Direct invoke and url user/password challenge/response

Sun, 12/07/2008 - 22:01
andreas_william...
User offline. Last seen 1 year 30 weeks ago. Offline
Joined: 10/30/2008
Points: 10

I am trying to connect via direct invoke to a authenticated site, how do I intercept the login challengand pass it the user to enter their own userid/pswd, then pass it to the server challenging for authentication and then reuse the authentication in subsquent invokes?

 

 

0
Your rating: None
Mon, 12/08/2008 - 17:18
Copy comment link
raj
raj's picture
User offline. Last seen 2 days 4 hours ago. Offline
Joined: 09/22/2008
Points: 2

hi andreas,

You can send HTTP  authentication credential headers in directinvoke when invoking an authenticated site.

Step 1)
Define a reusable global macro to format & encode HTTP basic auth credentials.
Add the following EMML macro snippet to <tomcat>/webapps/presto/WEB-INF/classes/global.emml-macros

   <macro name="computeBasicAuth">
       <input name="user" type="string"/>
       <input name="password" type="string"/>
       <output name="basicauth" type="string"/>
       <presto-meta name="macrotype">system</presto-meta>

       <script type="text/javascript" >
               <![CDATA[
               var userPassword =  new Packages.java.lang.String(user
+ ":" + password);
               basicauth = "Basic " +
                           Packages.sun.misc.BASE64Encoder().encode
(userPassword.getBytes());
               ]]>
       </script>

   </macro>

Step 2)
Use this Macro to compute basic-auth headers, and subsequently send those HTTP headers in <directinvoke/> call.

     <input name="user" type="string" default="xyz"/>
       <input name="password" type="string" default="xyzxyz"/>

       <output name="result" type="string"/>

       <variables>
           <input name="basicauth" type="string" />
           <variable name="reqheaders" type="document"/>
           <variable name="payload" type="document">
               <stubrequest/>
           </variable>
       </variables>

       <macro:computeBasicAuth user="$user" password="$password"
outputvariable="$basicauth"/>

       <!-- Build Basic Auth Header -->
       <constructor outputvariable="reqheaders">
               <![CDATA[
               <headers>
                    <Authorization>{$basicauth}</Authorization>
               </headers>
               ]]>
       </constructor>

       <directinvoke endpoint="http://serviceEndpoint"
                       method="post"
                       header="$reqheaders"
                       requestbody="$payload"
                       outputvariable="result"/>

Let us know if you have further clarification / issues.

raj.  chief masher @ jackbe

Mon, 12/08/2008 - 17:44
Copy comment link
wfandreas
User offline. Last seen 1 year 37 weeks ago. Offline
Joined: 12/01/2008
Points: 30

Raj,

Thank you for the code snippet. I see this as a post request to authenticate and then getting back a cookie that I can use in the header for subsquent authenticated calls against the target system. Is this a correct assumption?

 

Bill

Mon, 12/08/2008 - 18:21
Copy comment link
raj
raj's picture
User offline. Last seen 2 days 4 hours ago. Offline
Joined: 09/22/2008
Points: 2

Hi Bill,

Yes, you can use cookies to propagate authentication state.  There is a cookie attribute in <directinvoke/> to receive & send cookies i.e.,

            <directinvoke endpoint="$redirecturl" cookies="$cookies" outputvariable="result"/>
You can check out mashupclient/samples/igoogle.emml   EMML sample for a demonstration of cookie for propagating authentication token.

 

 

 

raj.  chief masher @ jackbe

Mon, 12/08/2008 - 19:11
Copy comment link
wfandreas
User offline. Last seen 1 year 37 weeks ago. Offline
Joined: 12/01/2008
Points: 30

Raj,

Thank you, I did not know that was in the igoogle sample, makes sense now that you have mentioned it. I'll take a look at it.

We use an RSA Cleatrust SSO solution, as RSA is one of our organizations, should work with that implementation

Great stuff,

Still Love the Glasses,

Bill