This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duane_Toler
Advisor
‎2023-11-08 09:45 AM

Can't login to System Data domain via web_api

I've seen the thread with @Bob_Zimmerman having the same issue back in R81.10, but that's not what my issue is, either.

https://community.checkpoint.com/t5/API-CLI-Discussion/unable-to-api-login-to-system-data-domain-in-...

 

I have *one* R81.20 JHF 26 management server where I can't login to "System Data" domain via web API. It works locally on the server.  I tried with username/password as well as just API key.  Both fail with "Null Pointer exception".

First, without "System Data" domain:

MGMT_CLI_API_CONTEXT=web_api
MGMT_CLI_DOMAIN='System Data'
MGMT_CLI_PASSWORD=password123
MGMT_CLI_PORT=443
MGMT_CLI_SERVER=192.0.2.1
MGMT_CLI_USER=admin_user


echo '{
  "user": "'${MGMT_CLI_USER}'",
  "password": "'${MGMT_CLI_PASSWORD}'"
}' |\
curl -s -k -X POST -H "Content-Type: application/json" -d@- https://${MGMT_CLI_SERVER}:${MGMT_CLI_PORT}/${MGMT_CLI_API_CONTEXT}/login;
{
  "uid" : "ac9bba59-8281-43a0-99ec-2d4195642aa2",
  "sid" : "nEyK2jaoSOraHPAm2nJUilyRuTUvMbTqenyWF41gjLM",
  "url" : "https://192.0.2.1:443/web_api",
  "session-timeout" : 600,
  "last-login-was-at" : {
    "posix" : 1699464704845,
    "iso-8601" : "2023-11-08T12:31-0500"
  },
  "api-server-version" : "1.9",
  "user-name" : "admin_user",
  "user-uid" : "be210527-deb4-4089-a1f6-b463dc8d1ccd"
}

 

Second, with 'System Data' domain: 

echo '{
  "user": "'${MGMT_CLI_USER}'",
  "password": "'${MGMT_CLI_PASSWORD}'",
  "domain" : "'System Data'"
}' |\
curl -s -k -X POST -H "Content-Type: application/json" -d@- https://${MGMT_CLI_SERVER}:${MGMT_CLI_PORT}/${MGMT_CLI_API_CONTEXT}/login;

{
  "code" : "generic_error",
  "message" : "Null Pointer exception: null"
}

 

$FWDIR/log/api.elg says the same thing:

2023-11-08 12:36:01,100  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:277 [qtp-1901918932-97] - Inbound Message
----------------------------
ID: 273
Address: http://127.0.0.1:56096/web_api/login
Encoding: UTF-8
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[*/*], connection=[keep-alive], Content-Length=[74], content-type=[application/json], Host=[127.0.0.1:56096], User-Agent=[curl/7.76.1], X-Forwarded-For=[192.0.2.254], X-Forwarded-Host=[192.0.2.1], X-Forw
arded-Host-Port=[443], X-Forwarded-Server=[10.255.255.4]}
--------------------------------------
2023-11-08 12:36:01,101  INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:94 [qtp-1901918932-97] - Executing [login] of version [1.9]
2023-11-08 12:36:01,116 ERROR com.checkpoint.management.web_api_is.utils.WebApiCommandExceptionUtils.getErrorReply:95 [qtp-1901918932-97] - java.lang.NullPointerException
        at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl.validateLoginByDomainName_aroundBody90(LoginSvcImpl.java:2936)
        at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl$AjcClosure91.run(LoginSvcImpl.java:1)

 

This exact same request works on other R81.20 JHF 26 servers I have.  Another cool bug?  I guess I'll open another TAC case for this one. 😕

0 Kudos
2 Replies
Hugo_vd_Kooij
Advisor
‎2023-11-08 10:21 AM

You need a TAC case for this one. But it is not a simple bug as then you would have the same issue on all units with the same version and JHFA. So there is another factor.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-11-08 10:26 AM

I don't think I've ever had a problem logging in to the System Data domain on a non-MDS management.

On the plus side, "Null pointer exception" is definitely a bug. I would take a management export and see if the problem can be reproduced with a VM. If it can be, they'll want you to see if it's still broken in the latest jumbo. If it's reproducible and still broken in the latest jumbo, the TAC will want that export. If it can't be reproduced, I suspect the TAC will tell you to rebuild the management. If the latest jumbo fixes it, they'll just say to update.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events