Layer7 API Management

Expand all | Collapse all

How to pass username and password to OTK for authentication?

  • 1.  How to pass username and password to OTK for authentication?

    Posted 02-15-2017 10:09 AM

    We are planning to use OTK 3.1.1 (authenticates against LDAP) for our Mobile app login authentication. Could someone please help me to understand the following:

    1) How to pass the username/password to /auth/oauth/v2/authorize from the browser or soapUI?  Basically mimic the TestClient2 that comes with OTK installation. (see below). So that we could directly call the URLs for the authorization (rather than using the UI) .

    2) What's the Layer 7 policy behind TestClient2?

     

    Thanks for your help.



  • 2.  Re: How to pass username and password to OTK for authentication?

    Posted 02-15-2017 06:55 PM

    Hi,

    It will call the OTK API endpoints,

    OAuth API Endpoints - CA API Management OAuth Toolkit - 3.4 - CA Technologies Documentation 

    in your case, it will call authorization end points to complete the flow.

     

    Regards,

    Mark



  • 3.  Re: How to pass username and password to OTK for authentication?

    Posted 02-16-2017 08:15 AM

    Thanks, Zhijun.

     

    According to the documentation, following are the parameters that need to be passed to the /authorize/login endpoint:

    action=<action>&

    sessionID=<sessionID>& 
    username=<username>& 
    password=<password>& 
    persistent_cookie=no& 
    code=<code>& 
    provider=<provider>& 
    state=<state>& 
    oauth_token=<oauth_token>&

    oauth_verifier=<oauth_verifier>

    Out of these, except action, sessionID, username, password and persistent_cookie, rest of them are optional. I am not sure what to pass for the sessionID. I tried the /auth/oauth/v2/authorize/login endpoint from soapUI as shown below, it returns the following error:

     

     

    Could you help me with a sample request for the following endpoints?

    /auth/oauth/v2/authorize/login

    /auth/oauth/v2/authorize/consent

    /auth/oauth/v2/token

    /auth/oauth/v2/token/revoke

    /connect/session/logout

    /connect/session/status

     

    Thanks much.



  • 4.  Re: How to pass username and password to OTK for authentication?

    Posted 02-16-2017 08:49 AM

    Hi SavarimuthuArockiasamy18001040,

     

    You may want to take a look at this:

     

    OAuth Request Scenarios - CA API Management OAuth Toolkit - 3.4 - CA Technologies Documentation 

     

    For authorization code and implicit grant types you will be presented with the login screen as seen above.

    If you are looking to bypass this you may want to look at the client credentials or resource owner password credentials grant types.

     

    The policies for the OAuth test client can be found in Server -> Internal -> Tools-> OAuth 2.0 Test Clients

     

    Regards,

    Joe