REST Services - OTDSSO ticket and PUT/POST

Hi,
I have a function to update category attributes on a node per javascript:

this.UpdateAttrValue = function(nodeId, catId, attr, value) {
return $http({
method: 'PUT',
url: $config.csUrl + '/otcs/llisapi.dll/api/v1/nodes/' + nodeId + '/categories/' + catId + '?' + attr + '=' + encodeURIComponent(value),
               headers: {
                   "Content-Type": "application/x-www-form-urlencoded",
                   OTDSTicket: $auth.Ticket()
               }
}).catch(function (err) {
alert("Error: " + err.data);
});
       }

which comes out to send to the url of:
https://[devServer]/otcs/llisapi.dll/api/v2/nodes/685237/categories/97244?97244_23=[value_here]

And that used to work. But now, it returns a 401 error, unauthorized.

The big change we made, was moving from SSO by way of IIS on the content server to OTDS handeling the SSO. It means the auth ticket has now changed from *OTDS*blahblahblahguid to *OTDSSO*blahblahblahguid.

That said, this auth change had no change on the rest requests, such as getting child nodes, and getting node properties including the category and attributes.

Any idea what needs to change to get this working again? And do you think the auth change threw things off?

Thanks
Frank

Find more posts tagged with

Comments

Christopher Donner

Hi Frank,

What authentication method do you have configured on the IIS directory? Is this configured for Anonymous or IWA? It may be that this request is being rejected by IIS. If you are looking to have OTDS handle the auth request, IIS must be configured for anonymous to allow passthrough to OTDS. A packet capture would be useful in diagnosing this.

Beaty_Frank

IIS is configured under anonymous.

Part of what confuses me is that the auth tocket passes just fine on GET request, such as get node details, get node children... It's just on PUT and POST requests where this failes, such as add a node or update a node.

Thanks
Frank

appuGmail

Would all your requests be hitting the same LLServer or would it be routed by a LB to rule that out?

My understanding is REST always needs to set the headers

Not usually pliable by reusing like in a Cookie based old times

Ciao, Appu

On Jun 29, 2017, at 11:04 AM, eLink Entry: Content Web Services Forum <otdncontentwebservices971forum@elinkkc.opentext.com> wrote:

eLink : REST Services - OTDSSO ticket and PUT/POST
REST Services - OTDSSO ticket and PUT/POST Posted byBeaty, FrankOn 06/29/2017 12:02 PM

IIS is configured under anonymous.Part of what confuses me is that the auth tocket passes just fine on GET request, such as get node details, get node children... It's just on PUT and POST requests where this failes, such as add a node or update a node.Thanks
Frank
[To post a comment, use the normal reply function]
Topic: REST Services - OTDSSO ticket and PUT/POST
Forum: Content Web Services Forum
Content Server: Knowledge Center CS16

Beaty_Frank

This is the dev envrionment where there is only one server for CS, one for OTDS,etc, so yup, no load balancer or distributing the calls.

And yes, I am setting the header with the auth ticket on every REST call - those that work, and those that do not.

Thank you
Frank

appuGmail

401 indicates an authorization check don't it?

To do a PUT/POST you have to hit the web server which may actually call upon OTDS I have no idea because it can be configured many ways . Assume your call made it to OTDS then you would get a valid ticket. If it is livelink webpageat that point it should work

I would concentrate using a fiddler trace or some kind of network trace

Or if you actually put livelink logging and see if your post is making it this far.

What I am trying to say is do you have convincing evidence that says LL is throwing the error?

OK all in the spirit of trying to help

Ciao, Appu

On Jun 29, 2017, at 1:46 PM, eLink Entry: Content Web Services Forum <otdncontentwebservices971forum@elinkkc.opentext.com> wrote:

eLink : [EXTERNAL] - Re REST Services - OTDSSO ticket and PUT/POST
[EXTERNAL] - Re REST Services - OTDSSO ticket and PUT/POST Posted byBeaty, FrankOn 06/29/2017 02:45 PM

This is the dev envrionment where there is only one server for CS, one for OTDS,etc, so yup, no load balancer or distributing the calls.And yes, I am setting the header with the auth ticket on every REST call - those that work, and those that do not.Thank you
Frank
[To post a comment, use the normal reply function]
Topic: REST Services - OTDSSO ticket and PUT/POST
Forum: Content Web Services Forum
Content Server: Knowledge Center CS16

Thomas_Harper

Hi Frank,

Let me know if you've reviewed the following Knowledge Base article:

KB2913998
Content Server REST API - Authenticating using Single Sign On
https://knowledge.opentext.com/knowledge/cs.dll/kcs/kbarticle/view/KB2913998

The following articles may also be helpful. One contains the 401 error that you are receiving:

KB4243025
OTDS - When sending a SAML assertion through the OTDS REST API a user is not automatically provisioned
https://knowledge.opentext.com/knowledge/cs.dll/kcs/kbarticle/view/KB4243025

KB4242339
OTDS - Using OTDS REST API and SAML assertion to generate an OTDSTicket for use in other applications for authentication
https://knowledge.opentext.com/knowledge/cs.dll/kcs/kbarticle/view/KB4242339