XML posts are getting http 401 error

Version 1

    Subject: RE: XML posts are getting http 401 error
    Replied by: Wes Schochet on 13-05-2010 03:37:09 PM
    Thanks again for the response David.  I checked and the URL does not seem to be the issue. 
    In addition to the items described below, I have determined that the Screenshot function is also failing for all phones.  I keep getting prompted for User and password.  I see the auth request go out and get answered with "AUTHORIZED".  But I eventually end up with the phone saying:
     
    <h1>Protected Object</h1>
    This object on the RomPager server is protected.
    Return to <a>last page</a>

    Interestingly enough, I am getting <CiscoIPPhoneError Number="4" />  from my 7961 desk phone and HTTP response code: 401  from my 7925 wireless phones.  I have included a capture from the desk phone.
     
    I tried to attach a capture, but I was not able to do so using IE or Firefox.  I have the auth server logging and I can see both on the server and in the packet capture that thauthentication is coming back approved. 
     
    This behavior is happening both on software that I have created and used before as well as on my vendor's software.  As they are here on site, I have opened a TAC case on this SR 614370765.  It does not appear however that it is routed to the rightr group as I had to spend some time explaining the API to the TAC engineer.

    Any further thoughts woul be appreciated.

    Subject: RE: XML posts are getting http 401 error
    Replied by: David Staudt on 13-05-2010 05:05:22 PM
    From the trace it looks like the system is using a custom authentication URL for the phones: http://phoneapp:8080/CIPPauth/auth.jsp
     
    Looking at the actual response from the custom service, the content-length is 11 (version 10 for the standard response from the default UCM auth service) as it includes a linefeed character at the end of 'AUTHORIZED'.  I believe the phone does not like this extraneous linefeed and does not parse the response as a valid authorization.  Hopefully the custom auth service can be updated to remove the linefeed character.
     
    Note, in order to open a Cisco SR regarding APIs (including IP Phone Services XML), you need to have a special CDN developer support contract and open the case with some special options.  Regular TAC can not accept or route API issues opened with standard TAC contract types.  More info here: http://developer.cisco.com/web/devservices/alldevs
    This document was generated from CDN thread

    Created by: Wes Schochet on 12-05-2010 11:14:56 PM
    OK,  I'm stumped.  When posting any xml command to any phone, I am getting a HTTP 401 error from the phone along with the following text


    <html>
    <head>
    <title>Protected Object</title>
    </head>
    <body>
    <h1>Protected Object</h1>
    This object on the RomPager server is protected.<p>
    Return to <A HREF="">last page</A><p>
    </body>
    </html>

    I can see the authentication request hit the authentication server and the ¿AUTHORIZED¿ response being sent to the phone.  I have never had any problems with these operations in the past.  What am I missing?

    Subject: RE: XML posts are getting http 401 error
    Replied by: David Staudt on 12-05-2010 11:30:33 PM
    I've seen this happen if there is a trailing slash on the execute phone URL: 
     
    /CGI/Execute/
     
    There should not be:
     
    /CGI/Execute
     
     

    Subject: RE: XML posts are getting http 401 error
    Replied by: Wes Schochet on 14-05-2010 02:35:59 PM
    Thanks for your help.  Indeed it was the carriage return after the AUTHORIZED message.  I am a bit embarrassed that I did not catch that.   I am not sure what changed to make that happen in my infrastructure!