svc-account-session

README

Sessions

A session represents a window of user's login with a Redfish service and contains details about the user and the user activity. You can run multiple sessions simultaneously.

Resource Aggregator for ODIM offers Redfish SessionService interface for creating and managing sessions. It exposes APIs to achieve the following:

• Fetching the SessionService root

• Creating a session

• Listing active sessions

• Deleting a session

Modifying Configurations of Session and Account Service

Config File of ODIMRA is located at: odimra/lib-utilities/config/odimra_config.json
Refer the section Modifying Configurations in the README.md to change the configurations of a odimra service

Specific configurations for Session and Account Service are:

Log Location of the Session and Account Service

/var/log/ODIMRA/account_session.log

Supported APIs

/redfish/v1/SessionService	GET
/redfish/v1/SessionService/Sessions	POST, GET
redfish/v1/SessionService/Sessions/{sessionId}	GET, DELETE

SessionService root

curl -i GET \
              'https://{odimra_host}:{port}/redfish/v1/SessionService'

Sample response body

{
   "@odata.type":"#SessionService.v1_1_6.SessionService",
   "@odata.id":"/redfish/v1/SessionService",
   "Id":"Sessions",
   "Name":"Session Service",
   "Status":{
      "State":"Enabled",
      "Health":"OK"
   },
   "ServiceEnabled":true,
   "SessionTimeout":30,
   "Sessions":{
      "@odata.id":"/redfish/v1/SessionService/Sessions"
   }
}

Method	GET
URI	/redfish/v1/SessionService
Description	Schema representing the Redfish SessionService root.
Returns	The properties for the Redfish SessionService itself and links to the actual list of sessions.
Response Code	200 OK
Authentication	No

Creating a session

curl -i POST \
   -H "Content-Type:application/json" \
   -d \
'{
"UserName": "{username}",
"Password": "{password}"
}' \
 'https://{odimra_host}:{port}/redfish/v1/SessionService/Sessions'

Method	POST
URI	/redfish/v1/SessionService/Sessions
Description	This operation creates a session to implement authentication. Creating a session allows you to create an X-AUTH-TOKEN which is then used to authenticate with other services. NOTE: It is a good practice to note down the following: The session authentication token returned in the X-AUTH-TOKEN header. The session Id returned in the Location header and the JSON response body. You will need the session authentication token to authenticate subsequent requests to the Redfish services and the session Id to log out later.
Returns	An X-AUTH-TOKEN header containing session authentication token. Location header that contains a link to the newly created session instance. The session Id and a message in the JSON response body saying that the session is created.
Response Code	201 Created
Authentication	No

Sample request body

{
"Username": "abc",
"Password": "abc123"
}

Request URI parameters

Parameter	Type	Description
Username	String (required)	Username of the user account for this session. For the first time, use the username of the default administrator account (admin). Later, when you create other user accounts, you can use the credentials of those accounts to create a session. NOTE: This user must have Login privilege.
Password	String (required)	Password of the user account for this session. For the first time, use the password of the default administrator account. Later, when you create other user accounts, you can use the credentials of those accounts to create a session.

Sample response header

Cache-Control:no-cache
Connection:keep-alive
Content-Type:application/json; charset=utf-8
Link:</redfish/v1/SessionService/Sessions/2d2e8ebc-4e7c-433a-bfd6-74dc420886d0/>; rel=self
Location:{odimra_host}:{port}/redfish/v1/SessionService/Sessions/2d2e8ebc-4e7c-433a-bfd6-74dc420886d0
Odata-Version:4.0
X-Auth-Token:15d0f639-f394-4be7-a8ef-ef9d1df07288
X-Frame-Options:sameorigin
Date:Fri,15 May 2020 14:08:55 GMT+5m 11s
Transfer-Encoding:chunked

Sample response body

{
	"@odata.type": "#SessionService.v1_1_6.SessionService",
	"@odata.id": "/redfish/v1/SessionService/Sessions/1a547199-0dd3-42de-9b24-1b801d4a1e63",
	"Id": "1a547199-0dd3-42de-9b24-1b801d4a1e63",
	"Name": "Session Service",
	"Message": "The resource has been created successfully",
	"MessageId": "Base.1.6.1.Created",
	"Severity": "OK",
	"UserName": "abc"
}

Listing sessions

curl -i GET \
               -H 'Authorization:Basic {base64_encoded_string_of_[username:password]}' \
              'https://{odimra_host}:{port}/redfish/v1/SessionService/Sessions'

Method	GET
URI	/redfish/v1/SessionService/Sessions
Description	This operation lists user sessions. NOTE: Only a user with ConfigureUsers privilege can see a list of all user sessions. Users with ConfigureSelf privilege can see only the sessions created by them.
Returns	Links to user sessions.
Response Code	200 OK
Authentication	Yes

Viewing information about a single session

curl -i GET \
                -H "X-Auth-Token:{X-Auth-Token}" \
              'https://{odimra_host}:{port}/redfish/v1/SessionService/Sessions/{sessionId}'

Sample response body

{
   "@odata.type":"#Session.v1_2_1.Session",
   "@odata.id":"/redfish/v1/SessionService/Sessions/4ee42139-22db-4e2a-97e4-020013248768",
   "Id":"4ee42139-22db-4e2a-97e4-020013248768",
   "Name":"User Session",
   "UserName":"admin"
}

Method	GET
URI	/redfish/v1/SessionService/Sessions/{sessionId}
Description	This operation retrieves information about a specific user session. NOTE: Only a user with ConfigureUsers privilege can view information about any user session. Users with ConfigureSelf privilege can view information about only the sessions created by them.
Returns	JSON schema representing this session.
Response Code	200 OK
Authentication	Yes

Deleting a session

curl -i -X DELETE \
               -H 'Authorization:Basic {base64_encoded_string_of_[username:password]}' \
              'https://{odimra_host}:{port}/redfish/v1/SessionService/Sessions/{sessionId}'

Method	DELETE
URI	/redfish/v1/SessionService/Sessions/{sessionId}
Description	This operation terminates a specific Redfish session when the user logs out. NOTE: Users having the ConfigureSelf and ConfigureComponents privileges are allowed to delete only those sessions that they created. Only a user with all the Redfish-defined privileges (Redfish-defined Administrator role) is authorized to delete any user session.
Response Code	204 No Content
Authentication	Yes

Documentation

Overview

(C) Copyright [2020] Hewlett Packard Enterprise Development LP

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.