Solved

Aurena authentification and Token

  • 21 January 2020
  • 13 replies
  • 2683 views

Badge +2

I have a question about WEBSERVICES and Token : how it works, what is the process to achieve the value transported.

For example :

Indeed, we encounter the authentication problem Error 401--Unauthorized on the following webservice:

https://assystem-test.ifs.cloud:48080/main/ifsapplications/projection/v1/TimeRegistrationHandling.svc

Maybe the webservice uses a token to authenticate itself despite the use of a basic IFS Aurena login/password authentication.      

We used Postman to perform our requests (GET,POST,PUT).

Can you please tell us what are the access parameters of this webservice as well as the descriptions of these different methods.

 

icon

Best answer by Markus Sandin 21 January 2020, 16:17

View original

13 replies

Userlevel 3
Badge +5

Karim,

 

I am still figuring this out myself, but in order to access main projections you can use Azure AD authentication against IFS to gain a AD token or authenticate against the Openid connect provider. 

Below screen cap shows the authentication call to Openid connect provider.

 

This POST call will provide an access_token body and a token_id in the body response. You can use the token_id as the bearer token in your GET call in your above screen capture.

 

The other path is to deploy integration projects and access this through /int/ using IFS Developer Studio. As I understand it, this is the only way to utilized HTTP Basic Authentication today.

 

If you want to reach out to me directly, I would be happy to teach you what I know. 

Userlevel 3
Badge +4

Hey,

Projection endpoints that are exposed through the Main Application (as you can see in the Endpoint URL) utilizes OpenID Connect for authentication. And OpenID Connect utilizes OAuth 2.0, which means that you have to use the OAuth 2.0 option in POSTMAN. 
Please read through the POSTMAN Docs for this - https://learning.getpostman.com/docs/postman/sending-api-requests/authorization/#oauth-20

To properly set this up, you need to have access to some details in the OpenID discovery document. It resides at https://HOSTNAME/openid-connect-provider/.well-known/openid-configuration
But you also need extra information from the IFS Middleware Server Admin Console, as you need the Client ID and the Client Secret.

Projections endpoints that are exposed through the Integration cluster utilize Basic Auth, so those are much simpler to utilize.

Badge +2

but, I use basic authentication to connect to IFS 

I do not use either AD authentication or authentication via a VPN provider

https://assystem-test.ifs.cloud:48080/openid-connect-provider/

  •  

Userlevel 3
Badge +4

Hey Karim,

I think you are referring to that the environemt you have is using Database Authentication. That is not the same as Basic Authentication :slight_smile:

With Database Authentication we are using the OpenID Connect/OAuth 2.0 authentication flow.

Userlevel 3
Badge +7

Hi,

a beginning of an answer :

_ from Postman Authorization screen, select  OAuth2.0 as type, and hit button Get New Access Token :

_ On the Get New Access Token form, fill in like that :

{{ifs_mws_url}} is a postman variable containing the url of your application (https://server:48080).

Client ID and Secret are available in the Middleware Server Admin Console :

 

_ Hit Request Token. An IFS login page must appear asking you to log in.

_ If the login is good, IFS returns an usable token :

_ Hit Use Token to include it to your request.

Userlevel 2
Badge +8

Hi, I am from Indonesia,

I tried the above method to connect IFS10 via OpenID. But after I click “Request Token” button there is no login page. But only ifs race home page.

Any suggestion about this ? Thank you!

 

 

 

Userlevel 2
Badge +8

Hi,

a beginning of an answer :

_ from Postman Authorization screen, select  OAuth2.0 as type, and hit button Get New Access Token :

_ On the Get New Access Token form, fill in like that :

{{ifs_mws_url}} is a postman variable containing the url of your application (https://server:48080).

Client ID and Secret are available in the Middleware Server Admin Console :

 

_ Hit Request Token. An IFS login page must appear asking you to log in.

_ If the login is good, IFS returns an usable token :

_ Hit Use Token to include it to your request.

 

dear @Sébastien DELAURE  .. I have tried this method. But when I hit “Request Token” button, it did not show login page but but only ifs race home page. Is there any setting that I’ve missed ?

 



 

Userlevel 3
Badge +7

Hi,
you could verify in the Admin Console if your path is ok.

 

Userlevel 2
Badge +8

dear @Sébastien DELAURE  yes, i think the path is ok

I tried using curl, but no luck. no response.

 

Badge +1

Great information!

We are cloud hosted and use Azure AD. I do have a functional user of which we use for SOAP request. When setting up POSTMAN as described I get a 401 Could not complete OAuth token request. Should I be doing something different?

I know the functional user information is valid and active.

Thanks

Badge +2

I have a question about WEBSERVICES and Token : how it works, what is the process to achieve the value transported.

For example :

Indeed, we encounter the authentication problem Error 401--Unauthorized on the following webservice:

https://URL

I have a question about WEBSERVICES and Token : how it works, what is the process to achieve the value transported.

For example :

Indeed, we encounter the authentication problem Error 401--Unauthorized on the following webservice:

https://url/main/ifsapplications/projection/v1/TimeRegistrationHandling.svc

Maybe the webservice uses a token to authenticate itself despite the use of a basic IFS Aurena login/password authentication.      

We used Postman to perform our requests (GET,POST,PUT).

Can you please tell us what are the access parameters of this webservice as well as the descriptions of these different methods.

 

 

/main/ifsapplications/projection/v1/TimeRegistrationHandling.svc

Maybe the webservice uses a token to authenticate itself despite the use of a basic IFS Aurena login/password authentication.      

We used Postman to perform our requests (GET,POST,PUT).

Can you please tell us what are the access parameters of this webservice as well as the descriptions of these different methods.

 

 

Badge +2

but, I use basic authentication to connect to IFS 

I do not use either AD authentication or authentication via url/openid-connect-provider/

  •  

 

Badge +2

I have a question about WEBSERVICES and Token : how it works, what is the process to achieve the value transported.

For example :

Indeed, we encounter the authentication problem Error 401--Unauthorized on the following webservice:

https://url/main/ifsapplications/projection/v1/TimeRegistrationHandling.svc

Maybe the webservice uses a token to authenticate itself despite the use of a basic IFS Aurena login/password authentication.      

We used Postman to perform our requests (GET,POST,PUT).

Can you please tell us what are the access parameters of this webservice as well as the descriptions of these different methods.

 

 

Reply