# Redfish SessionService Resource ## Table of Contents - [Overview](#overview) - [References](#references) - [Implementation Guidelines](#implementation-guidelines) - [URIs - Supported](#uris---supported) - [Status Indicators](#status-indicators) - [GET /redfish/v1/SessionService - Session Service Root](#get-redfishv1sessionservice---session-service-root) - [GET /redfish/v1/SessionService/Sessions - Sessions Collection](#get-redfishv1sessionservicesessions---sessions-collection) - [POST /redfish/v1/SessionService/Sessions - Create Session](#post-redfishv1sessionservicesessions---create-session) - [GET /redfish/v1/SessionService/Sessions/{SessionId} - Individual Session](#get-redfishv1sessionservicesessionssessionid---individual-session) - [DELETE /redfish/v1/SessionService/Sessions/{SessionId} - Delete Session](#delete-redfishv1sessionservicesessionssessionid---delete-session) - [URIs - Not Supported](#uris---not-supported) - [PATCH /redfish/v1/SessionService - Update Session Service Configuration](#patch-redfishv1sessionservice---update-session-service-configuration) - [GET /redfish/v1/SessionService/Sessions/{SessionId}/Oem - Session OEM Extensions](#get-redfishv1sessionservicesessionssessionidoem---session-oem-extensions) - [POST /redfish/v1/SessionService/Actions/SessionService.ClearSessions - Clear All Sessions](#post-redfishv1sessionserviceactionssessionserviceclearsessions---clear-all-sessions) - [Authentication Flow](#authentication-flow) - [Property Support Summary](#property-support-summary) - [SessionService Properties](#sessionservice-properties) - [Session Properties](#session-properties) - [Properties Not Applicable for DMT](#properties-not-applicable-for-dmt) ## Overview The SessionService resource provides session management capabilities for the DMT Console's Redfish implementation. This service-level resource handles authentication sessions, token management, and session lifecycle operations while maintaining compatibility with DMTF Redfish standards. > **✅ IMPLEMENTED**: The SessionService is fully implemented and integrated with DMT Console's JWT authentication system. All 5 core endpoints are operational. **Endpoint Overview:** - **SessionService** - Provides centralized session management and configuration - **Session Creation and Management** - Handles Redfish session establishment and lifecycle - **Authentication Token Handling** - Integrates JWT tokens with Redfish sessions - **Session Timeout and Cleanup** - Manages automatic session expiration and resource cleanup (5-minute cleanup interval) - **Concurrent Session Management** - In-memory session storage with concurrent access safety ### References - **DMTF Redfish Specification**: [SessionService Schema v1.1.9](https://redfish.dmtf.org/schemas/v1/SessionService.v1_1_9.yaml) - **DMTF Session Schema**: [Session Schema v1.7.0](https://redfish.dmtf.org/schemas/v1/Session.v1_7_0.yaml) - **DMTF SessionCollection Schema**: [SessionCollection Schema](https://redfish.dmtf.org/schemas/v1/SessionCollection.yaml) - **DMT Authentication**: Internal JWT-based authentication system (HS256) - **Session Management Standards**: DMTF Redfish session management guidelines - **Testing with redfishtool**: See [redfishtool Commands](#redfishtool-commands) section below ## Implementation Guidelines The SessionService implementation follows these principles: 1. **DMT Integration**: Seamlessly integrates with DMT Console's existing JWT authentication system - Uses same `AdminUsername`/`AdminPassword` credentials from config - Uses same `JWTKey` for token signing - Uses same `JWTExpiration` for session timeout 2. **Standards Compliance**: Full compatibility with DMTF Redfish SessionService standards - DMTF-compliant JSON response formatting - Proper OData annotations (`@odata.id`, `@odata.type`) 3. **Security**: Robust session security and token management - JWT tokens with HS256 signing algorithm - X-Auth-Token header for session authentication 4. **Performance**: Efficient session management with in-memory storage - O(1) token-to-session lookup - Automatic cleanup of expired sessions every 5 minutes 5. **Architecture Layers**: - **Entity Layer**: Session data model with UUID, username, JWT token, timestamps - **Repository Layer**: In-memory session storage with concurrent access safety (sync.RWMutex) - **Use Case Layer**: Session creation, validation, and JWT integration - **Handler Layer**: HTTP request/response handling via OpenAPI-generated interface ## URIs - Supported ### Status Indicators - ✅ **Supported** - Fully implemented and tested - ⚠️ **DMT Limitation** - Property has limitations due to DMT Console implementation - ❌ **Not Supported** - Not implemented in current version ### GET /redfish/v1/SessionService - Session Service Root **Status**: ✅ Supported **Purpose**: Retrieve session service configuration and metadata. **Example Request**: ```bash curl -k -u username:password \ https://localhost:8181/redfish/v1/SessionService ``` **Example Response**: ```json { "@odata.id": "/redfish/v1/SessionService", "@odata.type": "#SessionService.v1_1_9.SessionService", "Id": "SessionService", "Name": "Session Service", "Description": "Session Service", "Status": { "State": "Enabled", "Health": "OK" }, "ServiceEnabled": true, "SessionTimeout": 86400, "Sessions": { "@odata.id": "/redfish/v1/SessionService/Sessions" } } ``` ### GET /redfish/v1/SessionService/Sessions - Sessions Collection **Status**: ✅ Supported **Purpose**: Retrieve collection of all active sessions. **Example Request**: ```bash curl -k -u username:password \ https://localhost:8181/redfish/v1/SessionService/Sessions ``` **Example Response**: ```json { "@odata.id": "/redfish/v1/SessionService/Sessions", "@odata.type": "#SessionCollection.SessionCollection", "Name": "Session Collection", "Members@odata.count": 1, "Members": [ { "@odata.id": "/redfish/v1/SessionService/Sessions/550e8400-e29b-41d4-a716-446655440000" } ] } ``` ### POST /redfish/v1/SessionService/Sessions - Create Session **Status**: ✅ Supported **Purpose**: Create a new authentication session (login). **Example Request**: ```bash curl -k -X POST \ https://localhost:8181/redfish/v1/SessionService/Sessions \ -H "Content-Type: application/json" \ -d '{"UserName":"username","Password":"password"}' ``` **Example Response** (HTTP 201 Created): ```json { "@odata.id": "/redfish/v1/SessionService/Sessions/550e8400-e29b-41d4-a716-446655440000", "@odata.type": "#Session.v1_7_0.Session", "Id": "550e8400-e29b-41d4-a716-446655440000", "Name": "User Session", "Description": "User Session", "UserName": "standalone", "CreatedTime": "2024-01-15T10:30:00Z", "SessionType": "Redfish" } ``` **Response Headers**: - `X-Auth-Token`: JWT token for subsequent authenticated requests - `Location`: URI of the created session resource ### GET /redfish/v1/SessionService/Sessions/{SessionId} - Individual Session **Status**: ✅ Supported **Purpose**: Retrieve individual session details. **Example Request**: ```bash curl -k -u username:password \ https://localhost:8181/redfish/v1/SessionService/Sessions/{SessionId} ``` **Example Response**: ```json { "@odata.id": "/redfish/v1/SessionService/Sessions/550e8400-e29b-41d4-a716-446655440000", "@odata.type": "#Session.v1_7_0.Session", "Id": "550e8400-e29b-41d4-a716-446655440000", "Name": "User Session", "Description": "User Session", "UserName": "standalone", "CreatedTime": "2024-01-15T10:30:00Z", "SessionType": "Redfish" } ``` ### DELETE /redfish/v1/SessionService/Sessions/{SessionId} - Delete Session **Status**: ✅ Supported **Purpose**: Terminate an authentication session (logout). **Example Request**: ```bash curl -k -X DELETE -u username:password \ https://localhost:8181/redfish/v1/SessionService/Sessions/{SessionId} ``` **Response**: HTTP 204 No Content ## URIs - Not Supported The following endpoints are not implemented in the current version: ### PATCH /redfish/v1/SessionService - Update Session Service Configuration **Status**: ❌ Not Supported **Purpose**: Update session service settings (e.g., timeout values). **Reason**: Session configuration is managed through DMT Console's config.yml file. ### GET /redfish/v1/SessionService/Sessions/{SessionId}/Oem - Session OEM Extensions **Status**: ❌ Not Supported **Purpose**: Retrieve OEM-specific session properties. **Reason**: No Intel AMT-specific session extensions are currently required. ### POST /redfish/v1/SessionService/Actions/SessionService.ClearSessions - Clear All Sessions **Status**: ❌ Not Supported **Purpose**: Terminate all active sessions. **Reason**: Administrative session management can be accomplished by restarting the service or deleting sessions individually. ## Authentication Flow DMT Console supports two authentication methods for accessing Redfish endpoints: ### Option 1: Basic Authentication HTTP Basic Authentication using credentials from `config.yml`: ```bash curl -k -u username:password \ https://localhost:8181/redfish/v1/Systems ``` ### Option 2: Session Token Authentication (X-Auth-Token) Redfish session-based authentication using JWT tokens. #### How X-Auth-Token Works 1. **Session Creation**: Client POSTs credentials to `/SessionService/Sessions` 2. **Token Generation**: Server generates a JWT token (HS256) and creates a session entry 3. **Token Response**: Server returns the JWT in the `X-Auth-Token` response header 4. **Subsequent Requests**: Client includes the token in `X-Auth-Token` request header 5. **Token Validation**: Server validates JWT signature and checks session existence 6. **Session Termination**: Client DELETEs the session resource to logout #### Authentication Precedence When both authentication methods are present, **X-Auth-Token takes precedence** over Basic Authentication (per DMTF Redfish specification). ``` Request arrives → Check X-Auth-Token header → If valid, grant access → If missing/invalid, check Basic Auth → If Basic Auth valid, grant access → Otherwise, return 401 Unauthorized ``` ### Testing X-Auth-Token Authentication #### Step 1: Create Session and Capture Token ```bash # Create session and extract token and session ID RESPONSE=$(curl -k -s -X POST \ https://localhost:8181/redfish/v1/SessionService/Sessions \ -H "Content-Type: application/json" \ -d '{"UserName":"username","Password":"password"}' \ -D /dev/stdout) # Extract token from headers TOKEN=$(echo "$RESPONSE" | grep -i "X-Auth-Token" | cut -d' ' -f2 | tr -d '\r') # Extract session ID from response body SESSION_ID=$(echo "$RESPONSE" | tail -1 | jq -r '.Id') echo "Token: $TOKEN" echo "Session ID: $SESSION_ID" ``` #### Step 2: Use Token for API Requests The X-Auth-Token can be used to access **any** protected Redfish endpoint: ```bash # Access Systems collection curl -k -H "X-Auth-Token: $TOKEN" \ https://localhost:8181/redfish/v1/Systems # Access SessionService curl -k -H "X-Auth-Token: $TOKEN" \ https://localhost:8181/redfish/v1/SessionService # Access active sessions curl -k -H "X-Auth-Token: $TOKEN" \ https://localhost:8181/redfish/v1/SessionService/Sessions ``` #### Step 3: Logout (Delete Session) ```bash # Delete session using the token curl -k -X DELETE -H "X-Auth-Token: $TOKEN" \ "https://localhost:8181/redfish/v1/SessionService/Sessions/$SESSION_ID" # Response: HTTP 204 No Content ``` #### Step 4: Verify Token is Invalid After Logout ```bash # This should return 401 Unauthorized curl -k -H "X-Auth-Token: $TOKEN" \ https://localhost:8181/redfish/v1/Systems # Expected response: # {"error":"Unauthorized access"} ``` ### Configuration Integration The SessionService uses configuration from DMT Console's `config.yml`: ```yaml auth: adminUsername: your_username # Login credentials adminPassword: your_password # Login credentials jwtKey: your_secret_jwt_key # JWT signing key (HS256) jwtExpiration: 24h0m0s # Session timeout ``` - **Zero additional configuration required** - Redfish sessions use the same authentication settings as DMT Console. ## Property Support Summary ### SessionService Properties | Property | Support | Notes | |----------|---------|-------| | `@odata.id` | ✅ | `/redfish/v1/SessionService` | | `@odata.type` | ✅ | `#SessionService.v1_1_9.SessionService` | | `Id` | ✅ | `SessionService` | | `Name` | ✅ | `Session Service` | | `Description` | ✅ | `Session Service` | | `Status` | ✅ | State: Enabled, Health: OK | | `ServiceEnabled` | ✅ | Always `true` | | `SessionTimeout` | ✅ | Derived from `jwtExpiration` config (in seconds) | | `Sessions` | ✅ | Link to Sessions collection | ## Validation Results ### DMTF Redfish Interop Validator Analysis **Test Date**: December 19, 2025 **Validator Version**: 2.2.9 **Target**: https://localhost:8181 **Profile**: ConsoleBasicProfile v1.0.0 #### Summary | Metric | Count | |--------|-------| | **Pass** | 21 | | **Fail** | 0 | | **Warnings** | 1 | | **Not Tested** | 0 | ✅ **Validation has succeeded.** #### Validated Resources | Resource | Endpoint | Result | |----------|----------|--------| | ServiceRoot | `/redfish/v1/` | ✅ Pass | | SessionService | `/redfish/v1/SessionService` | ✅ Pass | | SessionCollection | `/redfish/v1/SessionService/Sessions` | ✅ Pass | | ComputerSystemCollection | `/redfish/v1/Systems` | ✅ Pass | | ComputerSystem | `/redfish/v1/Systems/{id}` | ✅ Pass (1 warning) | #### Warnings | Resource | Warning | Notes | |----------|---------|-------| | ComputerSystem | Missing ActionInfo for Reset action | `@Redfish.ActionInfo` not provided for `#ComputerSystem.Reset` | #### Profile Requirements Validated The ConsoleBasicProfile validates the following mandatory properties: - **ServiceRoot**: `@odata.id`, `Id`, `Name`, `RedfishVersion`, `UUID`, `Systems`, `SessionService`, `Sessions` - **SessionService**: `@odata.id`, `Id`, `Name`, `Status`, `Sessions` - **SessionCollection**: `@odata.id`, `Name`, `Members`, `Members@odata.count` - **ComputerSystem**: `@odata.id`, `Id`, `Name`, `SystemType`, `Status`, `PowerState`, `Actions` --- ### DMTF Redfish Service Validator Analysis (Historical) **Test Date**: December 19, 2025 **Validator Version**: 2.5.1 **Target**: https://localhost:8181 #### Summary | Metric | Count | |--------|-------| | **Pass** | 25 | | **Fail** | 6 | | **Warnings** | 6 | #### Issues Identified (Now Resolved) ##### Service Root (`/redfish/v1/`) | Type | Issue | Status | |------|-------|--------| | ✅ Fixed | Mandatory property `Sessions` does not exist | **Resolved** | | ⚠️ Warning | Schema not found for `NVMeDomainCollection.NVMeDomainCollection` | Informational | | ⚠️ Warning | Schema not found for `StorageSystemCollection.StorageSystemCollection` | Informational | | ⚠️ Warning | Schema not found for `StorageServiceCollection.StorageServiceCollection` | Informational | **Resolution**: Added `Sessions` property to Service Root response in `service_root.go`: ```json { "Sessions": { "@odata.id": "/redfish/v1/SessionService/Sessions" } } ``` ##### Systems Collection (`/redfish/v1/Systems`) | Type | Issue | Status | |------|-------|--------| | ⚠️ Warning | Schema version mismatch - `ComputerSystem.v1_26_0` not in schema files | Known Issue | | ⚠️ Warning | Schema not found for `HostedStorageServices.HostedStorageServices` | Informational | **Note**: The implementation uses `ComputerSystem.v1_26_0` which is newer than the validator's bundled schema files. This is a validator limitation, not an implementation error. ##### Individual System (`/redfish/v1/Systems/{id}`) | Type | Issue | Status | |------|-------|--------| | ⚠️ Warning | Schema version mismatch for `ComputerSystem.v1_26_0` | Known Issue | | ⚠️ Warning | Deprecated property `Status` usage | Best Practice | #### Remaining Recommendations 1. ~~**High Priority**: Add `Sessions` link to Service Root response~~ ✅ **COMPLETED** 2. **Medium Priority**: Evaluate ComputerSystem schema version alignment 3. **Low Priority**: Consider migrating from deprecated `Status` property to `Conditions` --- ### DMTF Redfish Protocol Validator Analysis **Test Date**: December 19, 2025 **Validator Version**: Latest **Target**: https://localhost:8181 #### Summary | Metric | Count | |--------|-------| | **Pass** | 104 | | **Fail** | 20 | | **Warnings** | 0 | | **Not Tested** | 61 | #### Issues Identified ##### URI Support | Test ID | Issue | Status | |---------|-------|--------| | `PROTO_STD_URIS_SUPPORTED` | `/redfish` endpoint returns 404 | **Action Required** | | `PROTO_STD_URI_VERSION` | `/redfish` should return `{"v1": "/redfish/v1/"}` | **Action Required** | | `REQ_GET_SERVICE_ROOT_NO_AUTH` | `/redfish` not accessible without auth | **Action Required** | **Fix Required**: Add `/redfish` endpoint that returns: ```json {"v1": "/redfish/v1/"} ``` ##### HTTP Methods | Test ID | Issue | Status | |---------|-------|--------| | `PROTO_HTTP_SUPPORTED_METHODS` | No successful POST responses | Session Auth Issue | | `HEAD` method | Returns 405 Method Not Allowed | **Action Required** | **Fix Required**: Add HEAD method support for all GET endpoints. ##### Response Headers | Test ID | Issue | Status | |---------|-------|--------| | `RESP_HEADERS_ALLOW_GET_OR_HEAD` | Missing `Allow` header on GET responses | **Action Required** | | `RESP_HEADERS_LINK_REL_DESCRIBED_BY` | Missing `Link` header with `rel=describedby` | **Action Required** | | `RESP_HEADERS_WWW_AUTHENTICATE` | Missing `WWW-Authenticate` header on 401 | **Action Required** | **Fix Required**: Add required response headers: - `Allow: GET, HEAD` (or appropriate methods) - `Link: ; rel=describedby` - `WWW-Authenticate: Basic realm="Redfish"` (on 401 responses) ##### OData | Test ID | Issue | Status | |---------|-------|--------| | `REQ_HEADERS_ODATA_VERSION` | Accepts unsupported OData-Version 4.1 | **Action Required** | | `RESP_ODATA_SERVICE_CONTEXT` | Wrong `@odata.context` in `/redfish/v1/odata` | **Action Required** | **Fix Required**: - Return HTTP 412 for `OData-Version: 4.1` (only 4.0 supported) - Fix `@odata.context` to return `/redfish/v1/$metadata` ##### Session Management | Test ID | Issue | Status | |---------|-------|--------| | `REQ_POST_CREATE_VIA_COLLECTION` | Session creation fails with 401 | Auth Configuration | | `REQ_POST_CREATE_TO_MEMBERS_PROP` | POST to `/Sessions/Members` returns 405 | **Action Required** | | `SEC_REQUIRE_LOGIN_SESSIONS` | Cannot create login session | Auth Configuration | **Fix Required**: - Allow unauthenticated POST to `/redfish/v1/SessionService/Sessions` for session creation - Support POST to both `/Sessions` and `/Sessions/Members` ##### AccountService / Roles | Test ID | Issue | Status | |---------|-------|--------| | `SEC_PRIV_SUPPORT_PREDEFINED_ROLES` | Missing Administrator role | Not Implemented | | `SEC_PRIV_SUPPORT_PREDEFINED_ROLES` | Missing Operator role | Not Implemented | | `SEC_PRIV_SUPPORT_PREDEFINED_ROLES` | Missing ReadOnly role | Not Implemented | **Note**: AccountService with predefined roles is not currently implemented. This is expected for a proxy/aggregation service. #### Priority Fixes | Priority | Fix | Complexity | |----------|-----|------------| | 🔴 High | Add `/redfish` endpoint | Low | | 🔴 High | Add `Allow` header to responses | Low | | 🔴 High | Add `Link` header with `rel=describedby` | Low | | 🔴 High | Add `WWW-Authenticate` header on 401 | Low | | 🟡 Medium | Add HEAD method support | Medium | | 🟡 Medium | Fix OData-Version header validation | Low | | 🟡 Medium | Fix `@odata.context` in OData service doc | Low | | 🟢 Low | Allow unauthenticated session creation | Medium | | 🟢 Low | Support POST to `/Sessions/Members` | Low | ### Session Properties | Property | Support | Notes | |----------|---------|-------| | `@odata.id` | ✅ | Session URI | | `@odata.type` | ✅ | `#Session.v1_7_0.Session` | | `Id` | ✅ | UUID v4 format | | `Name` | ✅ | `User Session` | | `Description` | ✅ | `User Session` | | `UserName` | ✅ | Authenticated username | | `CreatedTime` | ✅ | ISO 8601 timestamp | | `SessionType` | ✅ | Always `Redfish` | | `Password` | ❌ | Never returned (security) | | `ClientOriginIPAddress` | ⚠️ | Not currently captured | | `Oem` | ❌ | OEM extensions not implemented | ``` --- ## redfishtool Commands The Redfish SessionService can be tested and managed using the `redfishtool` command-line utility. Below are practical examples for testing session operations. ### Prerequisites ```bash # Install redfishtool pip install redfishtool # For DMT Console (localhost:8181) export REDFISH_HOST=localhost:8181 export REDFISH_USER=username export REDFISH_PASS=password ``` ### Common Options | Option | Description | Example | |--------|-------------|---------| | `-r` | Remote host and port | `-r localhost:8181` | | `-S` | Security mode | `-S Always` (HTTPS) | | `-u` | Username | `-u standalone` | | `-p` | Password | `-p G@ppm0ym` | | `-k` | Skip certificate verify (curl) | `-k` | ### 1. Get ServiceRoot (Public - No Auth) **Purpose**: Test public endpoint access ```bash redfishtool -r localhost:8181 -S Always raw GET /redfish/v1 ``` **Response**: ```json { "@odata.context": "/redfish/v1/$metadata#ServiceRoot.ServiceRoot", "@odata.id": "/redfish/v1", "@odata.type": "#ServiceRoot.v1_19_0.ServiceRoot", "SessionService": { "@odata.id": "/redfish/v1/SessionService" } } ``` --- ### 2. Get SessionService Metadata (Requires Auth) **Purpose**: Get session service configuration ```bash redfishtool -r localhost:8181 -S Always -u username -p password SessionService ``` **Response**: ```json { "@odata.id": "/redfish/v1/SessionService", "@odata.type": "#SessionService.v1_1_9.SessionService", "ServiceEnabled": true, "SessionTimeout": 1800, "Sessions": { "@odata.id": "/redfish/v1/SessionService/Sessions" }, "SessionsCount": 0 } ``` --- ### 3. Create Session (Login) - No Pre-Auth Required ✅ **Purpose**: Create a new session and get JWT token **Important**: POST is a **public endpoint** - no pre-authentication needed! ```bash redfishtool -r localhost:8181 -S Always -u username -p password SessionService login ``` **Response**: ```json { "SessionId": "48f47e40-d001-4ae7-8dda-c2f1ad0fcb89", "SessionLocation": "/redfish/v1/SessionService/Sessions/48f47e40-d001-4ae7-8dda-c2f1ad0fcb89", "X-Auth-Token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } ``` **Key Points**: - ✅ No pre-authentication required for POST - Returns JWT token in `X-Auth-Token` field - Token can be used in subsequent requests with `X-Auth-Token` header - Session ID can be used to identify the session --- ### 4. List All Sessions (Requires Auth) **Purpose**: Get all active sessions ```bash redfishtool -r localhost:8181 -S Always -u username -p password SessionService Sessions ``` **Response**: ```json { "@odata.type": "#SessionCollection.SessionCollection", "@odata.id": "/redfish/v1/SessionService/Sessions", "Members": [ { "@odata.id": "/redfish/v1/SessionService/Sessions/48f47e40-d001-4ae7-8dda-c2f1ad0fcb89" } ], "Members@odata.count": 1 } ``` --- ### 5. Get Session Details (Requires Auth) **Purpose**: Get detailed information about a specific session ```bash redfishtool -r localhost:8181 -S Always -u username -p password \ SessionService Sessions 48f47e40-d001-4ae7-8dda-c2f1ad0fcb89 ``` **Response**: ```json { "@odata.id": "/redfish/v1/SessionService/Sessions/48f47e40-d001-4ae7-8dda-c2f1ad0fcb89", "@odata.type": "#Session.v1_7_0.Session", "Id": "48f47e40-d001-4ae7-8dda-c2f1ad0fcb89", "Name": "User Session", "UserName": "standalone", "CreatedTime": "2026-01-14T11:13:01+05:30", "SessionTimeout": 1800, "ClientOriginIPAddress": "127.0.0.1" } ``` --- ### 6. Delete Session (Logout) - Auth Required ✅ **Purpose**: Terminate a session **Important**: DELETE requires authentication credentials! #### Method 1: Using Session Location Path ```bash redfishtool -r localhost:8181 -S Always -u username -p password \ SessionService logout -l /redfish/v1/SessionService/Sessions/48f47e40-d001-4ae7-8dda-c2f1ad0fcb89 ``` #### Method 2: Using Session ID Only ```bash redfishtool -r localhost:8181 -S Always -u username -p password \ SessionService logout -i 48f47e40-d001-4ae7-8dda-c2f1ad0fcb89 ``` --- ### 7. Authentication Summary | Operation | Endpoint | Auth Required | Method | |-----------|----------|----------------|--------| | Get ServiceRoot | `/redfish/v1` | ❌ No | GET | | Get SessionService | `/redfish/v1/SessionService` | ✅ Yes | GET | | Get Sessions | `/redfish/v1/SessionService/Sessions` | ✅ Yes | GET | | **Create Session** | `/redfish/v1/SessionService/Sessions` | ❌ **No** | POST | | Get Session Details | `/redfish/v1/SessionService/Sessions/{ID}` | ✅ Yes | GET | | Delete Session | `/redfish/v1/SessionService/Sessions/{ID}` | ✅ **Yes** | DELETE | ---