The authentication mechanism described in http://project-haystack.org/doc/Auth is available for Niagara 4.3 by installing the following patch modules:
baja 4.3.58.22.1
jetty-rt 4.3.58.22.3
web-rt 4.3.58.22.3
docDeveloper 4.3.58.22.1
This will allow you to authenticate to Niagara 4.3 using the scram-sha mechanism defined in the Auth document. You should be able to obtain these through your support channel.
Alper ÜzmezlerWed 20 Sep 2017
Great news. Thank you Bill. This will help us all.
Richard McElhinneyThu 21 Sep 2017
Hi Bill,
Thanks for this! It's great news for the community and we appreciate Tridium's collaboration.
Can you elaborate further on if/when this might be back-ported to Niagara 4.2? I know there are a lot of folks in the community who are using nhaystack with 4.2 and have suffered from this issue for some time.
To the community: I'm currently working on the next release of nhaystack which will be built using Niagara 4.3. Once I hear further from Bill regarding any possibility of backporting to 4.2 I will deal with that when the time comes. However, I think that once I release the next nhaystack we as a community should do our best to upgrade and standardise on Nigara 4.3 moving forward.
I appreciate this is not always possible and I appreciate that this may bring it's own set of challenges on existing sites. However I think we need to get a reliable working baseline going and it looks like Niagara 4.3 is going to be it.
I'm still happy to take comments, thoughts, patches or assistance as always.
I'll keep the community posted.
Richard
Bill SmithThu 21 Sep 2017
Hi Richard. I can't commit to a date, but backporting to N4.2 is in the works!
Richard McElhinneyThu 21 Sep 2017
Thanks Bill...that's great news!
We look forward to further updates when you can share them.
Cheers, Richard
Ricky VillaThu 9 Nov 2017
Hi Bill,
I have a customer that has N4.4 and are getting the below error when trying to authenticate to it. Looks like complete rejection. Is N4.4 supporting haystack auth?
They had N4.3 which worked just fine. Then after upgrading is when this occurred.
This should work fine in N4.4. I've forwarded this to our engineer who implemented the auth and will post his response. Do you have any info or stacktrace from the server side?
Regards, Bill
david blanchFri 17 Nov 2017
hi there not sure this is the right thread to be posting this in but was along the same lines AUTH, im currently having issues in 4.3 with nHaystack device driver when trying to connect to skysparks server from niagara to draw points back down.
i have a slack messenger service i created that connects to restApi which was throwing the same error as im getting from nHaystack below in 4.3, after contacting tridium they advised that i needed to add the "module-permissions.xml" to my source to allow external connections on specific ports from my niagara 4.3 instance. Could the below be caused by the same issue?? this is only new to 4.3 hence why i though i would ask the question
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051) at sun.net.www.http.HttpClient.openServer(HttpClient.java:541) at sun.net.www.http.HttpClient.<init>(HttpClient.java:242) at sun.net.www.http.HttpClient.New(HttpClient.java:339) at sun.net.www.http.HttpClient.New(HttpClient.java:357)
Jonathan HughesTue 5 Dec 2017
Skyspark had no issue connecting down with BasicAuth in 4.3 prior to updating with this patch. Installed the patch to fix the memory leak but now Skyspark can't authenticate with the implementation of the HaystackAuth that comes with the patches.
Anybody had any luck connecting to 4.3 from Skyspark after this patches has been installed?
Bill Smith Wed 20 Sep 2017
The authentication mechanism described in http://project-haystack.org/doc/Auth is available for Niagara 4.3 by installing the following patch modules:
This will allow you to authenticate to Niagara 4.3 using the scram-sha mechanism defined in the Auth document. You should be able to obtain these through your support channel.
Alper Üzmezler Wed 20 Sep 2017
Great news. Thank you Bill. This will help us all.
Richard McElhinney Thu 21 Sep 2017
Hi Bill,
Thanks for this! It's great news for the community and we appreciate Tridium's collaboration.
Can you elaborate further on if/when this might be back-ported to Niagara 4.2? I know there are a lot of folks in the community who are using nhaystack with 4.2 and have suffered from this issue for some time.
To the community: I'm currently working on the next release of nhaystack which will be built using Niagara 4.3. Once I hear further from Bill regarding any possibility of backporting to 4.2 I will deal with that when the time comes. However, I think that once I release the next nhaystack we as a community should do our best to upgrade and standardise on Nigara 4.3 moving forward.
I appreciate this is not always possible and I appreciate that this may bring it's own set of challenges on existing sites. However I think we need to get a reliable working baseline going and it looks like Niagara 4.3 is going to be it.
I'm still happy to take comments, thoughts, patches or assistance as always.
I'll keep the community posted.
Richard
Bill Smith Thu 21 Sep 2017
Hi Richard. I can't commit to a date, but backporting to N4.2 is in the works!
Richard McElhinney Thu 21 Sep 2017
Thanks Bill...that's great news!
We look forward to further updates when you can share them.
Cheers, Richard
Ricky Villa Thu 9 Nov 2017
Hi Bill,
I have a customer that has N4.4 and are getting the below error when trying to authenticate to it. Looks like complete rejection. Is N4.4 supporting haystack auth?
They had N4.3 which worked just fine. Then after upgrading is when this occurred.
Thanks.
Error: sys::IOErr: HTTP error code: 403
Bill Smith Fri 10 Nov 2017
Hi Ricky,
This should work fine in N4.4. I've forwarded this to our engineer who implemented the auth and will post his response. Do you have any info or stacktrace from the server side?
Regards, Bill
david blanch Fri 17 Nov 2017
hi there not sure this is the right thread to be posting this in but was along the same lines AUTH, im currently having issues in 4.3 with nHaystack device driver when trying to connect to skysparks server from niagara to draw points back down.
i have a slack messenger service i created that connects to restApi which was throwing the same error as im getting from nHaystack below in 4.3, after contacting tridium they advised that i needed to add the "module-permissions.xml" to my source to allow external connections on specific ports from my niagara 4.3 instance. Could the below be caused by the same issue?? this is only new to 4.3 hence why i though i would ask the question
any help would be greatly appreciated
Caused by: java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:8080" "connect,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051) at sun.net.www.http.HttpClient.openServer(HttpClient.java:541) at sun.net.www.http.HttpClient.<init>(HttpClient.java:242) at sun.net.www.http.HttpClient.New(HttpClient.java:339) at sun.net.www.http.HttpClient.New(HttpClient.java:357)
Jonathan Hughes Tue 5 Dec 2017
Skyspark had no issue connecting down with BasicAuth in 4.3 prior to updating with this patch. Installed the patch to fix the memory leak but now Skyspark can't authenticate with the implementation of the HaystackAuth that comes with the patches.
Anybody had any luck connecting to 4.3 from Skyspark after this patches has been installed?
curErr:
Rav Panchalingam Mon 15 Jan 2018
same issue here..
Daryl Bennett Tue 16 Jan 2018
Were you able to find a fix Jonathan?
Bill Smith Tue 16 Jan 2018
This is probably due to the user still being configured to use http basic instead of digest. Try switching to digest and see if that helps.
Rav Panchalingam Tue 16 Jan 2018
Thanks Bill, I changed the user back to Digest and now I get a new error "AuthScheme param not found: data"
Bill Smith Tue 16 Jan 2018
That error is from a header check at the very end of the handshake. That has been fixed in N4.4 and should be available in a few days for N4.3.
Bill Smith Mon 22 Jan 2018
The fix for the WWW-Authenticate header is now available for N4.3 with the following modules:
You should be able to obtain these through your support channel.
Rich Quackenbush Mon 3 Jul 2023
This is an ancient topic, but I'm having the same issue with version 4.11.0.142 of Niagara.
Is a patch still required or is this baked into the drivers still?