Tm1py: Connecting with Security mode 5 without SSO

Created on 14 Jan 2021  路  10Comments  路  Source: cubewise-code/tm1py

Describe what did you try to do with TM1py
Hi everyone. I'm trying to connect at my instance which is in security mode 5.
Here is my script based on the best practice credential.

import configparser
from getpass import getpass

import keyring
from TM1py import TM1Service

INSTANCE = "GENERIQUE"
config = configparser.ConfigParser()
#config.read(r'..\config.ini')
config.read(r'C:\Users\GMU\Desktop\Programmation_1\TM1\config.ini')
print(config.read(r'C:\Users\GMU\Desktop\Programmation_1\TM1\config.ini'))

address = config[INSTANCE]["address"]
port = config[INSTANCE]["port"]
ssl = config[INSTANCE]["ssl"]
user = config[INSTANCE]["user"]

# interact with Windows Credential Manager through the keyring library
password = keyring.get_password(INSTANCE, user)
if not password:
    password = getpass(f"Please insert password for user '{user}' and instance '{INSTANCE}':")
keyring.set_password(INSTANCE, user, password)

config[INSTANCE]["password"] = password

with TM1Service(**config[INSTANCE]) as tm1:
    tm1_version = tm1.server.get_product_version()
    print(tm1_version)

Here is my config.ini:

[GENERIQUE]
address= winpaca
port= 10301
user= gmu
password= mypwd
namespace = AD
gateway = http://myserver:0000/bi/v1/disp
ssl=True

Describe what's not working the way you expect
I don't get why it's not working . I think there is an issue with the CAMID but I don't know to solve it.
Could someone help me to fix it , or tell me how to implement the connexion on Security mode 5 with TM1py if I'm wrong?

Version

  • TM1py [1.5.0]
  • TM1 Server Version: [2.0.9.4/11.8.3 (lastest)]
  • Python 3.8.5

Here are errors:

['C:\Users\GMU\Desktop\Programmation_1\TM1\config.ini']
Traceback (most recent call last):
File "c:/Users/GMU/Desktop/Programmation_1/TM1/test_bestpractice_credentials.py", line 28, in
with TM1Service(config[INSTANCE]) as tm1:
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\TM1Service.py", line 13, in __init__
self._tm1_rest = RestService(
kwargs)
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 165, in __init__
self._start_session(
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 293, in _start_session
token = self._build_authorization_token(
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 383, in _build_authorization_token
return RestService._build_authorization_token_cam(user, password, namespace, gateway, verify)
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 404, in _build_authorization_token_cam
raise RuntimeError(
RuntimeError: Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie

Thank you in advance for any help.
I've already try security mode 1 and it worked like a charm.

question

Most helpful comment

Remove gateway from the config file.

If you pass gateway parameter, TM1py will try to connect using SSO and ignore the username and password.

All 10 comments

Remove gateway from the config file.

If you pass gateway parameter, TM1py will try to connect using SSO and ignore the username and password.

I get another error message.

['C:\Users\GMU\Desktop\Programmation_1\TM1\config.ini']
Traceback (most recent call last):
File "c:/Users/GMU/Desktop/Programmation_1/TM1/test_bestpractice_credentials.py", line 26, in
with TM1Service(config[INSTANCE]) as tm1:
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\TM1Service.py", line 13, in __init__
self._tm1_rest = RestService(
kwargs)
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 165, in __init__
self._start_session(
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 302, in _start_session
response = self.GET(url=url)
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 76, in wrapper
self.verify_response(response=response)
File "C:\Users\GMU\Desktop\Programmation\lib\site-packages\TM1py\Services\RestService.py", line 372, in verify_response
raise TM1pyRestException(response.text,
TM1py.Exceptions.Exceptions.TM1pyRestException: Text: Status Code: 401 Reason: Unauthorized Headers: {'Content-Type': 'text/plain', 'Content-Length': '0', 'Connection': 'keep-alive', 'Set-Cookie': 'TM1SessionId=dq0g_9Dq_3h2e8c882B24XhL9GE; Path=/api/; HttpOnly; Secure', 'WWW-Authenticate': 'CAMPassport http://myserveur:0000/bi/v1/disp, CAMNamespace'}

I used the check.py script from TM1py samples and it worked.
Here the message i get after executing the check.py scrpit.

TM1 User (leave empty if SSO): gmu
Password (leave empty if SSO):
CAM Namespace (leave empty if no CAM Security): AD
Address (leave empty if localhost): winpaca
ClientCAMURI (leave empty if no SSO):
HTTP Port (Default 5000): 1000
SSL (Default T or F): T
Connection to TM1 established!! your Servername is: GENERIQUE

May the is an error in my script above in the initial post or in my config.ini file ?

Unauthorized Headers means you/user don't have access to the TM1 instance.

It could also mean that you are providing wrong username/password/namespace

Be careful namespace is case sensitive!

OK but it works with the check.py and doesn't work with the best practice credentials. And I don't really see the difference.

If it works in check.py it must also work when you hardcode the user/password/namespace or retrieve it from a file or the windows credential manager.

It doesn't look like a TM1py issue, but more a general python problem

In a first step try to authenticate with everything hardcoded like this:

from TM1py import TM1Service

with TM1Service(address="", port=50501, ssl=True, namespace="AD", user="winpaca", password="apple") as tm1:
    print(tm1.server.version)

In a second step you can outsource credentials and coordinates into a config or the windows credential manager.

Thank you for your help Marius and Vinoth.
It works when everything is hardcoded. I'm well retrieving the version "11.8.00300.34" .
I'll try to figured it out where the issue is .
It seems really weird for me, It should work with the best practice credential.
The Only thing i see is my config.ini which is badly filled.
Here is what I have in the config.ini:

[GENERIQUE]
address=winpaca
port=100
user=gmu
password =xxxxx
namespace =AD
gateway=
ssl=True

Where:

[GENERIQUE] --> is my tm1server/instance
address=winpaca --> is my Windows server name
port=1000 --> is the httpportnumber
user=gmu --> is the user (the user has admin privilege on the instance)
password =xxxxx --> is the password of my user
namespace =AD --> is the Active Directoy from Windows
gateway= --> left empty (after the advice of Vinoth)
ssl=True --> is the security protocol

I understand that this issue is no longer related to TM1py, but limited to retrieving the values from the .ini file, so I will close the issue for now.

Sorry I hadn't time to answer. It works now. Il resolve the issue by adding this line.
pwd = config[INSTANCE]["password"]

But I have an issue with the keyring lib I think
Well Thank You for your help guys

Was this page helpful?
0 / 5 - 0 ratings