Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Ashley_Lewis1 — Wed, 30 Dec 2020 16:27:11 GMT

Can someone assist with the command to access the Rest APIs of the SAAS controller using curl command? I want to do this through the corporate proxy

This is what I have so far but I am facing an Authentication 401 Unauthorized Error

curl -v --proxy http://proxyusername:password@proxyaddress:proxyport --user username@account:password https://SAASURL/controller/rest/applications

Is there something I am missing?

The username@account:password is working outside the corporate proxy.

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

iamryan — Mon, 04 Jan 2021 21:34:30 GMT

Hi @Ashley.Lewis,

I found a few existing Community posts that seem related. Please have a look and let me know if they help.

401 unauthorized in Rest Api and REST API access 401 error

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Ashley_Lewis1 — Tue, 05 Jan 2021 10:00:51 GMT

Hi Ryan,

Thank you for the response. Those posts did not help actually.

I am already using a locally created account and I am able to successfully call the API outside the Corporate Proxy using this user.

The second post also points to the account being improper which is not the problem in my case as I get it to successfuly work outside the Proxy.

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

iamryan — Tue, 05 Jan 2021 17:31:12 GMT

Hi @Ashley.Lewis,

Thanks for letting me know. Let's see if the Community can jump in and offer a solution or workaround. If I find any posts or info, I will share it here as a reply.

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Morelz — Thu, 07 Jan 2021 06:18:13 GMT

Hi Ashley

When you do a curl test to the AppDynamics URL using the proxy what response do you get?

curl -I -x <proxy hostname>:<proxy port> --proxy-user username:password https://<appd fqdn>.saas.appdynamics.com

And also what proxy server are you using , nginx, squid?

Ciao

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Ashley_Lewis1 — Wed, 13 Jan 2021 12:20:07 GMT

Hi Mario,

These are the outputs that I get

Without Proxy - Successfully returned application list

curl -vk --user internaluser@SAASAccount:dummypwd https://SAASAccount.saas.appdynamics.com/controller/rest/applications
* Trying x.x.x.x...
* TCP_NODELAY set
* Connected to SAASAccount.saas.appdynamics.com (x.x.x.x) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=AppDynamics LLC; CN=*.saas.appdynamics.com
* start date: Jun 30 00:00:00 2020 GMT
* expire date: Sep 8 12:00:00 2021 GMT
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
* Server auth using Basic with user 'internaluser@SAASAccount'
> GET /controller/rest/applications HTTP/1.1
> Host: SAASAccount.saas.appdynamics.com
> Authorization: Basic ZXh0YWRtaW5AZmFidGVzdGRldjpFeHRBZG1pbjEyMyQ=
> User-Agent: curl/7.50.3
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/xml
< Date: Mon, 11 Jan 2021 14:10:52 GMT
< Server: AppDynamics
< Set-Cookie: JSESSIONID=1c90d1821ed443f4d6b77e2c4f51; Path=/controller; HttpOnly; Secure
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Content-Length: 3859
< Connection: keep-alive
<
<applications><application>....

With Proxy - 401 Authentication Error

curl --anyauth -vk --proxy http://myproxy.dummy.com:8080 -U proxyUser -u internaluser@SAASAccount --proxy-anyauth https://SAASAccount.saas.appdynamics.com/controller/rest/applications
Enter host password for user 'internaluser@SAASAccount':
Enter proxy password for user 'proxyUser':
* Trying x.x.x.x...
* TCP_NODELAY set
* Connected to myproxy.dummy.com (x.x.x.x) port 8080 (#0)
* Establish HTTP proxy tunnel to SAASAccount.saas.appdynamics.com:443
> CONNECT SAASAccount.saas.appdynamics.com:443 HTTP/1.1
> Host: SAASAccount.saas.appdynamics.com:443
> User-Agent: curl/7.50.3
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=AppDynamics LLC; CN=*.saas.appdynamics.com
* start date: Jun 30 00:00:00 2020 GMT
* expire date: Sep 8 12:00:00 2021 GMT
* issuer: C=A; ST=City; L=City; O=First City; OU=Dummy IT; CN=Dummy Proxy CA; emailAddress=DummyITSecOps@dummy.com
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /controller/rest/applications HTTP/1.1
> Host: SAASAccount.saas.appdynamics.com
> User-Agent: curl/7.50.3
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Mon, 11 Jan 2021 14:13:17 GMT
< Server: AppDynamics
< WWW-Authenticate: BASIC realm="controller_realm"
< X-Content-Type-Options: nosniff
< Content-Length: 0
< Cache-Control: proxy-revalidate
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Set-Cookie: BCSI-CS-15847fdf143cdb98=1; Path=/
< Proxy-support: Session-based-authentication
<
* Curl_http_done: called premature == 0
* Connection #0 to host myproxy.dummy.com left intact
* Issue another request to this URL: 'https://SAASAccount.saas.appdynamics.com/controller/rest/applications'
* Found bundle for host SAASAccount.saas.appdynamics.com: 0x20082c68 [can pipeline]
* Re-using existing connection! (#0) with proxy myproxy.dummy.com
* Connected to myproxy.dummy.com (x.x.x.x) port 8080 (#0)
* Server auth using Basic with user 'internaluser@SAASAccount'
> GET /controller/rest/applications HTTP/1.1
> Host: SAASAccount.saas.appdynamics.com
> Authorization: Basic ZXh0YWRtaW5AZmFidGVzdGRldjpFeHRBZG1pbjEyMyQ=
> User-Agent: curl/7.50.3
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Mon, 11 Jan 2021 14:13:17 GMT
< Server: AppDynamics
* Authentication problem. Ignoring this.
< WWW-Authenticate: BASIC realm="controller_realm"
< X-Content-Type-Options: nosniff
< Content-Length: 0
< Cache-Control: proxy-revalidate
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Set-Cookie: BCSI-CS-15847fdf143cdb98=1; Path=/
< Proxy-support: Session-based-authentication
<
* Curl_http_done: called premature == 0
* Connection #0 to host myproxy.dummy.com left intact

I'm not sure about the proxy that is in place in the organization. Is that supposed to make a difference to the behavior?

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Ashley_Lewis1 — Tue, 19 Jan 2021 17:50:18 GMT

I was able to get this to work by using the curl command with a header token instead of passing the username and password using an api client user. It looks like it is potentially a problem of the proxy not passing the parameters of username and password on to AppDynamics SAAS.

topic Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command in Splunk AppDynamics

Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command

Re: Accessing the SAAS Rest APIs through a corporate Proxy - curl command