CODEWITHSUNDEEP
javarestopenam
iam10k
iam10k

Reputation: 832

Java REST API that uses OpenAM token to determine user?

I am having trouble being able to validate a users token with OpenAM. Particularly what type of Agent I should create. Is there anyone that can recommend a solution?

Essentially the REST API will read the users OpenAM tokenid and validate the token with OpenAM which then will return data which contains a username. That username can be used in the REST API method to identify who is accessing the method.

Even more simplified is how can I use a OpenAM token to get the OpenAM user info.

Thanks!

Upvotes: 2

Views: 4830

Answers (3)

Sathish Kumarbt
Sathish Kumarbt

Reputation: 1

don't you need cookies to be set ..

   Response fieldResponse = given().auth().oauth2( oAuthLogin.getToken())
                .config(new RestAssuredConfig().
                        decoderConfig(
                                new DecoderConfig("UTF-8")
                        ).encoderConfig(
                        new EncoderConfig("UTF-8", "UTF-8")
                ))
                .header("iplanetDirectoryPro", oAuthLogin.getToken())
                .header("Content-Type", "application/json")
//                .contentType("application/json")
                .body(myRequest).with()
                .when()
                .post(dataPostUrl)
                .then()
                .assertThat()
                .log().ifError()
                .statusCode(200)
                .extract().response();

is failing as bad request 400.Same content header is working in postman. Only difference i see is cookie.enter image description here Working as per postman

Not working one which used restassured framework enter image description here

Upvotes: -1

iam10k
iam10k

Reputation: 832

I ended up going with with idFromSession: 

curl --request POST \
 --header "iplanetdirectorypro: AQIC5wM2LY4SfczUFNs-TJwFrCVAKgR0NulIAyNaIkQmjis.*AAJTSQACMDEA
 AlNLABQtNTQ3NDE2Njc5ODk4MjYzMzA2MQ..*" \
 --header "Content-Type: application/json"
http://openam.example.com:8080/openam/json/users?_action=idFromSession

Then in my java REST API method I used:

String httpsURL = "https://openam.example.com:8080/openam/json/users?_action=idFromSession";
URL url = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

//add request headers
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0");
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
con.setRequestProperty("Content-Type", "application/json");

// Add session token as header
con.setRequestProperty("iplanetdirectorypro", "AQIC5wM2LY4SfczUFNs-TJwFrCVAKgR0NulIAyNaIkQmjis.*AAJTSQACMDEA
     AlNLABQtNTQ3NDE2Njc5ODk4MjYzMzA2MQ..*");

// Send post request
con.setDoOutput(true);
// Read output
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));

Based the HTTP POST off of: https://www.mkyong.com/java/how-to-send-http-request-getpost-in-java/

Upvotes: 0

Guillermo R
Guillermo R

Reputation: 633

You can use the following endpoints:

  1. Authenticate user:

    curl --request POST --header "X-OpenAM-Username: demo" \
--header "X-OpenAM-Password: changeit" \
--header "Content-Type: application/json"      
"http://openam.example.com:8080/sso/json/authenticate"

{"tokenId":"AQIC5wM2LY4SfcyTReB5nbrLt3QaH-7GhPuU2-uK2k5tJsA.*AAJTSQACMDEAAlNLABMyOTUxODgxODAwOTE0MTA4NDE3*","successUrl":"/sso/console"}

  2. Validate token:

    curl --request POST \
--header "Content-Type: application/json" \
"http://openam.example.com:8080/sso/json/sessions/AQIC5wM2LY4SfczadxSebQWi9UEyd2ZDnz_io0Pe6NDgMhY.*AAJTSQACMDEAAlNLABM3MTMzMTYwMzM1NjE4NTE4NTMx*?_action=validate"

{"valid":true,"uid":"demo","realm":"/"}

  3. Get profile attributes:

    curl --request GET \
--header "iPlanetDirectoryPro: AQIC5wM2LY4SfczadxSebQWi9UEyd2ZDnz_io0Pe6NDgMhY.*AAJTSQACMDEAAlNLABM3MTMzMTYwMzM1NjE4NTE4NTMx*" \
"http://openam.example.com:8080/sso/json/users/demo"

{"username":"demo","realm":"/","uid":["demo"],"userPassword":["{SSHA}cIgTNGHWd4t4Ff3SHa6a9pjMyn/Z3e3EOp5mrA=="],"sn":["demo"],"createTimestamp":["20160406210602Z"],"cn":["demo"],"givenName":["demo"],"inetUserStatus":["Active"],"dn":["uid=demo,ou=people,dc=example,dc=com"],"objectClass":["devicePrintProfilesContainer","person","sunIdentityServerLibertyPPService","inetorgperson","sunFederationManagerDataStore","iPlanetPreferences","iplanet-am-auth-configuration-service","organizationalperson","sunFMSAML2NameIdentifier","oathUser","inetuser","forgerock-am-dashboard-service","iplanet-am-managed-person","iplanet-am-user-service","sunAMAuthAccountLockout","top"],"universalid":["id=demo,ou=user,dc=openamcfg,dc=example,dc=com"]}

Upvotes: 6

Related Questions