FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

The shell script in html format is returned after the oneagent download command is executed

Go to solution
samandqq
Observer

‎01 Mar 2023 03:12 AM

wget -O Dynatrace-OneAgent-Linux-1.257.250.sh "https://xxxxxx/e/1bde8062-2746-42a9-a9c6-xxxxx/api/v1/deployment/installer/agent/unix/default/latest..." --header="Authorization: Api-Token dt0c01.xxx.xxxxx"

 

Dynatrace-OneAgent-Linux-1.257.250.sh script:

 

 

 

<script language="JavaScript" type="text/javascript">
    function redirectF()
{
        var target="HTTPS://xxx/e/xxx8/api/v1/deployment/installer/agent/unix/default/latest/metainfo?api-token=dt0c01.xxx.xxx";
        document.cookie="RELAYSTATE=" + escape(target) + ";secure";
        document.location.replace("https://xxxxxx/login?authenticateUsingSso");

}
</script>

<body onload="redirectF()">
</body>

 

 

Labels:
0 Kudos
Reply
4 REPLIES 4

Go to solution
alexander_dt
Dynatrace Helper
Dynatrace Helper

‎07 Mar 2023 02:19 PM

Hi @samandqq,

Sorry for the late response. Assuming your path is /e/1bde8062-2746-42a9-a9c6-xxxxx/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default, that should be the right one.

I presume you copied the wget call from the UI, but did you still verify the access token is correct? Usually there should be a clear error message if it is not, but it might be worth verifying that.

Other than that, that HTML document should actually not originate from Dynatrace, could it be that you have some else (proxy?) in place which enforces an SSO login?

You could also use curl instead of wget and pass the ".-ivk" parameters to get more insight on the connection and verify you are actually talking to the Dynatrace machine and not a proxy. Verify the certificates as well.

Reply

Go to solution
Erik_Soderquist
Dynatrace Champion
Dynatrace Champion

‎07 Mar 2023 02:52 PM - edited ‎07 Mar 2023 03:39 PM

Hi @samandqq ,

 

To me this looks like there is some MitM device interfering.

 

I just tested against my own Managed Cluster, and was unable to reproduce this.

  • A valid token without the correct access gets the expected http/403 forbidden
  • A valid token with the correct access gets the install package
  • An invalid token gets the expected http/401 unauthorized.

As an API endpoint accepting tokens only, a redirect to SSO should not be returned.  However, an MitM device such as a proxy that requires authentication would redirect to authentication without any awareness that the requested URL is an API endpoint.

 

I second @alexander_dt recommendation to switch to using curl with the -ikvvv switches to see exactly what you are connecting to.

 

-- Erik

Reply

Go to solution
alexander_dt
Dynatrace Helper
Dynatrace Helper

‎15 Mar 2023 01:16 PM

@samandqq, did you manage to fix it? Was it a proxy?

Reply

Go to solution
samandqq
Observer
In response to alexander_dt

‎16 Mar 2023 12:15 AM

Yes, it's proxy, thanks a lot.

0 Kudos
Reply
Ask a question

Featured Posts