Unable to connect to Rally sandbox environment using security token

[vishnukadi]

Test connection to Rally sandbox is unsuccessful using username, password and security token

Sandbox url: sandbox.rallydev.com
API keys are not supported in the Sandbox environment. In order to connect to Sandbox environment, a security token must be used.

Generated security token by logging in to https://sandbox.rallydev.com/slm/webservice/v2.0/security/authorize using Rally service account credentials.
Copied the security token and pasted it in OAuth Key field

Title: Rally
Url: sandbox.rallydev.com
Authentication Method: Basic
Username: username
Password: **********
Oauth key:

Error:
pyral.context.RallyRESTAPIError: Invalid credentials

Environment:	Production	Sandbox
Authentication Parameters used:	Username/Password/API key	Username/Password/Security token
Connection Status (using curl command)	Success	Success
Connection Status (using plugin)	Success	Failed

Since API keys are not supported in the Sandbox environment, we would need the plugin configured to accept security token as well.

[vishnukadi]

Closed the issue accidentally

[vishnukadi]

Adding more test results -

In Sandbox environment, a GET request is made which gets the security token in the response body. In the subsequent API calls, this security token is passed as a parameter "key".

REST API call to Sandbox Rally using Postman:
First call to get security token -
GET https://sandbox.rallydev.com/slm/webservice/v2.0/security/authorize

Request Headers:
cache-control: no-cache
Postman-Token: 8d3de9c8-9e06-467d-84dd-25b2778cdfc6
Authorization: Basic <REMOVED>
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: sandbox.rallydev.com
cookie: __cfduid=d2865cad5a1e49e7a942ef25ba889e3741554328196; JSESSIONID=qd-sapp-01r758ilumt4121wpad4ccw1mhd.qd-sapp-01; SERVERID=5569aeb10f0ee8f5446c9791b97021fbab4c2f02; SUBBUCKETID=162; SUBSCRIPTIONID=73162
accept-encoding: gzip, deflate

Response Header:
HTTP/1.1 200
status: 200
Date: Thu, 06 Jun 2019 21:09:08 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: private,max-age=0,must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
RallyRequestID: qd-sapp-011t8mjsfn8q4v21hycc9mb2rtpn.qd-sapp-018207678
Vary: Origin,Accept-Encoding
Set-Cookie: JSESSIONID=qd-sapp-011t8mjsfn8q4v21hycc9mb2rtpn.qd-sapp-01;Path=/;Secure;HttpOnly
Set-Cookie: SUBBUCKETID=162;Path=/;Domain=sandbox.rallydev.com;Secure;HttpOnly
Set-Cookie: SUBSCRIPTIONID=73162;Path=/;Domain=sandbox.rallydev.com;Secure;HttpOnly
Content-Encoding: gzip
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4e2d5d9428dc5598-ORD

Response Body:
{"OperationResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [], "Warnings": [], "SecurityToken": "01c1474c-b375-4a7e-bade-93695667ef61"}}

Subsequest REST API call -
GET https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/F137074?key=01c1474c-b375-4a7e-bade-93695667ef61

Request Headers:
cache-control: no-cache
Postman-Token: 323ec166-7120-4143-b7d9-ac25295a68f9
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: sandbox.rallydev.com
cookie: __cfduid=d2865cad5a1e49e7a942ef25ba889e3741554328196; JSESSIONID=qd-sapp-011t8mjsfn8q4v21hycc9mb2rtpn.qd-sapp-01; SERVERID=5569aeb10f0ee8f5446c9791b97021fbab4c2f02; SUBBUCKETID=162; SUBSCRIPTIONID=73162
accept-encoding: gzip, deflate

Response Headers:
HTTP/1.1 200
status: 200
Date: Thu, 06 Jun 2019 21:09:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1548
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
RallyRequestID: qd-sapp-011t8mjsfn8q4v21hycc9mb2rtpn.qd-sapp-018215823
Vary: Origin,Accept-Encoding
ETag: "0ca792195d789c62569c035873a1feaf1"
Set-Cookie: JSESSIONID=qd-sapp-011t8mjsfn8q4v21hycc9mb2rtpn.qd-sapp-01;Path=/;Secure;HttpOnly
Set-Cookie: SUBBUCKETID=162;Path=/;Domain=sandbox.rallydev.com;Secure;HttpOnly
Set-Cookie: SUBSCRIPTIONID=73162;Path=/;Domain=sandbox.rallydev.com;Secure;HttpOnly
Content-Encoding: gzip
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Cache-Control: private,max-age=0,must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4e2d5e856c875598-ORD

Response Body:
{"QueryResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [], "Warnings": [], "TotalResultCount": 2174, "StartIndex": 1, "PageSize": 20, "Results": [{"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772431448", "_refObjectUUID": "472e4171-dcff-4b91-9a61-0a7acd84341c", "_refObjectName": "Be informed when a digitization is requested for an Account PAN via a web service message", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772431527", "_refObjectUUID": "9ea69a08-bd7a-4d24-b7f2-88cfabf6f7d3", "_refObjectName": "Be informed of the work provider decisioning data for the digitization request on the web service message", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772431574", "_refObjectUUID": "c1bd39bc-5563-404e-ac36-f987449ad34e", "_refObjectName": "Encrypt the Account PAN with field-level encryption when sent via the internet", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435226", "_refObjectUUID": "094abd3a-62ff-4d60-9eb9-04635e83bcdc", "_refObjectName": "Enable self-service key management for issuers", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435239", "_refObjectUUID": "ac60f9a4-c261-48f5-82f8-8af6173d6845", "_refObjectName": "Provide a Public Key to be used for field-level encryption of the Account PAN within web service messages", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435254", "_refObjectUUID": "61134ed8-9276-4bce-ab34-e74af34513e1", "_refObjectName": "Provide the endpoint for a web service messages", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435372", "_refObjectUUID": "9271d1ed-876d-4364-9b73-86ae44f8d1d2", "_refObjectName": "Provide alternative endpoints for a web service message", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435496", "_refObjectUUID": "98bd2577-0512-4cc4-b88c-cc6ef91a4e0d", "_refObjectName": "Provide alternative Public Keys to be used for field-level encryption by endpoint", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435513", "_refObjectUUID": "86f8b61f-04d9-42d0-b16a-29164ad22bca", "_refObjectName": "Provide different endpoints for each different web service message", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435621", "_refObjectUUID": "e7c81c8f-59ac-43cc-bcf9-f720d7ca9964", "_refObjectName": "Provide the Activation Methods to be used for a specific digitization request via inbound API", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435744", "_refObjectUUID": "5c8078fd-c3d3-42ae-b390-82f428feb068", "_refObjectName": "Provide the Activation Methods to be used for a specific digitization request independently of whether I received the web service message informing me of the digitization of an Account PAN", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435775", "_refObjectUUID": "2eb4002e-fce7-4f7e-99af-a687185d9f16", "_refObjectName": "Ensure that Activation Methods are originated from the issuer for the specific digitization request", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435866", "_refObjectUUID": "b27a94cd-93e4-4ec9-9212-915be40282dc", "_refObjectName": "Be informed that a consumer has selected an Activation Method requiring an Activation Code to be sent", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772435992", "_refObjectUUID": "7df92752-c919-4d25-9e80-bd4fd2ef54ac", "_refObjectName": "Inform the issuer of the Activation Code and expiration date/time for a specific digitization request", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772436141", "_refObjectUUID": "ec5711aa-cb03-4ebc-9a35-6f6ae27027ad", "_refObjectName": "Be informed when the consumer has successfully completed Activation via a web service message", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772436264", "_refObjectUUID": "a182a675-3885-4e4c-a984-c97cddf72492", "_refObjectName": "Inform the issuer of successful Activation and the details of the token activated along with additional work provider data", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772436275", "_refObjectUUID": "dae7a2e1-a09c-40bf-b22f-12ba1fcb3db2", "_refObjectName": "Delete Activation Methods for incomplete digitization requests after an appropriate time period", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772438170", "_refObjectUUID": "55deeb38-eb75-4559-bc91-ca82a7f37e90", "_refObjectName": "MARS Dashboard", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772443232", "_refObjectUUID": "cba1c671-9db8-4ea8-8c1d-da392e8d3b36", "_refObjectName": "Indicate during Enablement that cards in an Account Range do not have a PAN and/or Expiration Date and/or CVC 2 present on the card", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772444470", "_refObjectUUID": "541bff31-daff-4ca3-affe-7926e0e6985b", "_refObjectName": "2015 staffing plans", "_type": "PortfolioItem/Feature"}]}}

Rest API call to Production Rally using Postman:
GET https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/F137074

Request Headers:
cache-control: no-cache
Postman-Token: 8e62944b-b7a8-4d52-9a32-a09d1d6e4187
Authorization: Bearer _QnpdyPxGQX2saLX1bKZvP1WGBf0l1kLip87a9KDedI
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: rally1.rallydev.com
cookie: __cfduid=d2865cad5a1e49e7a942ef25ba889e3741554328196; JSESSIONID=qd-app-08gngg0vyrkcqt1kpedhgnyqe7a.qd-app-08; SERVERID=5286265a594ad0079f2b9e138542d7fde8f2ebd2; SUBBUCKETID=162; SUBSCRIPTIONID=73162; ZSESSIONID=_QnpdyPxGQX2saLX1bKZvP1WGBf0l1kLip87a9KDedI
accept-encoding: gzip, deflate

Response Headers:
HTTP/1.1 200
status: 200
Date: Thu, 06 Jun 2019 20:52:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1548
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
RallyRequestID: qd-app-08gngg0vyrkcqt1kpedhgnyqe7a.qd-app-0820113355
Vary: Origin,Accept-Encoding
ETag: "0dcb7579d8c388383c1d8aa06bd3d65d2"
Set-Cookie: ZSESSIONID=_QnpdyPxGQX2saLX1bKZvP1WGBf0l1kLip87a9KDedI;Path=/;Domain=rally1.rallydev.com;Expires=Fri, 07-Jun-2019 00:52:25 GMT;Secure;HttpOnly
Set-Cookie: SUBBUCKETID=162;Path=/;Domain=rally1.rallydev.com;Secure;HttpOnly
Set-Cookie: SUBSCRIPTIONID=73162;Path=/;Domain=rally1.rallydev.com;Secure;HttpOnly
Content-Encoding: gzip
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Cache-Control: private,max-age=0,must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4e2d4518ea3ec56c-ORD

Response Body:
{"QueryResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [], "Warnings": [], "TotalResultCount": 95724, "StartIndex": 1, "PageSize": 20, "Results": [{"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772443232", "_refObjectUUID": "cba1c671-9db8-4ea8-8c1d-da392e8d3b36", "_refObjectName": "Indicate during Enablement that cards in an Account Range do not have a PAN and/or Expiration Date and/or CVC 2 present on the card", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772470384", "_refObjectUUID": "404933d7-5acf-42ba-a084-7839efa90f26", "_refObjectName": "MasterPass work Services - Lookup Commerce Attributes", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772470827", "_refObjectUUID": "88025d44-7429-4bab-85d0-d5468151f7bd", "_refObjectName": "MasterPass Lightbox Services - Locale Selection", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772470891", "_refObjectUUID": "d2aab6ab-266f-454a-8edd-da0658ab1ec1", "_refObjectName": "Switch Platform Migration - Q2", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772470935", "_refObjectUUID": "72edd99b-d8f5-4e5b-88e7-5329dc608c58", "_refObjectName": "Application Management Console", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772484984", "_refObjectUUID": "5cd47725-c654-4c1b-b68b-57438a75f013", "_refObjectName": "Reports can be created on user behavior", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772485363", "_refObjectUUID": "604dbd25-c976-4783-b207-622a717e4d6f", "_refObjectName": "PRD-288 - ATS - P2PE Solution Documentation (to 6.6)", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772487691", "_refObjectUUID": "6eb82792-af33-4902-bd0a-56fd30efc96b", "_refObjectName": "work Brazil Phase 2 Stories", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772495188", "_refObjectUUID": "903ac3bf-2b17-4515-85f2-5910d8a10d24", "_refObjectName": "Card add/edit services should be locked if attempts are invalid", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772498949", "_refObjectUUID": "ba2b94f3-c122-4ae1-ae5e-55b9362a61b1", "_refObjectName": "work Client Brilliant at the Basics Stories", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772511642", "_refObjectUUID": "53ca2a72-2be5-46a5-b768-cf189ff0847b", "_refObjectName": "COM-150 - workspace 2 Series BIN acceptance (222100-272099) (to 6.6)", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772512197", "_refObjectUUID": "322e746f-6d3f-4df1-8fd5-2a16fd10914d", "_refObjectName": "INF - Git Migration (to 6.6)", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772512256", "_refObjectUUID": "6861aa3a-3177-45e8-940a-ee3ccb6274a8", "_refObjectName": "INF-672 - ATS - Backfill Regression Testing (to 6.6)", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772519220", "_refObjectUUID": "00b5b277-75d7-4917-9f82-b4a667bed172", "_refObjectName": "(2016-Q2) (CW) Feature Development - Multi Device Support and Other Enablers", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772519814", "_refObjectUUID": "6962e603-8143-4907-9315-d56af8ea64e3", "_refObjectName": "Comprehensive handling of cross-channel A/M activity", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772522155", "_refObjectUUID": "b0cf26ff-613d-442f-9c10-738cfcc3ea25", "_refObjectName": "Deprecate ISO messages support for current PAN swap capability - SWITCHING", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772525020", "_refObjectUUID": "bc43bb4c-670f-438a-8bea-92a269dd4a46", "_refObjectName": "INF - PA-DSS re-validation October 2015 (to 6.6)", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772526871", "_refObjectUUID": "fc670963-df3d-4c6a-8d4a-894291a3a051", "_refObjectName": "Other device browser to mobile app checkout", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772526901", "_refObjectUUID": "d61edfa8-3505-4210-9141-cad597fb5362", "_refObjectName": "Merchant Directory", "_type": "PortfolioItem/Feature"}, {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/46772527013", "_refObjectUUID": "c3767254-c974-4302-b5e7-985847a3a96b", "_refObjectName": "Enhancements to UX", "_type": "PortfolioItem/Feature"}]}}

Please let me know if you have any questions.

[vlussenburg]

Hello again @vishnukadi . Thanks for your issues with tons of details - you really make our work so much easier!

@wasabibob and I will take a crack at this

[vishnukadi]

@vlussenburg and @wasabibob
I know your time is valuable and I appreciate your attention in this regard.

[vlussenburg]

@vishnukadi please be aware that your BASIC AUTH hash was in the HTTP output above (I cut it out) so you probably want to reset the password for the [email protected] user.

[vishnukadi]

@vlussenburg my bad, I missed to clip it out. I'll get it reset, thank you for letting me know,

[jpflug]

hi @vishnukadi the pyral library should handle security token authentication automatically. I was able to log in to my test instance of rally with only username and password, leaving the token field blank. Please see this link for additional information on how pyral handles security tokens. Can you try to run the check connection task with only username and password?

[jpflug]

To verify this fact, I added additional logging to my RallyClient.py file with __builtin__.logger.info(self.rest_api.obtainSecurityToken()) and was able to obtain the following output from the logs:

xlr                    | [ACCESS] 2019-06-11 22:19:55.673 [c.x.d.plumbing.AccessLogFilter] -   5043ms 200 - 172.22.0.1 - admin "POST /configurations/status"
xlr                    | 2019-06-11 22:21:01.012 [qtp965586344-35] {request=/configurations/status, method=POST, username=admin} INFO  c.xebialabs.platform.script.Logging - qogJaAKbQBKDJYN5j7LktCSfl2rWQEHFshVScKvo3eI
xlr                    | [ACCESS] 2019-06-11 22:21:01.013 [c.x.d.plumbing.AccessLogFilter] -   6044ms 200 - 172.22.0.1 - admin "POST /configurations/status"

[vishnukadi]

Hi @jpflug , thanks for your input.
When I tried to run a check connection task with only username and password, I received below error:

Can't connect to Rally Server.
StopIteration

[jpflug]

Hello @vishnukadi I am sorry to hear that. I was able to successfully connect to my rally test instance using https via XL Release. The error you receive is from the underlying pyral library which the XLR plugin utilizes to complete rally activities. Are you able to install pyral locally to directly test connection and endpoints outside XL Release? I saw some cases where the pyral logging was being suppressed by XLR so it will be essential to remove the additional complication of XLR to determine the root cause here.