https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/206445#M25027 <P>Hi <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/60167">@samandqq</a> ,</P> <P>&nbsp;</P> <P>To me this looks like there is some MitM device interfering.</P> <P>&nbsp;</P> <P>I just tested against my own Managed Cluster, and was unable to reproduce this.</P> <UL> <LI>A valid token without the correct access gets the expected http/403 forbidden</LI> <LI>A valid token with the correct access gets the install package</LI> <LI>An invalid token gets the expected http/401 unauthorized.</LI> </UL> <P>As an API endpoint accepting tokens only, a redirect to SSO should not be returned.&nbsp; However, an MitM device such as a proxy that requires authentication <EM>would</EM> redirect to authentication without any awareness that the requested URL is an API endpoint.</P> <P>&nbsp;</P> <P>I second <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/59135">@alexander_dt</a> recommendation to switch to using curl with the -ikvvv switches to see exactly what you are connecting to.</P> <P>&nbsp;</P> <P>-- Erik</P> Tue, 07 Mar 2023 15:39:02 GMT Erik_Soderquist 2023-03-07T15:39:02Z https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/205919#M24898 <P>wget -O Dynatrace-OneAgent-Linux-1.257.250.sh "<A href="https://xxxxxx/e/1bde8062-2746-42a9-a9c6-xxxxx/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&amp;flavor=default" target="_blank" rel="noopener">https://xxxxxx/e/1bde8062-2746-42a9-a9c6-xxxxx/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&amp;flavor=default</A>" --header="Authorization: Api-Token dt0c01.xxx.xxxxx"</P><P>&nbsp;</P><P>Dynatrace-OneAgent-Linux-1.257.250.sh script:</P><DIV>&nbsp;</DIV><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">&lt;script language="JavaScript" type="text/javascript"&gt; function redirectF() { var target="HTTPS://xxx/e/xxx8/api/v1/deployment/installer/agent/unix/default/latest/metainfo?api-token=dt0c01.xxx.xxx"; document.cookie="RELAYSTATE=" + escape(target) + ";secure"; document.location.replace("https://xxxxxx/login?authenticateUsingSso"); } &lt;/script&gt; &lt;body onload="redirectF()"&gt; &lt;/body&gt;</LI-CODE><P>&nbsp;</P><P>&nbsp;</P> Wed, 01 Mar 2023 03:12:09 GMT https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/205919#M24898 samandqq 2023-03-01T03:12:09Z https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/206444#M25026 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/60167">@samandqq</a>,</P> <P>Sorry for the late response. Assuming your path is&nbsp;<STRONG>/e/1bde8062-2746-42a9-a9c6-xxxxx/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&amp;flavor=default</STRONG>, that should be the right one.</P> <P>I presume you copied the wget call from the UI, but did you still verify the access token is correct? Usually there should be a clear error message if it is not, but it might be worth verifying that.</P> <P>Other than that, that HTML document should actually not originate from Dynatrace, could it be that you have some else (proxy?) in place which enforces an SSO login?</P> <P>You could also use curl instead of wget and pass the ".-ivk" parameters to get more insight on the connection and verify you are actually talking to the Dynatrace machine and not a proxy. Verify the certificates as well.</P> Tue, 07 Mar 2023 14:19:24 GMT https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/206444#M25026 alexander_dt 2023-03-07T14:19:24Z https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/206445#M25027 <P>Hi <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/60167">@samandqq</a> ,</P> <P>&nbsp;</P> <P>To me this looks like there is some MitM device interfering.</P> <P>&nbsp;</P> <P>I just tested against my own Managed Cluster, and was unable to reproduce this.</P> <UL> <LI>A valid token without the correct access gets the expected http/403 forbidden</LI> <LI>A valid token with the correct access gets the install package</LI> <LI>An invalid token gets the expected http/401 unauthorized.</LI> </UL> <P>As an API endpoint accepting tokens only, a redirect to SSO should not be returned.&nbsp; However, an MitM device such as a proxy that requires authentication <EM>would</EM> redirect to authentication without any awareness that the requested URL is an API endpoint.</P> <P>&nbsp;</P> <P>I second <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/59135">@alexander_dt</a> recommendation to switch to using curl with the -ikvvv switches to see exactly what you are connecting to.</P> <P>&nbsp;</P> <P>-- Erik</P> Tue, 07 Mar 2023 15:39:02 GMT https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/206445#M25027 Erik_Soderquist 2023-03-07T15:39:02Z https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/207040#M25153 <P><a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/60167">@samandqq</a>,&nbsp;did you manage to fix it? Was it a proxy?</P> Wed, 15 Mar 2023 13:16:05 GMT https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/207040#M25153 alexander_dt 2023-03-15T13:16:05Z https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/207089#M25159 <P>Yes, it's proxy, thanks a lot.</P> Thu, 16 Mar 2023 00:15:55 GMT https://community.dynatrace.com/t5/Open-Q-A/The-shell-script-in-html-format-is-returned-after-the-oneagent/m-p/207089#M25159 samandqq 2023-03-16T00:15:55Z