API Rest - Invoke-RestMethod 401 Unauthorized

Hi,

since some days, I can’t call API Rests anymore, the Invoke-RestMethod command returns a 401 Unauthorized error.

My API Rest is simple :

NEW-PSUENDPOINT -URL "Alive" -Endpoint {
OK
}

Authentication is disabled

The command I use is :

Invoke-RestMethod -Uri "https://servername.domain/Alive"

PSU is running behind an apache proxy server that handles the https requests.
TLS is enable in the apache server with a signed certificate.

The strange thing is that when I call the api URL in the browser it returns me “OK” and seems to work well.

I need help, thanks by advance.

Do you have Windows Auth enabled at all? It seems like the browser is reusing a cookie or something. What happens when you view that URL in an Incognito Window?

Yes. But we found the problem, it was the same than the one I posted for sso. By default, PSU was using the wrong kerberos keytab, it was using the computer keytab and not the http keytab, it is 2 different files. We have to use 2 different files because the host keytab is for the root user, and PSU is running with a service account, another user.
For the SSO, our solution was to create an environment variable in the service profile that runs PSU that defines the location of the good keytab.
But when we runs an invoke-restmethod command, it gets the wrong keytab again. We have to use the -UseDefaultCredentials parameter, and find a better solution to says the command where to find the good keytab than the one we used yesterday ( creating a kerberos cache manually). But it is working.
If we were running PSU with the root user and have the host and http entries in the same keytab, we shouldn’t have all these problems.

You will be happy to know PSU is working in a linux CentOS environment, behind an apache web proxy, with windows auth and ssl enabled. It was not easy :wink:

Only the vault is the automation/ variables section is not working.

Thank you.

1 Like