Forum Discussion

durgamallesh's avatar
durgamallesh
Contributor
12 years ago

REST API Authentication

Hi,

 

I went through the documents and discussions and couldn't find a solution, may be I am missing something obvious.

 

Problem:

 

I have access to our community forums and also full permissions to use the REST API. So, when I try to call the API through python, I keep receiving error code 302, user authentication failed.

 

While browsing through the forums, I understand that I need to get an SSO key for the authentication, but I am unable to get to lithium SSO client (assuming thats how I can get the key). 

 

Any help is appreciated.

 

Cheers

7 Replies

Sort By
  • PaoloT's avatar
    PaoloT
    Lithium Alumni (Retired)
    12 years ago

    Hi durgamallesh,

     

    are you calling the API from a standalone application or external website? As discussed here the API supports username and password log in as well as authentication using the Lithium SSO cookie. If you get a 302 error back when using those credentials, make sure that you verify that the credentials are correct - also, please check the method you are using to send these in your request - for example a POST request of "application/x-www-form-urlencoded" Content-Type.

     

    If you are using the REST API in the Studio custom components via the rest context object - then the call will be made on behalf  of the currently logged (or anonymous) session that is browsing the Lithium communities and loading the custom component.

     

    Maybe if you can provide some context on what you are trying to accomplish I can be more specific.

     

    Thanks,

  • durgamallesh's avatar
    durgamallesh
    Contributor
    12 years ago

    Thanks paolo.

     

    Before I proceed, I want to confirm that the credentials I am using are correct. 

     

    I am calling the API from a Python program and trying to fetch some metrics for our forums.

     

    I am trying to make a GET request to the following URL and passing user.login and user.password as the parameters

    http://forums.<my company>.com/restapi/vc/authentication/sessions/login.

     

    Please note that the user.login and user.password are the credentials I use to login to our company's forums with access to use the REST API.

     

    And this is the error, I get:

     


    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
    <response status="error">
    <error code="302">
    <message>
    User authentication failed.
    </message>
    </error>
    </response>

     

    I know that I am missing something obvious, but couldn't figure it out.

     

    Thanks for taking time to respond. Much appreciated.

     

    Cheers

  • HaidongG's avatar
    HaidongG
    Lithium Alumni (Retired)
    12 years ago

    Hi durgamallesh,

     

    1) are you calling the authenticationurl like "/restapi/vc/authentication/sessions/login?user.login=" + user + "&user.password=" + password  ?

     

    maybe your username or password contain special characters, which break the URL?

     

    2) has your community enabled SSO?

     

    if yes, you have to get the sso authorization token from the SSO provider and call "/restapi/vc/authentication/sessions/login?sso.authentication_token=" + ssoAuthTokenString;

     

    last, through it may not be related, you may want to make sure your user id has the proper right to call REST API.

  • durgamallesh's avatar
    durgamallesh
    Contributor
    12 years ago

    Hi Haidong,

     

    Thanks for the reply. I was on vacation so couldn't respond earlier.

     

    HaidongG wrote:

    Hi durgamallesh,

     

    1) are you calling the authenticationurl like "/restapi/vc/authentication/sessions/login?user.login=" + user + "&user.password=" + password  ?

     

    maybe your username or password contain special characters, which break the URL?

     

     

    I have modified the password to ensure there are no special characters and tried, but no luck.

     

     

    2) has your community enabled SSO?

     

    if yes, you have to get the sso authorization token from the SSO provider and call "/restapi/vc/authentication/sessions/login?sso.authentication_token=" + ssoAuthTokenString;

     

     

    Our community has enabled SSO, but I am lost as how I can get the sso authentication token. Is this something that community admins would provide?

     

    last, through it may not be related, you may want to make sure your user id has the proper right to call REST API.

    I can confirm that my ID has access to the REST API. When I login to our community forums and try to authenticate using REST API, I get a session key using which I was able to make the REST calls. 

     

    and a final question, if my community has enabled SSO, is SSO authentocation the only way to connect to REST API? or can I still use just my user id and password to connect to REST API?

     

    Thanks again.

     

    Cheers

  • HaidongG's avatar
    HaidongG
    Lithium Alumni (Retired)
    12 years ago

    Hi durgamallesh,

     

    for SSO user to access the REST API, you just need to do as you normal SSO user login via Cookie, it is something like

    LithiumSSOClient ssoClient = LithiumSSOClient.getInstance(SSO_KEY.getRaw(), SSO_CLIENT_ID, SSO_CLIENT_DOMAIN, SSO_SERVER_ID);
ssoAuthTokenString = ssoClient.getLithiumCookieValue(ssoid, screenname, email, "", "", "", CALLER_PUBLIC_IP);

     the you do HTTP GET for

    COMMUNITY_URL + "/restapi/vc/authentication/sessions/login?sso.authentication_token=" + ssoAuthTokenString;

     to retrieve the restSessionKey.

     

    for your last question: yes, you are right: with SSO enabled, you can still access REST API with normal Lithium Authentication. However, once SSO is enabled, you are not able to register a new Lithium authentication account. for stage, you may temporarily disable SSO and ceate a new account. For production, you need to log a ticket with our Support team.

  • schung's avatar
    schung
    Guide
    11 years ago

    Hi, I'm in a similar situation, and I was wondering if you found a solution to the problem yet. Thanks!

  • samudhraa's avatar
    samudhraa
    Expert
    11 years ago

    Hi ,

    In addition to what Haidong has mentioned , I have done a similar implementation from a java app.

    Here are the steps.

    1. Basic authentication of user , to get the session id.
    2. Use the session id to make your desired REST call.
    3. If the above doesn't work , and a sso id is necessary , make a REST call to get the sso id , using the session key.

    Here is a sample snippet in java , which might be of help.

     

    private String authenticate(String username, String password)
    throws Exception {

    String componenturl = "http://forum.stage.lithium.com/forum/restapi/vc/authentication/sessions/login?user.login="+ username + "&user.password=" + password;

    URL url = new URL(componenturl);
    HttpURLConnection con = (HttpURLConnection) url.openConnection();
    con.setRequestProperty("Authorization", "Basic " + authStringEnc);
    con.setRequestMethod("GET");
    BufferedReader in = new BufferedReader(new InputStreamReader(
    con.getInputStream()));
    String inputLine;
    String response = "";

    while ((inputLine = in.readLine()) != null) {
    response += inputLine;
    }

    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    DocumentBuilder builder;
    InputSource inputsource;
    try {
    builder = factory.newDocumentBuilder();
    inputsource = new InputSource(new StringReader(response));
    Document doc = builder.parse(inputsource);
    NodeList list = doc.getElementsByTagName("value");
    sessionKey = list.item(0).getTextContent();
    }

    return sessionKey;
    }

     

    I think , the parameter is restapi.sessionkey=${sessionkey}. You might have to check that.

    Hope that helps.

     

    Thanks,

    Sam