4 Replies Latest reply on Sep 21, 2014 12:48 PM by devakumaraswamy

    Authentication for REST calls

    devakumaraswamy

      We recently installed the PI REST on our server.

       

      My goal is to access the data from nodejs and combine with some other data to do some analytics.

       

      Here is my current problem.

       

      [I am on windows platform].

       

      From my browser I can access a resource like dataservers.

       

      https://myserver/piwebai/dataservers.

       

      notes: I get prompted to enter my windows userid and password, but I can get to the resource.

       

       

       

      However when I call from my nodejs code ( I am using request.js as a wrapper around http calls) I get the message

       

      { statusCode: 401,
      :"Authorization has been denied for this request."}'

       

      I tried passing my userid, password via 

       

      https://myuserid:mypassword@myserver/piwebapi/dataservers'

       

      and also as 

       

      thru the header:

       

       

       

      headers: {

       

      Authorization: Basic + new Buffer(userid: password).toString("base64")

       

      Both fail..

       

      I am hoping I am making a stupid novice mistake and you guys can set me straight.

       

       

       

      Thanks...

        • Re: Authentication for REST calls
          Bhess

          By default, the product installs with Kerberos/Windows Integrated security enabled only.  It looks like you want to enable Basic authentication.  Consult the User Guide section on Authentication Types for more details.

            • Re: Authentication for REST calls
              devakumaraswamy

              I should have not written my note to imply I wanted to use Basic authentication.

               

              I was added as a piadmin to the system for testing purposes. I was still not able to get to the resources from the browser without a userid/password challenge - I had assumed the WIS would get me in.

               

              And I failed with and without userid/password from my app -

               

              So I was just trying BASIC out of desperation/curiosity.

               

              I searched the library and got to PI Server 2012 configuration doc - is that one you are referring to? Or is there a specific configuration for the resources made available thru the REST API.

               

              I will pass this info on to the site administrator - I suspect we have not added my "windows group" to the PI server properly.

                • Re: Authentication for REST calls
                  Bhess

                  Sorry for the miscommunication.

                   

                  I suspect that the problem you're facing trying to use Windows Integrated security is that PI Web API is not set up for delegation to your backend PI Data Archive/Asset Framework servers.  Kerberos delegation is required whenever you try to make a Windows token do a "double hop" - from your client machine, then to the PI Web API server, and finally to the PI Data Archive on the backend.  This needs to be configured in Active Directory.

                   

                  Instructions for doing this are also covered in the user guide.  The guide you're looking for is the "PI Web API 2014 User Guide" and troubleshooting guide.  Unfortunately I'm not able to these documents anywhere on vCampus, so I'll attach to this message.