Hello
I'm trying to access to vco REST API using HoK which was acquired from sso.
I compose Authorization header by following algorithm:
Authorization: SIGN token="...",
nonce="143210500:asdfsd",
signature_alg="RSA-SHA256",
signature="..."
Where :
token BASE64(GZIP(SAML2)). Under SAML2 I mean all xml value of a HoK
signature value of <ds:SignatureValue> XML tag in HoK
and send GET requests to following url https://vcoFQDN:8281/vco/api/users
Unfortunately I get error 500:java.lang.AssertionError: Problem decompressing data: java.util.zip.ZipException: Not in GZIP format
What I'm doing wrong?
Is there any particular reason you are taking the HoK route? The API allows you to use BASIC authentication and handles the SSO aspect for you. For example, in my SSO enabled lab, I can use PostMan with basic auth to connect and do what I need via the REST API without the hassle of the HoK.
I want to access vCO REST api from vSphere Web Client plugin. And I don't think that SSO provides user credentials for plugins.
Please review the documentation. The vSphere Web Client passes your credentials to the registered Orchestrator server automatically. If they are tied together properly and the user you have logged into the vSphere Web Client with has appropriate role in Orchestrator, you will see the Orchestrator server, workflows, etc. There is no need to be fiddling with HoK stuff when setting this up.
Does it mean that I can access to vCO REST API (for example run workflow) from my plugin without passing anything into Authorization header?
Hm, I see that you are actually saying "plug-in" as in you are developing a vSphere Web Client plug-in to do stuff and you wish to launch a workflow from there... If that is the case, sorry for the confusion. I was simply thinking the vSphere Web Client itself.. I'm unsure of what is available to plug-ins with regard to the SSO token so I'll leave further replies to others as developing plug-ins for the vSphere Web Client is not my area of expertise.
This topic not fully related to plugins. I just ask how to generate signature correctly
Here's a snippet of perl code I use. I take everything between <saml2:Assertion> and </saml2:Assertion>, not including those tags and call that $token.
Then I:
gzip \$token => \$gzipped;
$encoded = encode_base64($gzipped);
$encoded =~ s/\n//g;
$restClient->addHeader('Authorization', 'SIGN token="' . $encoded . '", nonce="' . $nonce . '", signature_alg="RSA-SHA256",' . ' signature="' . $sig . '"');
HTH