Hi there,
I was hoping someone could post an example of successful SSO authentication via the Java REST SDK.
I have been trying for a few days but seem to hit a wall here.
I working in the 5.1 VCO environment but if necessary could go to 5.1 Update 1.
Thanks for your time,
Sam Wolf.
Several people have updated to 5.1 U1 just for this reason so I would advise it so you do not waste your time on this.
So I have upgrade one of my orchestrator instances and still get an SSO error. Could someone point me in the direction of a working 5.1 U1 example.
I am not a java person but do you use basic authentication now ?
Invoking java guru vExpert: Joerg Lew
Hi,
this is untested from my side but you can try this:
var credential = Server.getCredential()
var authUserName = credential.username;
var authPassword = credential.password;
var host = Server.findForType("REST:RESTHost", "9a4812a1-c68f-4fea-a6d1-185450a36cbc"); //ID of your REST Host
if (host == null) throw "REST:RESTHost '9a4812a1-c68f-4fea-a6d1-185450a36cbc' not found!";
var newHost = host.clone();
if ( authentication == "OAuth 1.0" ) {
var authParams = [consumerKey, consumerSecret, accessToken, accessTokenSecret];
} else if ( authentication == "OAuth 2.0" ) {
var authParams = [oauth2Token];
} else if ( authentication == "NTLM" ) {
var authParams = [sessionMode, authUserName, authPassword, workstation, domain];
} else {
var authParams = [sessionMode, authUserName, authPassword];
}
var authenticationObject = RESTAuthenticationManager.createAuthentication(authentication, authParams);
newHost.authentication = authenticationObject;
updatedRestHost = RESTHostManager.updateHost(newHost);
You have to use the correct "authentication" method and params.
Regards,
Chris
Just to make sure we're talk about the same thing: You are trying to call vCO workflows from outside, using vCO's REST API and the provided Java client libraries from https://yourvcoserver:8281/api/docs. Righty?
(@Christian: Then your code doesn't fit to the topic. But it's a great example for using the vCO REST Plugin anyway, thanks for sharing! )
I don't have a SSO example. But have you tried the HTTP Basic Authentication, as Christophe mentioned?
Cheers,
Joerg
Hi Sam,
There is no need to update to 5.1U1. Here is a sample showing code how to call a REST API in SSO mode
public void ssoExample() throws URISyntaxException, IOException {
URI ssoUri = new URI("https://10.23.32.208:7444/ims/STSService");
URI vcoUri = new URI("https://10.23.118.186:8281/api");
long lifeTimeSeconds = 24 * 60 * 60; // 24 hours
String user = "root";
String password = "vmware";
// Obtain a session
VcoSessionFactory sessionFactory = createSessionFactory(vcoUri);
SsoAuthenticator authenticator = new SsoAuthenticator(ssoUri, sessionFactory, lifeTimeSeconds);
Authentication auth = authenticator.createSsoAuthentication(user, password);
VcoSession session = sessionFactory.newSession(auth);
WorkflowService workflowService = new WorkflowService(session);
Workflow workflow = workflowService.getWorkflow("123"); // provide a real workflow ID here
if (workflow != null) {
System.out.println("workflow found");
} else {
System.out.println("workflow not found");
}
}
// Create insecure session factory (skip certificate validation)
private VcoSessionFactory createSessionFactory(URI vcoUri) throws URISyntaxException {
return new DefaultVcoSessionFactory(vcoUri) {
@Override
protected HostnameVerifier newHostnameVerifier() {
return newUnsecureHostnameVerifier();
}
@Override
protected SSLContext newSSLContext() throws KeyManagementException, NoSuchAlgorithmException {
return newUnsecureSSLContext();
}
};
}
Hope this helps,
-Ilian
Hi Guys,
Thanks for the input so far, to answer your question Joerg, yes I am trying to call vCO workflows from outside, using vCO's REST API with the provided libraries. Prior to moving to 5.1 U1. I had unsuccessfully tired both SSO and LDAP authentication methods. I am currently in the process of testing different methods within 5.1 U1.
I have attempted the solution posted by iiliev which unfortunately failed in the same way. The only change I made to the code was the call to VcoSessionFactory in which rather than use createSessionFactory I used defaultSessionFactory.
Would this change break the solution?
If not it appears I'm still on the hunt for a working authentication method.
Thanks.
I ran this code in my 5.1 GA environment and it worked.
Could you send me (iiliev AT vmware.com) an exact copy of your code so I can take a look/debug it?