#516 nHaystack-N4 2.0.1 with Niagara 4.3

Melissa TeBockhorst Wed 2 Aug

Richard - I am creating a new topic for the issue that Eric was talking about in the AX post. I am the systems integrator that is working with Eric to get nhaystack to work. We are running the haystack driver with N4.3.58.18. We were able to get the nhaystack to work in N4.2 but somehow we only got it to work with the encrypted authentication (digest not http basic) which I have no idea how we did that. We have tried multiple things to get this to work including creating new users both basic and digest, turning off the secure HTTPS port and only looking at the HTTP port. We known the user is setup as basic because we are able to connect SkySpark with OBIX. I am also able to run the https://IP/haystack/read?filter=point after logging in via the browser. I was able to get logs from the jetty web service and will post them. Thanks for the help!

Richard,

We are using the 2.0.1 driver on N4, version 4.3. However, we don't seem to be able to get past the Authentication Failed 302 error. The user we have created is using basic authentication and works with the oBix driver but not with nHaystack 2.0.1 on 4.3 Niagara.

Has the 2.0.1 driver been tested on 4.3, are are there any thoughts on helping debug?

Eric

Melissa TeBockhorst Wed 2 Aug

Melissa TeBockhorst Wed 2 Aug

Melissa TeBockhorst Wed 2 Aug

Gabe Sandoval Wed 2 Aug

We've been able to get 4.3 to work for us. I don't know if this helps but I've noticed that we have had to restart Skyspark service before the connection was successful. I don't know why that helps, it could be coincidental but it worked for us.

Gabe

Richard McElhinney Thu 3 Aug

Hi Melissa,

thanks for posting and providing all the information.

As I've posted before in the forum it is important to understand that the authentication issue is not something that is under my control in the nhaystack module. The nhaystack servlet is mounted in the Niagara web server and sits behind Tridium's authentication procedure.

The process for getting it working does seem a bit random from the feedback I've had which makes it difficult to diagnose individual situations. It is encouraging though that Gabe managed to get it to work under 4.3.

If you're using SkySpark perhaps try Gabe's suggestion and see if that makes a difference.

Cheers, Richard

Eric Loew Thu 3 Aug

Thanks Richard,

We are going to try a few more things, but the restart of SkySpark did not help. (-;

Eric

Eric Loew Thu 3 Aug

Reviewing a different but related post (http://project-haystack.org/forum/topic/375), I tried testing the connection at the command line, and get the following. It looks like it is presenting some sort of Java Login page ...

IP Addresses and passwords changed..

E:\Data\SkSp\skyspark-2.1.15\bin>fan haystack::Client http://10.1.1.1:85/haystack Group_14_Basic xxxxxxxxxx
[12:47:25 03-Aug-17] [debug] [haystackClient] > [0]
POST http://10.1.1.1:85/haystack/authHello
Content-Length: 35
Content-Type: text/zinc
Accept-Encoding: gzip
Accept: text/zinc
ver:"3.0"
username
"Group_14_Basic"

[12:47:25 03-Aug-17] [debug] [haystackClient] < [0]
302 Found
Set-Cookie: JSESSIONID=c17bcedf7c895dadfa7269605ea1a4a15552c03c8f0db9d819;Path=/;HttpOnly
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://10.1.1.1:85/login

[12:47:25 03-Aug-17] [debug] [haystackClient] > [1]
GET http://10.1.1.1:85/login
Accept-Encoding: gzip

[12:47:25 03-Aug-17] [debug] [haystackClient] < [1]
200 OK
Content-Length: 2270
x-frame-options: sameorigin
Content-Type: text/html;charset=utf-8
<!DOCTYPE html>
<html>
<head>
  <meta name="viewport" content="width=device-width initial-scale=1.0 maximum-scale=1.0 target-densityDpi=medium-dpi">
  <title>Login</title>
  <link rel="stylesheet" type="text/css" href="login/loginN4.css">
  <script type="text/javascript" src="login/loginN4.js"></script>

</head>
<body onload="checkFail()">
  <script type='text/javascript'>
    if ('ontouchstart' in window) {
      document.body.className += ' touch-enabled';
    }
  </script>
  <div id="outer-login-form-container">
    <div id="login-logo-container">
  <img id="login-logo" src="login/logo" alt="Custom Logo"/>
</div>
    <div id="login-form-container">
      <div id="login-title-container">
        <div id="login-title">DPSWS</div>
      </div>
      <div>
        <noscript>JavaScript must be enabled to login</noscript>
      </div>
      <div id="login-failed">
        Login Failed
      </div>

      <div id="login-image">
        <img src="login/keys.png" />
      </div>
      <form id="main-login-form" method="POST" action=prelogin>
            <div id="login-credentials">
    <div class="login-group">
        <label class="login-label" for="userName">Username:</label>
        <input class="login-input" type="text" name="j_username" autofocus/>
    </div>

    <input id="login-submit" type="submit" value="Login"/>
</div>
      </form>

    </div>
    <div id="blanket" style="display:none">
  <div id="licenseDiv" style="display:block">
    <div id="licenseTitle"><div id="licenseFileName"></div><div><img id="closeButton" src="login/close.png" alt="Close" onclick="closeLicense()"/></div></div>
    <iframe id="licenseFile" onload="fixStyle(this)" src=""></iframe>
  </div>
</div>

<div id="licenseAgreements">
Use of this software is subject to the<br />
<a href="#" onclick="openLicense('End User License Agreement', 'eula');">End User License Agreement</a>
 and other <a href="#" onclick="openLicense('Third Party Licenses', 'thirdPartyLicenses');">Third Party Licenses</a>
</div>

  </div>
  <p>
  <span id="webStartLogin" class="">
  To connect using Java Web Start <a id="niagara_webStartJnlpLink" href="/webstart/jnlp">click here</a>
  </span>
</p>
</body>
</html>

[12:47:25 03-Aug-17] [debug] [haystackClient] > [2]
POST http://10.1.1.1:85/j_security_check/
Content-Length: 95
Cookie: JSESSIONID=c17bcedf7c895dadfa7269605ea1a4a15552c03c8f0db9d819; niagara_userid=Group_14_Basic
Content-Type: application/x-niagara-login-support; charset=UTF-8
Accept-Encoding: gzip
action=sendClientFirstMessage&clientFirstMessage=n,,n=Group_14_Basic,r=kniaF4WpnECV+MgwO/N5vA==

[12:47:25 03-Aug-17] [debug] [haystackClient] < [2]
302 Found
Set-Cookie: niagara_userid=Group_14_Basic;Expires=Fri, 03-Aug-2018 18:47:19 GMT
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://10.1.1.1:85/login?auth=fail

sys::Err: Authentication failed: 302
  haystack::NiagaraScramAuthAlgorithm.firstMsg (ClientAuth.fan:494)
  haystack::NiagaraScramAuthAlgorithm.auth (ClientAuth.fan:476)
  haystack::ClientAuth.authHaystack (ClientAuth.fan:79)
  haystack::Client.openx (Client.fan:39)
  haystack::Client.main (Client.fan:301)
  java.lang.reflect.Method.invoke (Unknown)
  fan.sys.Method.invoke (Method.java:559)
  fan.sys.Method$MethodFunc.callList (Method.java:198)
  fan.sys.Method.callList (Method.java:138)
  fanx.tools.Fan.callMain (Fan.java:183)
  fanx.tools.Fan.executeType (Fan.java:147)
  fanx.tools.Fan.execute (Fan.java:41)
  fanx.tools.Fan.run (Fan.java:308)
  fanx.tools.Fan.main (Fan.java:346)

E:\Data\SkSp\skyspark-2.1.15\bin>

Eric Loew Mon 7 Aug

Anyone more familiar with Niagara N4 and the nHaystack driver have any suggestions? We seem to be at a loss.

Christian Tremblay Mon 7 Aug

@Richard

I think we really need to consider using another forum than project-haystack for direct support of nhaystack (or any other 3rd party module/program/etc).

I'm used to Github and I really like the way it works.

Maybe Bitbucket can work fine for that need too...

But this forum doesn't fit for that.

It's hard to keep track of bugs and work related to bugs ... and code format just don't look good.

Richard McElhinney Tue 8 Aug

Hi Christian,

Thanks for your thoughts.

I'm not fussed by either Github or Bitbucket. Like most developers I use both Mercurial and Git in my regular day job so it's of no consequence to me personally.

For what it's worth Bitbucket does have an issue tracker and it's open for everyone to use as long as you have a Bitbucket account which is free.

However, moving the repo around isn't going to solve the issue.

Neither is moving the discussion away from this forum where most people in the Haystack community get their updates from...and neither is tracking a bug in another online system going to assist either.

The reason I say this is that to the best of my knowledge and as far as I can see the issue that everyone is experiencing is not a bug with nhaystack.

It is an issue with the Niagara authentication mechanism not conforming to the standard published by Matt Giannini. nhaystack has no direct control over authentication as far as I can tell.

I have posted to this effect several times.

Believe me I am equally frustrated as those who are trying to use this Niagara module, this is not the sort of feedback I want to be seeing.

I have been following up with Tridium offline via email but have not yet received any responses, if I had I would have updated everyone via this forum immediately.

As you know Christian, and others also do, I'm more than happy to take input from the community for the nhaystack module, whether by submitting code through Pull Requests or any other way that is appropriate. So if there are other suggestions on how we as a community can solve this issue without requiring support from Tridium then I'm happy to take all ideas on board.

Cheers, Richard

Gabe Sandoval Wed 9 Aug

I established another connection with a new jace that is running 4.3 and didn't have any issues. We have 3 connections with 4.3 stations plus many other 4.2 stations with no issues.

I'm assuming you are completing all the necessary steps that need to be done to setup this connection but I can explain the steps we take to create the connection. But being that you have established connection with 4.2 jaces you should know these steps.

Gabe

Richard McElhinney Wed 9 Aug

Gabe!!

What's your secret? Can you share any more detailed steps with the community that might assist everyone?

Cheers,

Richard

Eric Loew Wed 9 Aug

Yes, I would certainly like to know what steps you take and any issues you have worked through. We have many nHaystack drivers out there working for us (both AX and N4) but the few that fail can be really troubling.

Eric

Gabe Sandoval Thu 10 Aug

Jace setup:

-Install jar file. (This should require a reboot) -Add Nhaystack service to services container. -Initialize haystack. -Make sure web service http port or https port is open depending on which you use. -Add a Http Basic Scheme to Authentification Service/Authentification Scheme container. -Create a user account and set the Authentification Scheme to use the Http Basic Scheme.

We don't do anything different than what is already specified for a Haystack connection other than I recommend using the ip address and not the host name of the Jace. We use ssl cert and we notice that we have to stop Skyspark service after running the "fan tools::KeyMgr trust -uri https://example.com" in command prompt, and then start the service. The connection should work after that.

Gabe

Melissa TeBockhorst Thu 10 Aug

All,

Thanks for responding!!! It is very encouraging that others have got it to work. I am already using basic authentication as described above. Sorry about posting the logs. I didn't realize this was not the place to post it but I do appreciate the feedback.

This issue is difficult to troubleshoot because we are essentially trying to integrate 3 vendors(Tridium, Haystack, SkySpark) and each are pointing fingers at the other.

Eduardo Partida Fri 11 Aug

Followed Gabe's instructions to a T and I still couldn't get it to work. We went back to 4.2 and I works fine. Also tried a new clean install without haystack jar file then reinstalled it. Still no bueno.

Login or Signup to reply.