IBM Support

IJ16784: RESTAPI WITH BASIC AUTHENTICATION CAN FAIL TO GET USER CAPABILITIES WHEN USING LDAP AUTH 'LOCAL AUTHORIZATION'

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • It has been identified that using RESTAPI to get endpoint
    resources with basic authentication fails to get user
    capabilities when using LDAP authentication with local
    authorization.
    A message similar to the following is returned:
    {"http_response":{"code":403,"message":"Your account is not
    authorized to access the requested
    resource"},"code":26,"description":"","details":{},"message":"Us
    er has insufficient capabilities to access this endpoint
    resource"}
    Messages similar to the following might also be visible in
    /var/log/qradar.log when this is occurring:
    [tomcat.tomcat]
    [ou=People,dc=my-domain,dc=com\ldapuser1@127.0.0.1 (189)
    /console/restapi/api/reference_data/tables]
    com.q1labs.core.shared.capabilities.CapabilityConfiguration:
    [INFO] [NOT:0000006000][127.0.0.1/- -] [-/- -]user
    ou=People,dc=my-domain,dc=com\ldapuser1 does not exist.
    Returning false
    [tomcat.tomcat]
    [ou=People,dc=my-domain,dc=com\ldapuser1@127.0.0.1 (189)
    /console/restapi/api/reference_data/tables]
    com.q1labs.core.shared.capabilities.CapabilityConfiguration:
    [INFO] [NOT:0000006000][127.0.0.1/- -] [-/- -]user
    ou=People,dc=my-domain,dc=com\ldapuser1 does not exist.
    Returning false
    

Local fix

  • No workaround available.
    

Problem summary

  • We will not fix this issue for now but will include this use
    case in future feature work to the authentication modules.
    Please use an authorized service token when making the API
    calls.
    

Problem conclusion

  • We will not fix this issue for now but will include this use
    case in future feature work to the authentication modules.
    Please use an authorized service token when making the API
    calls.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ16784

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    731

  • Status

    CLOSED PRS

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-06-12

  • Closed date

    2020-07-13

  • Last modified date

    2020-07-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"731"}]

Document Information

Modified date:
14 July 2020