Forum Discussion

sdenisov's avatar
13 years ago

Authentication: REST API and SSO

Hi,

 

I've had a look through these forums and I can't see anything that specifies a similar problem.

 

Using asp.net I am completing the following steps during a login process and running into a SSO authentication problem:

 

1) On server (currently just local dev box), Call LithiumSSOClient and receive a HttpCookie containing the token.
2) Use the token contained in the HttpCookie to call the REST API login function, passing it the token. This logs in fine, I get a response and a session key back. I can then make further calls do other rest API methods using this session key.
3) Place the cookie containing the token in the browser.

This is fine, until:

4) user goes to the lithium demo site in the browser: an error message appears "unable to authenticate" in a red box with 5 possible solutions.

 

The strange thing is, if I just call step 1 and 3, and do not try and login via the REST login service, when I visit the lithium site, SSO works just fine.

 

I also notice when we call the rest API, it returns a number of set-cookies in the response. I have tried setting these cookies in the browser before step 4. This stops the authentication failed message, however it does not log the user in either.

 

the lithium site we are using is:

 

http://sydney.demo.lithium.com

 

 

Also, the user we are trying to authenticate is a regular user, not an admin user.

 

Any help or pointers would be much appreciated,

 

Thanks

 

Chris

 

 

 

  • Hi Chris,

     

    SSO Tokens are intended to be used for authentication only once.I would suggest creating separate SSO token: one to be used in the browser, and one to be used for the REST API.

     

    Regards,

     

    Adam

  • AdamN's avatar
    AdamN
    Khoros Oracle

    Hi Chris,

     

    SSO Tokens are intended to be used for authentication only once.I would suggest creating separate SSO token: one to be used in the browser, and one to be used for the REST API.

     

    Regards,

     

    Adam

      • Hi,

         

        I have the same problem but i dont understand what i must to do for solving it.

        For well understanding, we need to create 2 cookies (or we can call to getLithiumCookieValue() only for the REST API)

        The clientId must be different between the 2 cookies ?

        If we create 2 cookies, how the forum is able to select the right cookie ? (if it select the cookie created for REST API, the token is already consumed)


        Further, there is a relation between the cookie and the ip of the server which create the cookie ? when i create a sso cookie from a configurated server the forum authenticate correctly the user. When i create the cookie from my local pc (127.0.0.1), the cookie is created but the forum does not authenticate the user.

         

        On the stage environnement, there is an option for getting more logs in the http response for getting help for debugging ?

         

        Thanks in advance

        Sylvain