[SOLVED] OH3: http authentication issue

  • Hardware: RPi 4 8 GB and 32 GB micro SD + zwave: Aeotec Z-Stick Gen5 (ZW090) - UZB
  • OS: Raspian which comes with openhabian
  • openHAB version: oh3 stable

Hi everyone,

I am migrating to OH an encountered a http authentication issue:
This used to work with basic authentication in http.cfg under OH 2.5-xx

My new Thing / channel:

UID: http:url:Abus
label: HTTP - Abus Secvest
thingTypeUID: http:url
  authMode: BASIC
  ignoreSSLErrors: false
  password: secretPWD
  refresh: 10
  commandMethod: POST
  contentType: text/plain
  timeout: 3
  username: myself
  bufferSize: 2048
location: Wandschrank
  - id: AbusMode
    channelTypeUID: http:string
    label: Abus Mode
    description: ""
      mode: READONLY
      stateExtension: getMode.cgi
      stateTransformation: REGEX:Mode=(.*)

but, in the log I get:

2021-01-01 11:54:26.184 [WARN ] [p.internal.http.HttpResponseListener] - Requesting '' (method='GET', content='null') failed: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
2021-01-01 11:54:36.086 [TRACE] [ttp.internal.http.RefreshingUrlCache] - Requesting refresh (retry=false) from '' with timeout 3000ms
2021-01-01 11:54:36.091 [TRACE] [ttp.internal.http.RefreshingUrlCache] - Sending to '': Method = {GET}, Headers = {Accept-Encoding: gzip, User-Agent: Jetty/9.4.20.v20190813}, Content = {null}
2021-01-01 11:54:36.187 [TRACE] [p.internal.http.HttpResponseListener] - Received from '': Code = {401}, Headers = {Status: 401 Unauthorized, Content-Type: text/plain}, Content = {401 Authorization Required

Any suggestion would be greatly appreciated.

You could try pre-emptive authentication (implement in 3.1-SNAPSHOT). The root cause is that the server is doing something wrong (see the WARN).

Awesome - thanks, Jan.
You mean the 3.1 snapshot of the http binding only, right?
Is it the same procedure like with OH2.5 like dropping the jar into …/addons?

Should work. Don’t forget to uninstall the other binding before.

Or you could use the console and

update org.openhab.binding.http https://ci.openhab.org/job/openHAB-Addons/lastSuccessfulBuild/artifact/bundles/org.openhab.binding.http/target/org.openhab.binding.http-3.1.0-SNAPSHOT.jar

Excellent - thanks!

Works like a charm, Jan.
Thank you very much.

1 Like

I would like to revive this thread because I have another http / authentication related issue. :slight_smile:

This openhab URL with a generated token works fine with curl:

curl http://oh.secretToken@localhost:8080/rest/services/org.openhab.openhabcloud/config

and returns the state of the openhab cloud (remote vs. notification only):


My thing config looks like this:

UID: http:url:myohcloud
label: HTTP - MyOHCloud Connection State
thingTypeUID: http:url
  ignoreSSLErrors: false
  baseURL: http://oh.secretToken@localhost:8080/rest/services/org.openhab.openhabcloud/config
  delay: 0
  refresh: 30
  commandMethod: GET
  contentType: text/plain
  timeout: 3000
  bufferSize: 2048
location: Homer
  - id: ConType
    channelTypeUID: http:string
    label: Type of Connection
    description: ""
      mode: READONLY

But I don’t get anything into the String, but these logs:

2021-06-08 13:17:26.503 [TRACE] [ttp.internal.http.RefreshingUrlCache] - Requesting refresh (retry=false) from 'http://oh.secretToken@localhost:8080/rest/services/org.openhab.openhabcloud/config' with timeout 3000ms
2021-06-08 13:17:26.505 [TRACE] [ttp.internal.http.RefreshingUrlCache] - Sending to 'http://oh.secretToken@localhost:8080/rest/services/org.openhab.openhabcloud/config': Method = {GET}, Headers = {Accept-Encoding: gzip, User-Agent: Jetty/9.4.20.v20190813}, Content = {null}
2021-06-08 13:17:26.516 [TRACE] [p.internal.http.HttpResponseListener] - Received from 'http://localhost:8080/rest/services/org.openhab.openhabcloud/config': Code = {401}, Headers = {Content-Type: application/json, Date: Tue, 08 Jun 2021 11:17:26 GMT, Transfer-Encoding: chunked, Server: Jetty(9.4.20.v20190813)}, Content = {{"error":{"message":"Authentication required","http-code":401}}}
2021-06-08 13:17:26.518 [WARN ] [p.internal.http.HttpResponseListener] - Requesting 'http://localhost:8080/rest/services/org.openhab.openhabcloud/config' (method='GET', content='null') failed: HTTP protocol violation: Authentication challenge without WWW-Authenticate header

I have tested all authentication modes with no luck:

  • Basic Authentication
  • Preemptive Basic Authentication
  • Digest Authentication

So how to translate the token URL used in curl into the http binding?

Just in case someone stumbles about this as well:
I just heard that token authentication is not supported by the http binding.
So I went with the user / password approach as above.