Top Secret

 View Only

  • 1.  Authz Web Services: BinaryCreds & forms

    Posted Aug 31, 2015 03:56 PM

    Is anyone familiar with used forms based authentication/authorization for SPS auth-by-web-service? How about the <binaryCredentials> token that can be passed...does this correspond to an x509 certificate?

     

    I currently have the authz web services set up to use Basic auth, using user name and password. How could I change this to use forms or binarycredentials?



  • 2.  Re: Authz Web Services: BinaryCreds & forms

    Broadcom Employee
    Posted Mar 29, 2017 05:18 AM

    Hi,

     

    The binaryCreds is to hold certificate when authentication scheme request
    it.

    You should understand that Auth/AZ Web Service is plain implementation
    of Agent SDK Login call.

    So in order to get an SMSESSION cookie the "Login" call to succeed
    and generate SMSESSION cookie it either needs :

    User and Password

    or

    public certificate of the User.

    That means for <loginRequest> request, we can either pass User Name / Password or
    Public certificates like this :

    User Name or Password

    <loginRequest>
    <binaryCreds></binaryCreds>
    <password>user1</password>
    <userName>user1</userName>
    <action>POST</action>
    </loginRequest>

    Or

    Public Certificate

    <loginRequest>
    <binaryCreds>MIICvzCCAiigAwIBAgIDAeJCMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNVBAYTAlVTMRYwFAYDVQQI
    Ew1NYXNzYWNodXNldHRzMRAwDgYDVQQHEwdXYWx0aGFtMRIwEAYDVQQKEwlOZXRlZ3JpdHkxFDAS
    BgNVBAsTC0VuZ2luZWVyaW5nMRwwGgYDVQQDExNDZXJ0aWZpY2F0ZSBNYW5hZ2VyMB4XDTA1MDYw
    MjE1NTE1NloXDTE5MDIwOTE2NTE1NlowcDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1
    c2V0dHMxEDAOBgNVBAcTB1dhbHRoYW0xEjAQBgNVBAoTCU5ldGVncml0eTEUMBIGA1UECxMLRW5n
    aW5lZXJpbmcxDTALBgNVBAMTBFJvYm0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmsN7o9
    TM8COlJULQ8Gl8rs3co0T6y3xyWJkn2vhx3BUjibjVwdaqn7zR3NawItvsL4RCQpeYNJ+oPPpNEd
    rYGY5NmUUDqqzWKhFWz6PloK8zjJ0VbOLoIArRxRxMnLOdm1yFZO5h1kCDgVmKWzL75np9w5iKUN
    mwAWzMlc6njVAgMBAAGjWDBWMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwfYADAWBgNVHREE
    DzANgQtyb2JtQGNtLmZvbzAdBgNVHQ4EFgQUeMS2MjNJ6PY9lZcbq1v5o/5VkXswDQYJKoZIhvcN
    AQEEBQADgYEAGXgFn3+LC6kYBUTvKNPSlHbfqtx2Ifuk7HzZOAtveMojIq8q6nUvRWk7KlyVfkNR
    sohd+HoM1c/2yLecC3HqkJR1x5vb0YHvoJa+ucif+45rYSfrWXRAa6PVC3a06GGPd4yjZclZlrn3
    fd+HwssScRSvVI5r+64+oNMhsqoTBvc=</binaryCreds>
    <password> </password>
    <userName> </userName>
    <action>GET</action>
    </loginRequest>

    Any one of them will generate SMSESSION cookie.

     

    We're sorry to come late on this thread.

     

    Best Regards,

    Patrick