NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
Pols,<br>
<br>
Well, by actually reading the rest of the instructions in the <a
href="https://docs.unidata.ucar.edu/tds/current/userguide/enable_tls_encryption.html";>TDS
documentation</a> I was able to set the<span
style="color:#000000;background-color:#ffffff;">
certificateKeystorePassword, which fixed this problem. At least
for website access if I push though the self-signed certificate
warnings.<br>
<br>
But, pydap is failing due to the self-signed certificate and I
haven't found a way around it yet:<br>
</span><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">ssl.SSLCertVerificationError:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self-signed certificate (_ssl.c:1000)</span><br>
</span><br>
If anyone knows a way around that please let me know.<br>
<br>
Thanks,<br>
Jim<br>
<br>
On 7/11/24 11:47, Jim Fluke wrote:<br>
<blockquote type="cite"
cite="mid:aa0627d0-8aac-47ed-b691-58b2d544fe6b@xxxxxxxxxxxxx">
Pols,<br>
<br>
I created a self-signed certificate since it's just for testing
right now. So far I can't get it to work though. Here are the
errors I get at TDS start up:<br>
<span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">10-Jul-2024
15:26:16.372 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException
Failed to initialize component
[Connector["https-openssl-nio-8443"]] </span><br>
org.apache.catalina.LifecycleException:
Protocol handler
initialization failed<br>
.<br>
.<br>
.<br>
</span><span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">Caused by:
java.lang.IllegalArgumentException: Keystore was tampered
with, or password was incorrect</span></span><span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;"><br>
.<br>
.<br>
.<br>
Caused by:
java.security.UnrecoverableKeyException:
Password verification failed</span></span><span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;"><br>
</span></span><br>
And, I am still using 8443. Also because this is a test
environment.<br>
<br>
Do you have any idea where I can change the password. If that
really is the problem.<br>
<br>
Thanks,<br>
Jim<br>
<br>
<div class="moz-cite-prefix">On 7/10/24 01:33, Pols, Maarten
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:AS8P195MB238656339640EC8D7C9527F1E0A42@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}@font-face
{font-family:Aptos;}@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.E-mailStijl22
{mso-style-type:personal-compose;
font-family:"Tahoma",sans-serif;
color:windowtext;
position:relative;
top:0pt;
mso-text-raise:0pt;
letter-spacing:0pt;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div>
<p><span style="background-color: #feec97; color: #000;"><strong>**
Caution: EXTERNAL Sender **</strong></span></p>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Dear Jim,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">I think you are right, first setup a SSL
certificate, I’m also using the thredds docker image,
together with a nginx proxy server.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">M.J.
(Maarten) Pols</span></b><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif"><br>
</span></b><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Producten
en services</span></b><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif"><br>
</span></b><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Systeem-
en applicatiebeheerder</span></b><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">
</span></b><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<table class="MsoNormalTable" cellpadding="0" border="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><img
style="width:1.8437in;height:.6354in" id="Afbeelding_x0020_2"
src="cid:part1.x8yzqOXz.H679MeB2@colostate.edu" class="" width="177"
height="61"><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Botter
11-29, 8232 JN Lelystad (tevens
postadres)</span><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif"><br>
</span><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Berkenweg
7, Amersfoort | Informaticalaan 8,
Delft</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Telefoon
0320 294292</span><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif"> <br>
</span><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Internet</span><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif"> <u><a
href="http://www.hkv.nl/"; originalsrc="http://www.hkv.nl/";
shash="x6ho/LfPAvguAu9tDpRz/1Q7mf1eii/5xTGk2Xq8Gt48IyOuNBXPe2hbadhs4lqyAQC4TEG3YragSGRGdAntOd24HeOhjZO6AAppZ+HuqUfWU3hfeVvNr9QlvghYu9CEtmbZgzkwP7zHLLTab5hQei/B0Lb1N6zbDTDvVtMOZyE="
moz-do-not-send="true">www.hkv.nl</a></u>
<o:p></o:p></span></p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:6.0pt;font-family:"Verdana",sans-serif"
lang="NL">HKV, de kennisondernemer voor water en
veiligheid </span><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="NL"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="NL">Van:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="NL">
Jim Fluke <a class="moz-txt-link-rfc2396E"
href="mailto:james.fluke@xxxxxxxxxxxxx";
moz-do-not-send="true"><james.fluke@xxxxxxxxxxxxx></a>
<br>
<b>Verzonden:</b> Tuesday, 9 July 2024 19:45<br>
<b>Aan:</b> Pols, Maarten <a class="moz-txt-link-rfc2396E"
href="mailto:M.Pols@xxxxxx"; moz-do-not-send="true"><M.Pols@xxxxxx></a>;
<a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:thredds@xxxxxxxxxxxxxxxx";
moz-do-not-send="true">thredds@xxxxxxxxxxxxxxxx</a><br>
<b>Onderwerp:</b> Re: [thredds] Authentication
problems with the TDS and pydap<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" style="width:100.0%" width="100%"
cellspacing="0" cellpadding="0" border="0" align="left">
<tbody>
<tr>
<td style="background:#A6A6A6;padding:5.25pt 1.5pt 5.25pt
1.5pt"><br>
</td>
<td style="width:100.0%;background:#EAEAEA;padding:5.25pt
3.75pt 5.25pt 11.25pt" width="100%">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<span style="font-size:9.0pt;font-family:"Segoe
UI",sans-serif;color:#212121;mso-fareast-language:NL">##
Let op: deze mail is afkomstig van een externe
afzender.</span><span style="color:black"> <a
href="https://aka.ms/LearnAboutSenderIdentification";
moz-do-not-send="true"><span style="font-size:9.0pt;font-family:"Segoe
UI",sans-serif;mso-fareast-language:NL">Meer
informatie over waarom dit belangrijk
is</span></a>
</span><o:p></o:p></p>
</div>
</td>
<td style="width:56.25pt;background:#EAEAEA;padding:5.25pt
3.75pt 5.25pt 3.75pt;align:left" width="75"> <br>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Pols,<br>
<br>
Thank you for your response!<br>
<br>
But, it still does not work. I think I probably need
this, or something like it, but it's not enough.<br>
<br>
Now the web browser authentication fails with this
message:<br>
<span style="font-family:"Courier New"">Secure
Connection Failed<br>
<br>
An error occurred during a connection to localhost.
PR_END_OF_FILE_ERROR<br>
<br>
Error code: PR_END_OF_FILE_ERROR<br>
<br>
The page you are trying to view cannot be
shown
because the authenticity of the received data could
not be verified.<br>
Please contact the website owners to
inform them
of this problem.</span><br>
<br>
And the pydap authentication fails with this message:<br>
<span style="font-family:"Courier
New";color:black;background:white">ssl.SSLEOFError:
[SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in
violation of protocol (_ssl.c:1000)</span><br>
<br>
Which seems to indicate that I need to add an SSL
certificate, which I have not done. Again, I am using
the thredds-docker image, which does not have a
certificate by default. And the port forwarding that it
does might be an issue as well.<br>
<br>
I'll try the certificate, but other suggestions would be
very welcome.<br>
<br>
Jim<o:p></o:p></p>
<div>
<p class="MsoNormal">On 7/9/24 00:35, Pols, Maarten
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p><strong><span
style="font-family:"Aptos",sans-serif;color:black;background:#FEEC97">**
Caution: EXTERNAL Sender
**</span></strong><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Dear Jim,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">This problem cost me months to cover.
It was working in previous versions of thredds but
after een upgrade it broke my python
scripts.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">First of all, don’t upgrade to the
latest numpy packages, it will break pydap, latest
working version is 1.26.x</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Than to solve this issue, you need to
change applicationContext.xml file, this file is
in webapps -> thredds ->
WEB-INF</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">You need to change line 112 and 113:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> <bean
id="restrictedDatasetAuthorizer"
class="thredds.servlet.restrict.TomcatAuthorizer"></span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> <property
name="useSSL"
value="false"/></span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> <property
name="sslPort"
value="8443"/></span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </bean></span></i><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Into </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> <bean
id="restrictedDatasetAuthorizer"
class="thredds.servlet.restrict.TomcatAuthorizer"></span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> <property
name="useSSL"
value="<b>true</b>"/></span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> <property
name="sslPort"
value="<b>443</b>"/></span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </bean></span></i><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">This was solving the issue in my
case, and I hope it will help you.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">M.J.
(Maarten) Pols<br>
Products and Services<br>
System and application administrator
</span></b><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<table class="MsoNormalTable" cellpadding="0"
border="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><img
style="width:1.8541in;height:.6354in" id="Afbeelding_x0020_1"
src="cid:part2.YJLqE4u4.f7xPFtAc@colostate.edu" class="" width="178"
height="61" border="0"><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Botter
11-29, 8232 JN Lelystad, The
Netherlands (also postal
address) <br>
Berkenweg 7, Amersfoort |
Informaticalaan 8,
Delft</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Verdana",sans-serif">Telephone
+31 (0)320 294292 <br>
Internet <u><a
href="http://www.hkv.nl/en/"; originalsrc="http://www.hkv.nl/en/";
shash="EjDz5KgdCFqyzSCb1b/0qxwtzfqp6gmQZyknWMiXV4vI1rj3kZUvKRde3NvThaor3yHAZVQNJgaKfpiz8yYL+xz+y53QqpbnGowz4e3OHlrK13w4ovgb1z4D//wWZm5PevCmdq+iPQbLeaEQ7tQosbJ3gnj0UljHF1BLsXIMKxo="
moz-do-not-send="true">www.hkv.nl/en/</a></u>
</span><o:p></o:p></p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:6.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">HKV, knowledge entrepreneurs
in flood risk and water resources
management </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="NL">Van:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="NL">
thredds <a href="mailto:thredds-bounces@xxxxxxxxxxxxxxxx";
moz-do-not-send="true"><thredds-bounces@xxxxxxxxxxxxxxxx></a>
<b>Namens </b>Jim Fluke<br>
<b>Verzonden:</b> Tuesday, 9 July 2024 00:04<br>
<b>Aan:</b> <a href="mailto:thredds@xxxxxxxxxxxxxxxx";
moz-do-not-send="true"
class="moz-txt-link-freetext">thredds@xxxxxxxxxxxxxxxx</a><br>
<b>Onderwerp:</b> [thredds] Authentication
problems with the TDS and pydap</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<table class="MsoNormalTable" style="width:100.0%"
width="100%" cellspacing="0" cellpadding="0" border="0" align="left">
<tbody>
<tr>
<td style="background:#A6A6A6;padding:5.25pt 1.5pt
5.25pt 1.5pt"><br>
</td>
<td
style="width:100.0%;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 11.25pt"
width="100%">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<span
style="font-size:9.0pt;font-family:"Segoe
UI",sans-serif;color:#212121;mso-fareast-language:NL">##
Let op: deze mail is afkomstig van een
externe afzender.</span><span
style="color:black"> <a href="https://aka.ms/LearnAboutSenderIdentification";
moz-do-not-send="true"><span style="font-size:9.0pt;font-family:"Segoe
UI",sans-serif;mso-fareast-language:NL">Meer
informatie over waarom dit
belangrijk is</span></a>
</span><o:p></o:p></p>
</div>
</td>
<td
style="width:56.25pt;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt
3.75pt;align:left" width="75"> <br>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">Hello,<br>
<br>
I'm now trying to get user authentication working
with our thredds-docker based TDS. I'm pretty sure
I have the configuration set up to enable
authentication as described in the TDS manual's
"<span style="color:black;background:white"><a
href="https://docs.unidata.ucar.edu/tds/current/userguide/restict_access_to_tds.html#restrict-access-by-dataset-in-tds-catalogs";
originalsrc="https://docs.unidata.ucar.edu/tds/current/userguide/restict_access_to_tds.html#restrict-access-by-dataset-in-tds-catalogs";
shash="PZOx9FLcAuu6KJ3pOsQECLIq/7vDvB93iRpnyXJ5zfvhfz4oqoT4iw9rqvraz0aHdsiafPq6+KPO0gTalzurUvVrMsH9Ff+813xYwKGcZLlvP/amr5vxY1SYkBBN7/fssMKL9PBYZBD6DK6Ldr5iF+M3SybMn65xHalJZmVaLwU="
moz-do-not-send="true">Restrict Access To The
TDS</a>" page</span>. And I have verified this
by accessing the TDS from a browser and having the
credentials entry pop-up window display and work
correctly.<br>
<br>
But, I can't get the authentication to work in
Python with pydap. According to the pydap
documentation the credentials should be added to
the URL this way:<br>
<br>
<span style="font-family:"Courier
New";color:black;background:white">>>>
from pydap.client import open_url </span><span
style="font-family:"Courier New""><br>
>>> dataset = open_url('<a
href="http://username:password@xxxxxxxxxxxxxxxxxx/path/to/dataset";
originalsrc="http://username:password@xxxxxxxxxxxxxxxxxx/path/to/dataset";
shash="Zh3uGJ4zUcnUVgOrhTlG7l/nXlKCe4PM7oxWe7cxzBIAQ4/9fg+bUgsHbkSIP4FoyplI22zBLF9MD+60wIcUBdKRRVkkKQrRV/Lruaq+qCaZOVMBcFWAK2BHZxAjBXo0VCy3DMM0VHC9Km/+RLtoecXyOapT33YGPxmdlARi4E4="
moz-do-not-send="true">http://username:password@xxxxxxxxxxxxxxxxxx/path/to/dataset</a>')<br>
</span><br>
But because <a
href="https://docs.unidata.ucar.edu/tds/current/userguide/digested_passwords.html";
originalsrc="https://docs.unidata.ucar.edu/tds/current/userguide/digested_passwords.html";
shash="d10mi9S0MG9tBEd/3f47M085b+0at93qhvFwbqBahPl9vktr2O/lDMk0ZZsQrdNNWsQocJ915bmA4wuAKl81J2iK4IB7Mdnw9XUoeN8a2LIjbeBkgIRDyG6/gDJKpEYiIPTAGNCFXgL4gcgh1eRzRR1iMf8E4TTUEoSqA46rPb4="
moz-do-not-send="true"> Digested Passwords</a>
are enabled for our TDS, it seems clear that I
should use the digested password, so this is what
I tried:<br>
<br>
<span style="font-family:"Courier
New";color:black;background:white">>>>
from pydap.client import open_url </span><span
style="font-family:"Courier New""><br>
>>> dataset = open_url('<span
style="color:black;background:white">http://fluke:d1ef3ce7e7c41de74192a362524ad0a460692a222d9dd796ee383b56e446d749$1$d03ce0f88475505a68bd0eb37fa570df8120e59ccf62a4f580a55ad612f695c0e385893fe7205f7c181b221ab49bc817d4a33a2b</span><br>
<a
href="mailto:2bb727fdc0ee3420e7e5b99e@localhost:7000/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2008/366/2008366031107_14239_CS_2B-GEOPROF_GRANULE_P1_R05_E02_F00.hdf";
moz-do-not-send="true"
class="moz-txt-link-freetext">2bb727fdc0ee3420e7e5b99e@localhost:7000/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2008/366/2008366031107_14239_CS_2B-GEOPROF_GRANULE_P1_R05_E02_F00.hdf</a><br>
')<br>
</span><br>
But it does not work. Here is the output:<br>
<br>
<span style="font-family:"Courier
New";color:black;background:white">@
~/devRepos/thredds-dpc-gh-actual/tests$
docker-compose run --rm test_opendap </span><span
style="font-family:"Courier New""><br>
url: <a
href="http://fluke:d1ef3ce7e7c41de74192a362524ad0a460692a222d9dd796ee383b56e446d749$1$d03ce0f88475505a68bd0eb37fa570df8120e59ccf62a4f580a55ad612f695c0e385893fe7205f7c181b221ab49bc817d4a33a2b";
moz-do-not-send="true" class="moz-txt-link-freetext">
http://fluke:d1ef3ce7e7c41de74192a362524ad0a460692a222d9dd796ee383b56e446d749$1$d03ce0f88475505a68bd0eb37fa570df8120e59ccf62a4f580a55ad612f695c0e385893fe7205f7c181b221ab49bc817d4a33a2b</a><br>
<a
href="mailto:2bb727fdc0ee3420e7e5b99e@localhost:7000/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2008/366/2008366031107_14239_CS_2B-GEOPROF_GRANULE_P1_R05_E02_F00.hdf";
moz-do-not-send="true"
class="moz-txt-link-freetext">2bb727fdc0ee3420e7e5b99e@localhost:7000/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2008/366/2008366031107_14239_CS_2B-GEOPROF_GRANULE_P1_R05_E02_F00.hdf</a>
<br>
<br>
Traceback (most recent call last): <br>
File "/app/opendap_pydap.py", line 8, in
<module> <br>
dataset = open_url(url) <br>
^^^^^^^^^^^^^
<br>
File
"/opt/conda/lib/python3.12/site-packages/pydap/client.py",
line 68, in open_url <br>
handler =
pydap.handlers.dap.DAPHandler(url,
application, session, output_grid, <br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<br>
File
"/opt/conda/lib/python3.12/site-packages/pydap/handlers/dap.py",
line 71, in __init__ <br>
self.make_dataset() <br>
File
"/opt/conda/lib/python3.12/site-packages/pydap/handlers/dap.py",
line 96, in make_dataset <br>
self.dataset_from_dap2() <br>
File
"/opt/conda/lib/python3.12/site-packages/pydap/handlers/dap.py",
line 109, in dataset_from_dap2 <br>
pydap.net.raise_for_status(r) <br>
File
"/opt/conda/lib/python3.12/site-packages/pydap/net.py",
line 38, in raise_for_status <br>
raise HTTPError( <br>
webob.exc.HTTPError: 401 Unauthorized <br>
<!doctype html><html
lang="en"><head><title>HTTP
Status 401 – Unauthorized</title><style
type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2,
h3, b {color:white;background-co<br>
lor:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p
{font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><bod<br>
y><h1>HTTP Status 401 –
Unauthorized</h1><hr class="line"
/><p><b>Type</b> Status
Report</p><p><b>Description</b>
The request has not been applied to the target
resource because it lacks va<br>
lid authentication credentials for that
resource.</p><hr class="line"
/><h3>Apache
Tomcat</h3></body></html><br>
<br>
</span>So, am I right to be using the digested
password? Do you see anything else that could be
wrong? Why does this work for the browser but not
for pydap?<br>
<br>
I will add that the algorithm for the <span
style="color:black;background:white">
CredentialHandler is "sha-</span><b><span
style="color:#FF5454;background:white">512</span></b>"
in the ~tomcat/conf/server.xml file inside the
container, so that is why the digested password is
an sha512 digest. And the clear text password is
"flukeTmp". I'll be changing that for our
production system.<br>
<br>
And, all of this - the TDS configuration and the
test python script with the above URL - are now
checked in to our <a
href="https://github.com/JimFluke/thredds-dpc/tree/master";
originalsrc="https://github.com/JimFluke/thredds-dpc/tree/master";
shash="OU/KJT9dXcykuQBuNc5fh5lBjuAHHu4Rbyqv7agsmCze+nH1SOPACKqw2usZk9XvQGHiLnfY2h+o6oFXnHRvM11Tbi21H2nCQOziEBKDUSE/JPG76iU476LFZMBCTqvJo6C22pl3+b1KGZiSX/7308eFc1/fumm5+lv8IglEpRM="
moz-do-not-send="true">thredds-dpc</a>
repository on GitHub so you can look at the
details there.<br>
<br>
Any help would be greatly appreciated.<br>
<br>
Thanks,<br>
Jim<o:p></o:p></p>
</div>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>
thredds archives: