Clients getting "unauthorized" error when trying to change groups

[rhulet343]

installer: The upgrade was successful.
{"message":"Unauthorized"}JumpCloud system: {id} removed from system group: {id}}

I am using the autogenerated command from the importer, making the following request:

# Get the current time.
now=$(date -u "+%a, %d %h %Y %H:%M:%S GMT")

# create the string to sign from the request-line and the date
signstr="POST /api/v2/systemgroups/${systemGroupID}/members HTTP/1.1\ndate: ${now}"

# create the signature
signature=$(printf "$signstr" | openssl dgst -sha256 -sign /opt/jc/client.key | openssl enc -e -a | tr -d '\n')

curl -s \
	-X 'POST' \
	-H 'Content-Type: application/json' \
	-H 'Accept: application/json' \
	-H "Date: ${now}" \
	-H "Authorization: Signature keyId=\"system/${systemID}\",headers=\"request-line date\",algorithm=\"rsa-sha256\",signature=\"${signature}\"" \
	-d '{"op": "remove","type": "system","id": "'${systemID}'"}' \
	"https://console.jumpcloud.com/api/v2/systemgroups/${systemGroupID}/members"

echo "JumpCloud system: ${systemID} removed from system group: ${systemGroupID}"

Did something with the API change maybe? Any other ideas why this is failing?

[jworkmanjc]

Hey @rhulet343,

The system context api is used in the autogenerated command request. As things stand now, systems who enroll in JumpCloud through User Portal Installation are not authorized to use the system context api. The reason behind this was centered around security and locking down systems who may have enrolled with a user portal connect key.

Is it possible that this system was enrolled in this way?

Best,
Joe