Forum Discussion

ldavid's avatar
ldavid
Contributor
2 months ago

Session Key auth 302 Failure

Hello!

Apologies in advance if this has been asked, I am very new to the library. I am unfortunately stuck on logging in to acquire a session token (following Session Key authentication) for a while now.

I have an account which is given API access by the company, but when trying to login with the session API key, I get 302 user authentication failed. I am confident that my username/password combination is correct, and that this is not an issue with escaping (also wrote a Python client to verify, got the same results):

user@HOSTNAME:~$ curl --location --request \
> POST 'https://[community]/restapi/vc/authentication/sessions/login' \
> --form 'user.login=[username]' \
> --form 'user.password=[password]'
<response status="error">
  <error code="302">
    <message>
      User authentication failed.
    </message>
  </error>
</response>

Of note perhaps, is that when I login to my community I am redirected to the company SSO; the domain itself does not provide login portals; perhaps this is a clue? I'm not sure if this circumstance allows for session authentication. It's confusing me because coworkers have reported being able to execute the curl command and login. I also tested with an admin-provisioned API-key user account, with the same results.

What are the circumstances under which 302 authentication failure is triggered, assuming username/password and API permissions are supposedly granted? I've scanned the community for related posts, but the status code for authentication issues is not often 302. Is this an IP whitelisting issue, or do I need extra headers, or am I just not allowed to make session auths? Would appreciate any help on resolving this issue.

3 Replies

  • CarolineS's avatar
    CarolineS
    Boss
    2 months ago

    Just confirming - your user has "Make REST API V1 calls with read access" permission? And they were created via the admin console with a username & password? You might consider temporarily making the user a full admin just to make sure it's not a permissions issue.

    But TBH it seems like something with your SSO? I'm afraid I can't help there but hopefully someone else here can!

  • Akenefick's avatar
    Akenefick
    Genius
    2 months ago

    I think what CarolineS​ said is probably the issue

    created via the admin console with a username & password

    Even if your community has SSO you can create a non SSO account in admin. Create new users ( - Lithium Community That is what you should use.

    Also, if you are trying to do this on stage you will need to include the HT access username and password or ask support to whitelist your IP for stage, so you don't need it.

    Also, not sure if you are on Aurora or Classic. I am only familiar with classic however, based on Matt's option 1 here Can someone walk me through authenticating and using Postman with Aurora? | Atlas I think it is the same for Aurora.

  • ldavid's avatar
    ldavid
    Contributor
    2 months ago

    Hi CarolineS​ and Akenefick​ 

    Company admin was able to resolve the issue. Don't have the details unfortunately, but likely it is SSO. Thank you and to the community for providing helpful insight! Hope the answers help someone else too.