在 ASMB9-iKVM 上对 redfish 进行身份验证访问

我有一个带主板的工作站ASUS Pro WS WRX80E-SAGE SE WIFI，配有ASMB9-iKVM控制器（固件版本：1.17.0），运行良好。

最近我发现，iKVM 控制器通过 SSDP 宣布自己，我想改变这一点。Web 界面没有显示任何有关 SSDP 的设置；但是，手册 (https://dlcdnets.asus.com/pub/ASUS/server/accessory/ASMB9/E16160_ASMB9-iKVM_UM_V3_PRINT.pdf§4.3.27) 建议我通过 redfish 访问 SSDP 设置。很酷。

我可以访问https://machine.example.com/redfish/v1/并获取 serviceRoot 的 JSON 视图。但是，访问它不需要任何身份验证，因此很容易。

根据文档，我必须访问该Managers部分（即https://machine.example.com/redfish/v1/Managers/Self/NetworkProtocol：），但我似乎无法获取正确的用户名/密码进行身份验证，因此我被拒绝访问：

使用卷曲：

$ curl -k --fail-with-body \
     https://machine.example.com/redfish
{
  "v1": "/redfish/v1/"
}

$ curl -k --fail-with-body \
     https://machine.example.com/redfish/v1 \
| jq ".Managers"
{
  "@odata.id": "/redfish/v1/Managers"
}


$ curl -k --fail-with-body \
     https://USER:[email protected]/redfish/v1/Managers/Self/NetworkProtocol \
| jq
curl: (22) The requested URL returned error: 401
{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_8.Message",
        "Message": "While attempting to establish a connection to /redfish/v1/Managers/Self/NetworkProtocol, the service was denied access.",
        "MessageArgs": [
          "/redfish/v1/Managers/Self/NetworkProtocol"
        ],
        "MessageId": "Security.1.0.AccessDenied",
        "Resolution": "Attempt to ensure that the URI is correct and that the service has the appropriate credentials.",
        "Severity": "Critical"
      }
    ],
    "code": "Security.1.0.AccessDenied",
    "message": "While attempting to establish a connection to /redfish/v1/Managers/Self/NetworkProtocol, the service was denied access."
  }
}

$ curl -k --fail-with-body \
     -X POST 'https://machine.example.com/redfish/v1/SessionService/Sessions' \
     -H "Content-Type: application/json" \
     -d '{ "UserName": "USER", "Password": "PASS" }'
curl: (22) The requested URL returned error: 401
{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_8.Message",
        "Message": "While attempting to establish a connection to /redfish/v1/SessionService/Sessions, the service was denied access.",
        "MessageArgs": [
          "/redfish/v1/SessionService/Sessions"
        ],
        "MessageId": "Security.1.0.AccessDenied",
        "Resolution": "Attempt to ensure that the URI is correct and that the service has the appropriate credentials.",
        "Severity": "Critical"
      }
    ],
    "code": "Security.1.0.AccessDenied",
    "message": "While attempting to establish a connection to /redfish/v1/SessionService/Sessions, the service was denied access."
  }
}

和redfishtool（https://github.com/DMTF/Redfishtool)：

$ redfishtool -S Always -u USER -p PASS -r machine.example.com versions
{
    "v1": "/redfish/v1/"
}

$ redfishtool -S Always -u USER -p PASS -r machine.example.com -vvv SessionService login
#REQUEST: Transport:SendRecv:    GET https://machine.example.com/redfish/v1/
#REQUEST: Transport:SendRecv:    POST https://machine.example.com/redfish/v1/SessionService/Sessions
   redfishtool: Transport: Response Error: status_code: 401 -- Unauthorized
   redfishtool: Error: Session Login Failed: Post to Sessions collection failed


$ redfishtool -S Always -u USER -p PASS -r machine.example.com -vvv Managers
#REQUEST: Transport:SendRecv:    GET https://machine.example.com/redfish/v1/
#REQUEST: Transport:SendRecv:    GET https://machine.example.com/redfish/v1/Managers
   redfishtool: Transport: Response Error: status_code: 401 -- Unauthorized
# Main: Error: rc=5

我尝试在 Web 界面中创建具有不同权限级别（“管理员”、“操作员”、“用户”、“OEM”甚至“无”）和所有访问域（“KVM”、“VMedia”、“SNMP”）的帐户，确保用户名/密码有或者没有特殊字符等等，但无论我做什么，我都无法验证。

那么我做错了什么？如何在我的主板上对 Redfish 进行身份验证？