TM1 REST API and Mode 5 Security / CAM

marko_p · Post by **marko_p** » Tue Dec 07, 2021 9:46 am

Hi everyone,
did someone tried to authenticate using integrated mode 5, with CAM?
Any help with some more detailed steps than on IBM pages would be really helpful.
I tried combinations with encoding my username, password and namespace, but all returned 401 unauthorized. Also if someone was trying with CAM passport, any help is welcome. I am using Postman and I tried to follow CAMuri and send CAM Passport that I see in cookies after logging in, but that didn't help either

Thanks.

ascheevel · Post by **ascheevel** » Tue Dec 07, 2021 3:44 pm

Are you including "CAMNamespace" in your authorization header as a prefix to your username:password:namespace?

per IBM, your authorization header should look as follows:
CAMNamespace base64(<username>:<password>:<namespace>)
or if you've already converted your <username>:<password>:<namespace> to base64, just drop the base64() from the header:
CAMNamespace <base64 encoded username:password:namespace>

You can use a passport in your authorization header as well, but you'd need to get the passport first by authenticating against the ClientCamURI gateway. When sending the passport, the authorization headers should look like this: CAMPassport <cam_passport>

Just throwing out there that TM1py already supports what you're trying to do, but realize there may be reasons why you're not planning to use a TM1py solution.

link for anyone stumbling here and wanting to see IBM documentation on authenticating sessions:
https://www.ibm.com/docs/en/planning-an ... g-sessions

marko_p · Post by **marko_p** » Fri Dec 10, 2021 9:55 am

Hi,
thanks a lot on your quick response.

I am using Postman, so my header key is CAMNamespace and value is base64 encoded username:password:namespace, so I guess it is not a problem.

For passport, I put ClientCamURI in my browser and then login window pops up, after logging in I found CAMPassport in Cookies, but when I try to use them in Postman for authentication and I still get 401 Unauthorized.

I also tried TM1py, but no results.

Maybe I am missing something in setup. Do you know where can I check what exact credentials should be passed as username:password:namespace? Or if you could share what are exact steps for CAMPassport way if I am doing it wrong?

Thanks a lot.

ascheevel · Post by **ascheevel** » Fri Dec 10, 2021 2:33 pm

marko_p wrote: ↑Fri Dec 10, 2021 9:55 am I am using Postman, so my header key is CAMNamespace and value is base64 encoded username:password:namespace, so I guess it is not a problem.

Your header key should be "Authorization" and the value should be "CAMNamespace <base64 encoded username:password:namespace>"

macsir · Post by **macsir** » Sat Jan 22, 2022 7:40 am

Just a check, did you have colon in your password section?

TM1 Forum

TM1 REST API and Mode 5 Security / CAM

TM1 REST API and Mode 5 Security / CAM

Re: TM1 REST API and Mode 5 Security / CAM

Re: TM1 REST API and Mode 5 Security / CAM

Re: TM1 REST API and Mode 5 Security / CAM

Re: TM1 REST API and Mode 5 Security / CAM