For certain resources, the Redfish
clients may require to authenticate access. Redfish relies on the
managed system for the required credentials and supported forms of
authentication. In iDRAC, authentication is based on local credentials
and remote protocols such as Active Directory and LDAP.
NOTE You must have the required
iDRAC license to use Active Directory and LDAP.
Authorization includes both user privilege and license authorization. Redfish support is included in all levels of iDRAC licensing.
The following table details the authentication and authorization required
for each Redfish action:
Table 1. Redfish authentication
and authorizationThis table lists whether the Redfish actions require authentication or authorization.
Redfish actions
Authentication required
Authorization required
Read operation on any instrumentation data
Yes
Yes
Modify instrumentation data
Yes
Yes
Invoke actions
Yes
Yes
View service root
No
No
View metadata document
No
No
View OData service document
No
No
View message registry
No
No
View Redfish version URI
No
No
View JSONSchemaFile resource URI
No
No
View JSON schemas URI
No
No
The Redfish service provides access to
Redfish URLs by using the following methods:
Basic authentication: In this method, user name and password
are provided for each Redfish API request.
Session-based authentication: This method is used while issuing
multiple Redfish operation requests.
Session login is initiated by accessing the Create session
URI. The response for this request includes an X-Auth-Token header
with a session token. Authentication for subsequent requests is made
using the X-Auth-Token header.
Session logout is performed by issuing a DELETE of the Session resource
provided by the Login operation including the X-Auth-Token header.
NOTE The iDRAC
firmware incorporates the concept of application sessions for various
existing interfaces such as the web interface, WSMan, and RACADM. With the introduction
of Redfish-specific sessions, Redfish inherits the characteristics
of web server sessions and the property Session Timeout inherits the
web server session timeout value.
NOTE To ensure a secure
connection, Dell recommends using TLS 1.1 or later.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\