Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Webex API

Login and Navigate to Interfaces > Add Interface

Select Webex API (OAuth2 - Cloud) as the Type

The same interface can be used for Wrangler_ and test_mate , each of these require different Scope permissions. This example will show setting up Wrangler_ for Webex Scopes.

Press Submit

Proxy is optional, Internet access is required to access https://webexapis.com/ from Yarnman

When the page saves, Press show Scopes

These are the requires roles to be configured on your webex integration

Open a new Tab/Browser to Create a new Webex integration https://developer.webex.com/my-apps

Service intergration with static auth_token are not supported at this time

Complete the required fields (we will come back to the redirect uri), select or upload a logo, scroll down to select the scopes to match the ones shown from Yarnman

Switch back to Yarnman and select the Arm Bindings tab

Select the Yarnman node in the dropdown followed by pressing Bind to Arm

Copy the URL that is shown as Redirect URL and switch back to Webex

Paste in the URl to the URL field, make sure to remove any leading Spaces or Tabs that may come through

Press Add in Webex

Make note of the Client ID , Client Secret ( NOTE this won;t be shown again, however it can be regenerated if lost)

Switch back to Yarnman

press Update / Set Credentials

Populate

Application with either the same as your called it in Webex or something meaningful.

Client ID as string provided by Webex

Redirect URI as the one provided by yarnman and press submit

The popup will refresh with an Authorise button with the confirmed details, Press Authorise

The web browser will required Internet Access and Access to Yarnman, Please make sure your Jumpbox or Proxy settings in the browser allow for this configuration , you may need to bypass the IP address of Yarnman if you have a proxy in your browser.

The webex authentication screen will be presented. Depending on your environment this could be handled by Webex or your SSO provider. Eg Microsoft.

Webex will prompt you to allow or deny the permissions associated with your account

Press accept and log back into yarnman when it redirects Paste in the Client secret

Token details will be stored

Test Connection can pressed to verify Yarnman can access Webex API doing a simple about me api request.

Troubleshooting Scopes

Yarnman can help validate the scopes configured in your webex app

Copy the whole URL from webex

Press Validate Scopes in Yarnman

Paste the URL in the popup from Yarnman

Press validate , Yarnman will advise the roles that need to be checked on the webex app

Troubleshooting Webex login

Where possible its best to use an Private/Incognito session to preform the oAuth flow. As there could be issues with cached logins with SSO , or the wrong SSO id being prompted and causing the oAuth to fail with change of UserID midsession.

Troubleshooting Connectivity

The Web browser you use needs to be able to get access to webex (internet) and yarnman , for the oauth flow to work correctly.

DNS

Below shows the yarnman server not able to resolve DNS

yarnman@ym-ph4-wxc-glen [ ~ ]$  curl "https://webexapis.com" -I
curl: (6) Could not resolve host: webexapis.com
yarnman@ym-ph4-wxc-glen [ ~ ]$

Check DNS servers used by the yarnman server (do not edit this file)

yarnman@ym-ph4-wxc-glen [ ~ ]$ cat /run/systemd/resolve/resolv.conf 
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 10.0.0.1
search lab.yarnlab.io

to change the dns servers, in this example we are adding replacing the single dns server with multiple dns servers

You will need to first login as the root user to modify system settings, using su . exit out from root when you are done

yarnman@ym-ph4-wxc-glen [ ~ ]$ su
Password: 
root@ym-ph4-wxc-glen [ /var/home/yarnman ]#  netmgr dns_servers --set --mode static --servers 8.8.8.8,8.8.4.4
root@ym-ph4-wxc-glen [ /var/home/yarnman ]# exit
yarnman@ym-ph4-wxc-glen [ ~ ]$ cat /run/systemd/resolve/resolv.conf 
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 8.8.8.8
nameserver 8.8.4.4
search lab.yarnlab.io

Test to validate yarnman can reach webexapis.com , note 401 error as we are trying to browse without any credentials

Test Direct Access
yarnman@ym-ph4-wxc-glen [ ~ ]$ curl "https://webexapis.com" -I
HTTP/1.1 401 Unauthorized
x-content-type-options: nosniff
trackingid: ROUTERGW_5fdd5b92-b77f-40af-9f46-ceae729d74ba
vary: accept-encoding
content-type: application/json
date: Wed, 13 Mar 2024 03:22:59 GMT
server: istio-envoy
x-envoy-upstream-service-time: 1
transfer-encoding: chunked

Proxy

Depending on your environment, yarnman may also need to be able to resolve the proxy if a FQDN is required to the proxy server

You can verify yarnman can reach the proxy using curl, the http1.1 200 connection established shows the connection to the proxy was successful

Proxy without Auth
yarnman@ym-ph4-wxc-glen [ ~ ]$ curl --proxy "http://10.101.10.87:3130" "https://webexapis.com/" -I
HTTP/1.1 200 Connection established

HTTP/1.1 401 Unauthorized
x-content-type-options: nosniff
trackingid: ROUTERGW_2c5c1133-6586-42d2-a9cd-afaca8842baa
vary: accept-encoding
content-type: application/json
date: Wed, 13 Mar 2024 03:25:18 GMT
server: istio-envoy
x-envoy-upstream-service-time: 2
transfer-encoding: chunked
Proxy showing user/pass is required

Proxy server requires a user/pass to connect, with the 407 error

yarnman@ym-ph4-wxc-glen [ ~ ]$ curl --proxy "http://10.101.10.87:3129" "https://webexapis.com/" -I
HTTP/1.1 407 Proxy Authentication Required
Server: squid/4.13
Mime-Version: 1.0
Date: Wed, 13 Mar 2024 03:26:32 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3519
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="Squid"
X-Cache: MISS from 18a6e4fa9a26
X-Cache-Lookup: NONE from 18a6e4fa9a26:3129
Via: 1.1 18a6e4fa9a26 (squid/4.13)
Connection: keep-alive

curl: (56) CONNECT tunnel failed, response 407
Proxy showing user/pass to the proxy

the first 407 tells curl to try again with user:pass, 200 connect is successful to the proxy followed by the 401 to webex as expected.

yarnman@ym-ph4-wxc-glen [ ~ ]$  curl --proxy-anyauth -x http://basicuser:basicuser123@10.101.10.87:3129 -4 "https://webexapis.com/" -I
HTTP/1.1 407 Proxy Authentication Required
Server: squid/4.13
Mime-Version: 1.0
Date: Wed, 13 Mar 2024 03:38:10 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3519
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="Squid"
X-Cache: MISS from 18a6e4fa9a26
X-Cache-Lookup: NONE from 18a6e4fa9a26:3129
Via: 1.1 18a6e4fa9a26 (squid/4.13)
Connection: keep-alive

HTTP/1.1 200 Connection established

HTTP/1.1 401 Unauthorized
x-content-type-options: nosniff
trackingid: ROUTERGW_cc737ef5-1e1d-4e2f-8a1e-840dd944250f
vary: accept-encoding
content-type: application/json
date: Wed, 13 Mar 2024 03:38:11 GMT
server: istio-envoy
x-envoy-upstream-service-time: 3
transfer-encoding: chunked

  • No labels