Hi Norman,
I am also facing this adventure: Seems like CROWD and REST is quite suitable for authenticating users in a browser, but outside the browser becomes an adventure.
Basically, you need the token that CROWD has issued to the browser-client and WEB-applications store as a cookie. Outside the webbrowser, I am currently in the dark how to retrieve that already issued token to be used as your authentication for a non-web browser based application.
To give you a headstart on the REST API:
First create an application in CROWD. The user name, password and IP-address we'll be using lateron, the URL I found not relevant (currently)
The username/password will be used to do webpage authentication with.
The simplest test can be done right from your browser!
Enter in you browser:
http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/search?entity-type=user
When prompted username/password, enter the u/p defined as the APPLICATION in Crowd and you'll receive an XML page with all the users defined in Crowd.
http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/user?username=John+Smith&expand=attributes
will show details and attributes/values of user "John Smith"
For more sophisticated interaction with CROWD through REST, you will need to use the Linux application CURL (also available for Windows somewhere)
This will allow you to POST as well, actually changing password and so.
SESSION stuff
To obtain a token for user PIPO, create the following XML file and name it "get-token.xml":
<?xml version="1.0" encoding="UTF-8"?>
<authentication-context>
<username>PIPO</username>
<password>secret</password>
<validation-factors>
<validation-factor>
<name>remote_address</name>
<value>192.168.1.1</value>
</validation-factor>
</validation-factors>
</authentication-context>
Now issue the CURL command:
# curl -H "Accept: application/xml" -H "Content-Type: application/xml" -w "\nHTTP STATUS: %{http_code}\nTIME: %{time_total}\n" -X "POST" -v --basic -u "APP_USER:APP_PASSWD" -d @get-token.xml "http://192.168.1.1:8095/crowd/rest/usermanagement/latest/session"
CURL will return:
* upload completely sent off: 308out of 308 bytes
< HTTP/1.1 201 Created
< Server: Apache-Coyote/1.1
< X-Embedded-Crowd-Version: Crowd/2.5.2
< X-Crowd-User-Management-Version: 1.2
< Set-Cookie: JSESSIONID=1374917674DE24CA79348385CE1C0470; Path=/crowd; HttpOnly
< Cache-Control: no-cache, no-store, no-transform
< Location: http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/session/x7HXrLaHqyi9EMxM5m0H6w00
< Content-Type: application/xml
< Content-Length: 382
< Date: Sun, 17 Feb 2013 12:21:44 GMT
The token URL is:
http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/session/x7HXrLaHqyi9EMxM5m0H6w00
AUTHENTICATION STUFF
How to authenticate a user
Create the following XML file and call it "auth-me.xml":
<?xml version="1.0" encoding="UTF-8"?>
<password>
<value>SECRET</value>
</password>
Issue the CURL command:
# curl -H "Accept: application/xml" -H "Content-Type: application/xml" -w "\nHTTP STATUS: %{http_code}\nTIME: %{time_total}\n" -X "POST" -v --basic -u "APP_USER:APP_PASSWD" -d @auth-me.xml http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/authentication?username=PIPO
CURL will return:
* About to connect() to 192.168.250.122 port 8095 (#0)
* Trying 192.168.250.122... connected
* Server auth using Basic with user 'APP_USER'
> POST /crowd/rest/usermanagement/latest/authentication?username=PIPO HTTP/1.1
> Authorization: Basic cGV0ZXIwMToucGV0ZXIu
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: 192.168.1.1:8095
> Accept: application/xml
> Content-Type: application/xml
> Content-Length: 83
>
* upload completely sent off: 83out of 83 bytes
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-Embedded-Crowd-Version: Crowd/2.5.2
< X-Crowd-User-Management-Version: 1.2
< Set-Cookie: JSESSIONID=EE45DAFC9FA310C77818FEC3F9837A29; Path=/crowd; HttpOnly
< Content-Type: application/xml
< Content-Length: 670
< Date: Sun, 17 Feb 2013 12:34:32 GMT
<
* Connection #0 to host 192.168.250.122 left intact
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><user name="PIPO" expand="attributes"><link rel="self" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user?username=PIPO"/><first-name>PIPO</first-name><last-name>simple user</last-name><display-name>PIPO simple user</display-name><email>pipo@example.com</email><password><link rel="edit" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user/password?username=PIPO"/></password><active>true</active><attributes><link rel="self" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user/attribute?username=PIPO"/></attributes></user>
HTTP STATUS: 200
TIME: 0.186
* Closing connection #0
NOTE: HTTP STATUS: 200 signals the authentication went well.
This is as far as I got. Now I need some way to interconnect this with the already established session of jira and confluence from that workspace, but that's still a bit vague to me.
There ain't something like Kerberos klist, which shows you your grants.
Work in progress, but this might help you gain a week or two of searching...
Have fun!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.