[thredds] Pydap authentication problems

  • To: "thredds@xxxxxxxxxxxxxxxx" <thredds@xxxxxxxxxxxxxxxx>
  • Subject: [thredds] Pydap authentication problems
  • From: Jim Fluke <james.fluke@xxxxxxxxxxxxx>
  • Date: Thu, 10 Oct 2024 17:59:24 -0600
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=colostate.edu; dmarc=pass action=none header.from=colostate.edu; dkim=pass header.d=colostate.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wmGKsn8mYpA24W4kKpvnyp4oh7nYin8xAe6APDaZKGs=; b=I2v4FHe2Ij+og+W18KBrgycwE1Eih6RgDyBdmaz44WKjw6khuifgO/27FlAz0M9mSMZOOg01JCspFsw5+0bA8N9QSxyAt+5she6RThKd2jbo7iv2rBMX1Lol3hGbph2VPgUHZpZ0UWSWVjfX1PwFPp3NXDhGQvpdGMENG/VlbNRyt1ybCBHvr3Sj4x11eM9W3bkSw6pPgHk0HS4+NQbvaFO3He1j/011GHrF1LkiQg+J2jZYhVW4LCAGQb9d3VggJowR6BlEJTNq3AOku6WT44cfZ4stwCRuIyowy/28kl8U5b1knQ1kxnatXGb+kPUmwIiWWXHDtC6eylQywbKd5Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=w/X/TlusX/SCryeX90DoVbqnocgGcr4tY1vp+9yIESQ+ppDXIskSlfk4NGOTtn8Mo39RlI/JM6J7RWure3idOgsU34WL18P4FL3opym3lqbGFRzSMfRm9mOur/kMeVi9FozkaumBHJfjDkdb5JH+zGErzPLEwIBRIh3poxAIG/9dj/Th/yrv4JxPOnR2MkFq0jQ4KC95Ttqvs53Vpsj7y8q8aeEYnjOm5nTBZovojyiQNcg2l4ttHT0jHNYj0dNc6n16xOwiPOibR5AAgBG7p52HW/sFoPUrDpWkha/HhH921haSj7U8IWbO9kVdGy5jY36GCYGHGTT3JxdMvOSVCQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=colostate.edu;
Well, I now have https working with user authentication for our TDS website. But I can't get it to work with pydap in Python.
I want to thank everyone who responded before, especially Christian Skarby and Pols Maarten, but I finally realized that I don't need nginx for this. Configuring the TDS to use our certbot certificate works just fine for the entire TDS website, including getting subsets of data by selecting the "Get ASCII" button in the "OPeNDAP Dataset Access Form" after entering credentials in the authentication pop-up. So that is why I'm starting a new email thread for the remaining pydap problem.
The same data file URL that works in the "OPeNDAP Dataset Access Form" does not work with pydap. The credentials need to be added to the URL for this of course, and that might be the problem. The URL I'm trying with pydap is: 
https://fluke:d1ef3ce7e7c41de74192a362524ad0a460692a222d9dd796ee383b56e446d749$1$d03ce0f88475505a68bd0eb37fa570df8120e59ccf62a4f580a55ad612f695c0e385893fe7205f7c181b221ab49bc817d4a33a2b2bb727fdc0ee3420e7e5b99e@xxxxxxxxxxxxxxxxxxxxxxxxx/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2013/180/2013180111833_38146_CS_2B-GEOPROF_GRANULE_P1_R05_E06_F00.hdf
This includes the hdf-512 hash value for my password from our tomcat-users.xml file. Again, this works for website authentication, so I don't see how there can be a problem with the hash value. But this raises an exception ending with: 
webob.exc.HTTPError: 401 Unauthorized
<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat</h3></body></html> 

I've also tried my actual password for this with the same result.
One thought is that pydap does not know about certbot as a CA whereas firefox does. 

If you have any ideas about what the problem might be, please let me know.

Thanks,
Jim
  • 2024 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: