Documentum Rest API with AAD token

BA_Insight · 2021-04-30T15:03:14+00:00

There was an error rendering this rich post.

Hi,

We have a customer who implemented Documentum with Azure AD for user authentication (i.e. instead of using OTDS, they use an Azure AD app registration).

I cannot find any documentation online on how to configured Documentum / Rest API to match my customer's environment. Where should I go to get it?

Also, what kind of token should be sent to the REST API?

In our test within our customer's environment, we noticed that the only tokens working are the ones emitted by login.microsoft.com/{tenant id}/oauth2/authorize which end up being tokens generated for the purpose of accessing the MS graph API.

Tokens issued via login.microsoft.com/{tenant id}/oauth2/v2/authorize do not appear to be accepted by the REST API. Is that to be expected?

Thank you!

Find more posts tagged with

Comments

Hicham Bahi

Secure your web server to authenticate AAD token and configure Documentum REST with "Pre-authenticated authentication". Checkout the Documentum REST Developer's guide for details.

BA_Insight

Hi Bacham3.

thank you for your reply. I looked up pre-authenticated auth and this doesn't appear to be how Documentum was configured for our customer and our challenge is that we need to comply to how it's configured for them.

From the notes I obtained, Documentum is directly integrated with AAD, not via pre-authentication. And this applies to both the REST API endpoint and the end-user UI too.

Do you know where I can find more information on how Documentum works with AAD?

thank you.

Shailendra_Ch

Hello BA_Insight,

Were you able to find any documentation or samples which clearly describe the implementation of OAuth with Azure AD?

I am also planning to implement OAuth with Azure AD on Documentum REST Services, however unable to find clear documentation on the implementation.

Kindly share your inputs if you were able to successfully implement it.

Thanks.

rjone

Hi all,

Can you please share inputs or steps for the Azure AD integration with documentum REST and DFS.

Thanks

Raman

mmohammedjaffar

hello all, do we have any documentation for requirement shared, i too have the same requirement now

Hicham Bahi

Like I wrote above, we have implemented it using Documentum REST's pre-authenticated authentication feature. The product documentation explains how to set this up.

At this particular customer, we are using Open Liberty as the application server. Liberty has a feature called mpJwt (https://openliberty.io/docs/latest/reference/config/mpJwt.html) which can be easily configured to authenticate JWT tokens. With Tomcat there is no out-of-the-box support as far as I know and you have to use add-ons to achieve the same (e.g. Keycloak). So basically, the application server takes care of authentication and when a request reaches Documentum REST, it is already authenticated.

On the Documentum REST side, we have implemeted a servlet filter which extracts the user information and adds the user name to the HttpServletRequest headers (e.g. MY_USER). Documentum REST is configured with pre-authenticated authentication and is using MY_USER to identifiy the user for the current request. From that point forward, we use DFC principal authentication to authenticate the user against the Documentum Server.

mmohammedjaffar

we need tio implement this in JBOSS server which is is hostin the rest services , we are trying to consume rest services as API from one application & AAD toke to be used seamlessly, whether the about reoslution could work