Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Basic Auth for Confluence REST API doesn't work

Using cURL this is the response that I get:

$ curl -H "Accept: application/json" -H "Content-Type: application/json" -u 'username:password' -I 'https://mysite.com/confluence/rest/api/content/111111' -v* Trying <ip>:443...
* Connected to <mysite> (<ip>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/##################
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
<>
* SSL certificate verify ok.
* Server auth using Basic with user 'username'
> HEAD /confluence/rest/api/content/11111? HTTP/1.1> Host: mysite.com
> Authorization: Basic ################
> User-Agent: curl/7.74.0
> Accept: application/json
> Content-Type: application/json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401
HTTP/1.1 401
< Server: openresty
Server: openresty
< Date: Thu, 04 Mar 2021 12:29:25 GMT
Date: Thu, 04 Mar 2021 12:29:25 GMT
< Content-Type: text/html;charset=utf-8
Content-Type: text/html;charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< X-ASEN: SEN-####
X-ASEN: SEN-####
< Set-Cookie: JSESSIONID=#######################; Path=/confluence; HttpOnly
Set-Cookie: JSESSIONID=#######################; Path=/confluence; HttpOnly
< X-Seraph-LoginReason: AUTHENTICATED_FAILED
X-Seraph-LoginReason: AUTHENTICATED_FAILED
< WWW-Authenticate: OAuth realm="https%3A%2F%2Fmysite.com%2Fconfluence"
WWW-Authenticate: OAuth realm="https%3A%2F%2Fmysite.com%2Fconfluence"
< Content-Language: en
Content-Language: en
< Strict-Transport-Security: max-age=31536000; includeSubdomains
Strict-Transport-Security: max-age=31536000; includeSubdomains

<
* Connection #0 to host mysite.com left intact

 

If I go directly to my site and force using basic auth (https://mysite.com/confluence/rest/api/content/111111?os_authType=basic), after entering credentials it gives me a very weird looking 401 error (not the same as when using wrong credentials, but

This page isn’t working

If the problem continues, contact the site owner.

HTTP ERROR 401

with a reload button, and after I click on it or refresh the page it gives me exactly what I wanted to get with curl, looks like it's starting a session and passing JSESSIONID as in cookie based auth not basic auth)

As I understand, the problem is somewhere in the server setup, but I have no clue where to even begin to look. Any suggestions?

 

2 answers

0 votes
Prince Nyeche Community Leader Mar 04, 2021

Hi @Gunta S 

Welcome to community! Do you use any form of 2FA to authenticate users on your Confluence server?

Hi @Prince Nyeche 

Thanks for the welcome! No 2FA

Prince Nyeche Community Leader Mar 05, 2021

Hi @Gunta S 

Thanks for confirming that. From the trace above, it seems as though you've entered the wrong password or username a couple of times and Confluence has returned a captcha screen which is not visible on terminal. 

X-Seraph-LoginReason: AUTHENTICATED_FAILED

 Try the below curl example

curl -v \
--url "https://mysite.com/confluence/rest/api/content/111111" \
--header "Content-type: application/json" \
--user "username:password"

Ensure that the username and password are correct before proceeding. The 401 error when trying on your browser could be a different thing all together, try logging out and in and see if the behaviour changes.

Hi @Prince Nyeche 

I believe that if it was captcha screen it would be giving AUTHENTICATED_DENIED. Credentials are correct, I even tried changing the password and creating a new user, still returning the same

* Trying <ip>:443...
* Connected to mysite.com (<ip>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/####
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*<>
* SSL certificate verify ok.
* Server auth using Basic with user 'username'
> GET /confluence/rest/api/content/111111 HTTP/1.1
> Host: mysite.com
> Authorization: Basic ################
> User-Agent: curl/7.74.0
> Accept: */*
> Content-type: application/json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401
< Server: openresty
< Date: Mon, 08 Mar 2021 07:19:36 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 1116
< Connection: keep-alive
< X-ASEN: SEN-#######
< Set-Cookie: JSESSIONID=###########; Path=/confluence; HttpOnly
< X-Seraph-LoginReason: AUTHENTICATED_FAILED
< WWW-Authenticate: OAuth realm="https%3A%2F%2Fmysite%2Fconfluence"
< Content-Language: en
< Strict-Transport-Security: max-age=31536000; includeSubdomains
<
<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Basic Authentication Failure - Reason : AUTHENTICATED_FAILED</p><p><b>Description</b> The request has not been applied
because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3>Apache Tomcat/9.0.22</h3></body></html>* Connection #0 to host mysite.com left intact

As for the browser behavior, it's always the same no matter how many times I try to log in and out.

0 votes
Andy Heinzer Atlassian Team Mar 05, 2021

Hi Gunta,

I see that you are using curl to try to query some data from a Confluence server instance.  However the error you are getting is a pretty clear indication that your request is not authenticating in the way expected.

Try checking out Confluence REST API examples.  It has a few syntax examples that might help here.  First I'd start by trying to remove the quotes around the username:password if you want to use that method to authenticate here.  Additionally, you will also need to specify which HTTP verb you are using here (GET, PUT, POST, etc).

As a side note, if your Confluence Server is 7.9 or higher, you might want to check out Using Personal Access Tokens.  This is an alternative means for Server users to be able to authenticate for REST API calls without having to use their username/password to authenticate here.

I hope this helps.

Andy

Hi @Andy Heinzer

I don't believe it's the syntax here, I've tried it without quotes, with just username where I enter password after the prompt, I've tried Authorization header with base64 encoded username and password, the result is always the same. Specifying the verb gets the same result

$ curl -v -u username -X GET "https://mysite.com/confluence/rest/api/content/111111"
Enter host password for user 'username':
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying <ip>:443...
* Connected to mysite.com (<ip>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/#####
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* <>
* SSL certificate verify ok.
* Server auth using Basic with user 'username'
> GET /confluence/rest/api/content/1111111 HTTP/1.1
> Host: mysite.com
> Authorization: Basic ###############
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401
< Server: openresty
< Date: Mon, 08 Mar 2021 07:47:18 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 1116
< Connection: keep-alive
< X-ASEN: SEN-######
< Set-Cookie: JSESSIONID=#################; Path=/confluence; HttpOnly
< X-Seraph-LoginReason: AUTHENTICATED_FAILED
< WWW-Authenticate: OAuth realm="https%3A%2F%2Fmysite.com%2Fconfluence"
< Content-Language: en
< Strict-Transport-Security: max-age=31536000; includeSubdomains
<
<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Basic Authentication Failure - Reason : AUTHENTICATED_FAILED</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3>Apache Tomcat/9.0.22</h3></body></html>* Connection #0 to host mysite.com left intact

I'm using version 6.15.10

Andy Heinzer Atlassian Team Mar 12, 2021

The response you get back from curl would indicate that the authentication failed.  Which in turn would leave your request as if it was made anonymously.  If the resource you are trying to access here is protected from anonymous access, that explains the behavior we see here.

I would want to first confirm that your account in use here can access that resource on your Confluence server (outside of REST API), say by visiting the corresponding content in Confluence by logging into Confluence with the same credentials.  If those credentials work, then there is clearly something else to blame here.

The verbose response also seems to have some additional clues about your environment.  The server response appears to be from a proxy called openresty.  And given the 401 error there, it would seem that either the proxy is unable to see credentials for Confluence, or perhaps the proxy is misconfigured in some manner.  We have ways you could test against this such as explained in How to bypass a reverse proxy or SSL this is at least one way to test if the proxy could be the source of the problem here. 

If this is the problem, then you can explore further into other guides such as Running Confluence behind NGINX with SSL.

Andy

Thanks @Andy Heinzer 

I found the fix to my issue here: Shibboleth HTTP authenticator and REST API · Issue #32 · chauth/confluence_http_authenticator · GitHub

I just added com.atlassian.seraph logging with DEBUG level and it works, now I'm trying to understand why it works

Gunta

Like Andy Heinzer likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

⚡️NEW Group for Confluence Cloud Admins

Calling all Confluence Cloud Admins!  We created a new Community Group to support your unique needs as Confluence admins. This is a group where you can ask questions, access resou...

196 views 3 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you