I’m trying to connect a D-link DCS-8627LH camera to my Openhab via the IpCamera binding.
The binding does find my camera using the Scan feature and categorizes it as an ONVIF Camera. So far so good.
But that’s where it ends. I filled in the correct credentials but I still get the following back from the logs: “The action requested requires authorization and the sender is not authorized.”
Thanks for your reply, I followed those steps but it doesn’t help me any further at this point. I enabled Trace logging and started the entire process again (scanning for camera, adding the onvif camera, configuring the credentials and check if it works).
Below you can find the logs of this whole process. You’ll see it tries to initialize, fails, and continues to ping my camera every second or so with the same response over and over again saying i’m not authorized (username and password are correctly filled in).
I also found this page where at some point it tries to log the following message: Camera at IP:{} had both Basic and Digest set to be used
Which makes me wonder, since I don’t see anything related in my logs: Could it be that basis auth is failing and that the binding is not switching over to Digest ?
Logs:
18:47:42.835 [INFO ] [pcamera.internal.onvif.OnvifDiscovery] - Possible ONVIF camera found at:192.168.0.20
18:47:42.867 [INFO ] [ig.discovery.internal.PersistentInbox] - Added new thing 'ipcamera:onvif:192168020' to inbox.
18:47:42.869 [INFO ] [openhab.event.InboxAddedEvent ] - Discovery Result with UID 'ipcamera:onvif:192168020' has been added.
18:48:24.481 [INFO ] [openhab.event.InboxRemovedEvent ] - Discovery Result with UID 'ipcamera:onvif:192168020' has been removed.
18:48:24.514 [INFO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'ipcamera:onvif:192168020' changed from UNINITIALIZED to INITIALIZING
18:48:24.544 [DEBUG] [camera.internal.onvif.OnvifConnection] - Connecting 192.168.0.20 to ONVIF
18:48:24.551 [TRACE] [camera.internal.onvif.OnvifConnection] - Sending ONVIF request:GetSystemDateAndTime
18:48:24.611 [TRACE] [camera.internal.onvif.OnvifConnection] - Onvif reply is:<?xml ...>
18:48:28.561 [DEBUG] [mera.internal.handler.IpCameraHandler] - About to connect to the IP Camera using the ONVIF PORT at IP:192.168.0.20:80
18:48:28.570 [DEBUG] [camera.internal.onvif.OnvifConnection] - Connecting 192.168.0.20 to ONVIF
18:48:28.587 [TRACE] [camera.internal.onvif.OnvifConnection] - Sending ONVIF request:GetSystemDateAndTime
18:48:28.616 [INFO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'ipcamera:onvif:192168020' changed from INITIALIZING to OFFLINE (CONFIGURATION_ERROR): Camera failed to report a valid Snaphot and/or RTSP URL. Check user/pass is correct, or use the advanced configs to manually provide a URL.
18:48:28.700 [TRACE] [camera.internal.onvif.OnvifConnection] - Onvif reply is:<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdd="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:chan="http://schemas.microsoft.com/ws/2005/02/duplex" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tns1="http://www.onvif.org/ver10/topics"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:Code><SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value><SOAP-ENV:Subcode><SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value></SOAP-ENV:Subcode></SOAP-ENV:Code><SOAP-ENV:Reason><SOAP-ENV:Text xml:lang="en">The action requested requires authorization and the sender is not authorized.</SOAP-ENV:Text></SOAP-ENV:Reason></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
18:48:36.609 [DEBUG] [mera.internal.handler.IpCameraHandler] - About to connect to the IP Camera using the ONVIF PORT at IP:192.168.0.20:80
18:48:36.623 [DEBUG] [camera.internal.onvif.OnvifConnection] - Connecting 192.168.0.20 to ONVIF
18:48:36.631 [TRACE] [camera.internal.onvif.OnvifConnection] - Sending ONVIF request:GetSystemDateAndTime
18:48:36.672 [TRACE] [camera.internal.onvif.OnvifConnection] - Onvif reply is:<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdd="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:chan="http://schemas.microsoft.com/ws/2005/02/duplex" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tns1="http://www.onvif.org/ver10/topics"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:Code><SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value><SOAP-ENV:Subcode><SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value></SOAP-ENV:Subcode></SOAP-ENV:Code><SOAP-ENV:Reason><SOAP-ENV:Text xml:lang="en">The action requested requires authorization and the sender is not authorized.</SOAP-ENV:Text></SOAP-ENV:Reason></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
18:48:44.650 [DEBUG] [mera.internal.handler.IpCameraHandler] - About to connect to the IP Camera using the ONVIF PORT at IP:192.168.0.20:80
18:48:44.660 [DEBUG] [camera.internal.onvif.OnvifConnection] - Connecting 192.168.0.20 to ONVIF
18:48:44.670 [TRACE] [camera.internal.onvif.OnvifConnection] - Sending ONVIF request:GetSystemDateAndTime
18:48:44.709 [TRACE] [camera.internal.onvif.OnvifConnection] - Onvif reply is:<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdd="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:chan="http://schemas.microsoft.com/ws/2005/02/duplex" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tns1="http://www.onvif.org/ver10/topics"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:Code><SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value><SOAP-ENV:Subcode><SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value></SOAP-ENV:Subcode></SOAP-ENV:Code><SOAP-ENV:Reason><SOAP-ENV:Text xml:lang="en">The action requested requires authorization and the sender is not authorized.</SOAP-ENV:Text></SOAP-ENV:Reason></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
That log shows the camera is asking for login credentials for the getdatetime onvif request. That is a breach of the onvif standard that states it should not be password protected. The date and time is used as additional protection and is needed. You should report this to the manufacturer after checking for newer firmware.
It’s possible it may still work as a generic camera if you supply the rtsp and any other urls the camera has.
I got the following response from d-link (I asked them to read along with this thread). Does this make sense to you ? They suggest to skip the authorization for the date time check. I’m not the onvif expert here so I’m not sure what the exact specs say.
thank you for the information unfortunately the comment about the getSystemTimeandDate function is not accurate.
There is no ONVIF Specification breach because there is no specification that getSystemTimeandDate must to be accessable without credentials, there is only a guideline for developers that they should check time and date before attempt a login and there for is should be accessable without credential, but sill not a must.
So we will ask the development to move this to a unauthorized section, but OpenHAB should allow to skip the Time an Date check for authorization, since it is not a mandatory settings for ONVIF and the Client should allways be able to provide credentials towards the device.
5.1 First Actions After Discovery
After ONVIF devices are discovered using WS-Discovery, you would typically access a device
using the supplied XAddrs to test where it is reachable. Use device.GetSystemDateAndTime
to accomplish this because it should not require authentication.
The Application guide has example traces of communication and also step by step programming examples of how go about the authentication process and also why the date and time is important.
As to if we can bypass asking for the date and time and still connect, I could be wrong but I may have already made this change, it’s possible it is one of the changes made that is not yet merged. EDIT: confirmed, so long as the camera replies to GetCapabilities it should still connect and this change is not merged but has been made. You can try the newer JAR or wait for the PR to be made.