Problem Authenticating with REST API and SSO

Can you please provide the REST API URL that you're calling? I don't see the CURLOPT_URL being set in your code.

Thanks,

Brad

I did not include in the post but  I am calling http://lithiumstage.alloyentertainment.com/alloy/restapi/vc/authentication/sessions/login   in CURL.

URL is correct as REST API retuning autenticaion failed error in result xml

---

BradC wrote:

Can you please provide the REST API URL that you're calling? I don't see the CURLOPT_URL being set in your code.

 

Thanks,

 

Brad

---

Thanks for the extra info. The "Authentication Failed" error you are experiencing occurs when attempting to authenticate an administrator/moderator account (who has elevated permissions) and the client IP address that is sent in the SSO token is different than the user's IP who is trying to redeem the token.

To authenticate the user with the API, the IP address in the token needs to be the server's IP address (the server that is making the calls). You can manually set this using this call:

$liToken = $lithium->get_auth_token_value("89", "ismail", "ismail@gmail.com", $settings_array, $lithium->get_server_var("HTTP_USER_AGENT"), $lithium->get_server_var("HTTP_REFERER"), "EXTERNAL.IP.ADDRESS.HERE"); 

Please let me know how this works for you.

Thanks!

Brad

There is no get_auth_token_value()  function in lithium_sso.php which i was provided by lithium

Am i missing any file?

Attached is the newest lithium_sso.php library we are using (with the get_auth_token_value() function).

I have downloaded new lithiium_sso.php. Now php script not throwing error for function not found .

But REST API still returning authentication failed. here is the out put

Can you please rerun the script to generate the token, and then send me a private message with the token? I will decrypt it and see if we can find out what's causing the user authentication error.

Thanks for the information in this thread it got me all the info I needed to get this working in my PHP script.

I used the base snippet from the OP, but customized it to work with my needs.

I have incorporated SimpleXMLElement to handle the outputted XML response.

As you can see, I have stored the Status of the response in a local variable as well as the returned session key value.

Both of which, I intend to use in logical checks in my script's error checking and subsequent REST API calls, respectively.

----------------------------------------------------------------

<?php
	
	// Sets the external IP of the Server making the REST API calls
	$external_ip_address = '<your_external_ip(i.e.., xxx.xxx.xxx.xxx)>';
	
	// Secret SSO key (128-bit or 256-bit) provided by Lithium
	$sso_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";

	// Initialize Lithium SSO Client
	require_once("lithium_sso.php");

	$lithium = new lithium_sso("<your company>", "<.your_company.com>", $sso_key);

	// (Optional) Additional user profile settings to pass to Lithium
	$settings_array = array();

	$settings_array["roles.grant"] = "Administrator";

	// Create the authentication token
	$liToken = $lithium->get_auth_token_value("<your_unique_id>", "<your_admin_username>", "<your_admin_email_address>", $settings_array, $lithium->get_server_var("HTTP_USER_AGENT"), $lithium->get_server_var("HTTP_REFERER"), $external_ip_address);

	$post_data="sso.authentication_token=$liToken";

	$process = curl_init();                                                                      
	 curl_setopt($process, CURLOPT_URL, 'http://<your_community>/<your_company>/restapi/vc/authentication/sessions/login');                       
	 curl_setopt($process, CURLOPT_TIMEOUT, 30);                                                   
	 curl_setopt($process, CURLOPT_POST, 1);                                                              
	 curl_setopt($process, CURLOPT_POSTFIELDS, $post_data);                              
	 curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);                              
	 
         $return = curl_exec($process);  

         curl_close($process);

	$response = new SimpleXMLElement($return);
	echo 'response = ' . $response['status'];
	echo '<br>key = ' . $response->value;
	
?>