT") (server Apache)
         (strict-transport-security
          "max-age=63072000; includeSubDomains; preload")
         (www-authenticate "Basic realm=\"RedfishService\"")
         (x-frame-options DENY)))
       (version HTTP_1_1) (status Not_acceptable) (flush false))))

TIA

[texroemer]

Hi @capriguy84

Starting in Redfish version 1.6, the Session URI location changed. In 1.6, the URI location changed to "redfish/v1/SessionService/Sessions". If using any Redfish version older than 1.6, the URI location is "redfish/v1/Sessions".

To check Redfish version for iDRAC installed, run GET on uri "redfish/v1/?$select=RedfishVersion".

I updated script "CreateXAuthTokenSessionREDFISH" to pass in the correct URI passed off the Redfish version detected for iDRAC.

Thanks Tex

[capriguy84]

I am using the right uri as you mentioned and get the error. Does the error message "unacceptable header specified in " ring any thing familar w.r.t redfish version changes in 1.6?

[texroemer]

I've been trying to repro the error you hit but unable to. Can you send me your python code?

Also did you try GitHub script and it also failed?

[capriguy84]

I am building similar python script in Ocaml, and was wondering why it doesn't work uniformly on idrac7/8 vs 9. I couldn't reproduce with the python script but asked the question anyway, hoping to get some pointers.

After reading thru the Redfish 1.6 spec and change log, I added additional header field ("Accept" "application/json") and that fixed my issue with idrac 9. Thanks for mentioning about the version change between the idracs.

(please mark issue as resolved)