Re: Lithium API usage when own eIdP is connected

STARFLEET · ‎01-23-2018

Hi all,

we have successfully connected our own eIdP solution with our Lithium instance as we have a central identitymanagement within our company.

Lithium Professional Service created a custom plugin out of the standard Lihtium SSO plugin.

Our eIdP is working with openid standards and will deliver accestokens in the standard of JWT Tokens.

So far so good .. everything is working fine ...

The problem:

We cannot use the Lithium API V1 or V2 triggered from the user context, as there is no user password stored in Lithium and we cannot create a session key to be able to trigger API calls from with the user context. OAuth and the other stuff seems to work only for the default SSO.

My question:

How can we use the Lithium API if we have no user password, but instead a JWT standard accesstoken from our eIdp ?

Would it be a realistic approach if we'll write an endpoint to which we will handover an JWT accesstoken and the endpoint can respond with the valid session key.

Are there freemarker functions available to generate a valid session key within freemarker or at least within a potential custom plugin?

And yes, we already talked with Professional Services, till now it seems that no one has an idea, maybe some of you guys come up with an good idea.

Thank you for you help ...

STARFLEET

STARFLEET · ‎02-02-2018

Moved to https://community.lithium.com/t5/Developer-Discussion/How-to-create-restapi-session-key-programatica...

STARFLEET

Lithium API usage when own eIdP is connected

What permission(s) gets around flood control?

Search option on bg-p

How do you download/export a list of all RSVP'd us...

How do i get list of users deleted in the communit...