Authentication to REST APIs not served from OTAG

A JavaScript application running on AppWorks has an access to the otagtoken and can perform AJAX requests to REST APIS served from the same origin. How about communicating with other REST APIs and enjoying SSO coming from the initial login to AppWorks?

Let's say that I'd like to access the CS REST API. I can authenticate using OTCSTicket, OTDSTicket and MYSAPSSO2 headers, or by Basic Authentication. None of those authorization tokens are available in AppWorks, am I right?

Is there an AppWorks-integration CS module with a login callback accepting the otagtoken? Like the OTDS integration module does for the OTDSTicket and MYSAPSSO2 token. If it is, I'd just send the otagtoken to authorize the requests.
If the OTDS integration is turned on, is the OTDSTicket available from within the app? If it is, I'd just use to authorize the requests.
If I configure OTAG as a reverse proxy to access my CS, can I deploy a custom filter to the proxy? I wonder how feasible it'd be to add a CS-specific authorization header (OTCSTicket) based on the otagtoken I'd send from the app. The requests would be authorized by OTAG on behalf of the user logged in to OTAG in the app.

Developing all APIs to be deployed on OTAG only is probably unrealistic. The OTAG proxy component is a good start to avoid CORS problems and to overcome firewalls. How about the SSO now?

Find more posts tagged with

API

AppWorks Gateway

Comments

Jonathan_Tien

Heya,

From what I can gather then, you need to use the OTDS REST API to get a ticket from OTDS directly?

http://otdserver:8080/otdsws/api/authentication

In my case, I used the POST /authentication/credentials to get an OTDS ticketand then re-use that through all my sunsequent requests!

Hope this helps

Jonathan

John_Wilkinson1

The otdsticket is available in your app. Note that it is an OTDS 10.5 SSO ticket, not compatible with CS10 (but compatible with CS10.5).

Ferdinand Prantl

Thanks for your responses!

Jonathan, I'd like to avoid an explicit authentication call to OTDS, because I'd have to ask the user for their credentials. It'd defeat the purpose of having just single login - the AppWorks one.

John, this is great to learn about. Currently, the applications integrating the CS UI Widgets (the JavaScript component I was talking about) support also connecting to the CS 10.0 and to the CS without OTDS. However, it might be acceptable that the integration of the CS UI Widgets in AppWorks apps would mean limitation to the CS 10.5 only and only to the CS + OTDS. Such applications would be new and it's more likely that the customer would also use the newest CS version.

Sometimes it is difficult to develop a solution for the customer, when every product decides independently what minimum versions are supported. The compatibility matrix gets so complicated... I'd prefer some global strategy, like CS 10.0 is supported in general by all OT products on not. The CS REST API is supported on both CS 10.0 and 10.5 and that's why the CS UI Widgets integrations support both.

Andrew Nuckols

Is it documented somewhere how one gets the otdsticket from the AppWorks app? I searched through the posts on developer.opentext.com and was not able to find anything. Thanks.