Authentication: REST API and SSO
Hi,
I've had a look through these forums and I can't see anything that specifies a similar problem.
Using asp.net I am completing the following steps during a login process and running into a SSO authentication problem:
1) On server (currently just local dev box), Call LithiumSSOClient and receive a HttpCookie containing the token.
2) Use the token contained in the HttpCookie to call the REST API login function, passing it the token. This logs in fine, I get a response and a session key back. I can then make further calls do other rest API methods using this session key.
3) Place the cookie containing the token in the browser.
This is fine, until:
4) user goes to the lithium demo site in the browser: an error message appears "unable to authenticate" in a red box with 5 possible solutions.
The strange thing is, if I just call step 1 and 3, and do not try and login via the REST login service, when I visit the lithium site, SSO works just fine.
I also notice when we call the rest API, it returns a number of set-cookies in the response. I have tried setting these cookies in the browser before step 4. This stops the authentication failed message, however it does not log the user in either.
the lithium site we are using is:
http://sydney.demo.lithium.com
Also, the user we are trying to authenticate is a regular user, not an admin user.
Any help or pointers would be much appreciated,
Thanks
Chris
Hi Chris,
SSO Tokens are intended to be used for authentication only once.I would suggest creating separate SSO token: one to be used in the browser, and one to be used for the REST API.
Regards,
Adam