It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to use Rest API to authenticate for custom applications on CROWD

Hi,

We want to integrate Crowd SSO for our custom applications. I am exploring CROWD standalone application for testing purpose. Can anyone please tell me how i make authentication of custom application using Crowd and do i need to use JAVA API for this or REST API.

I am also having problem to call the rest API method whenever I hit the URL it prompt the user name password and if i give admin user credentials or any other user it failed to authenticate and not work.

Please help me on that.

Thanks

1 answer

1 accepted

3 votes
Answer accepted

Hi Norman,

I am also facing this adventure: Seems like CROWD and REST is quite suitable for authenticating users in a browser, but outside the browser becomes an adventure.

Basically, you need the token that CROWD has issued to the browser-client and WEB-applications store as a cookie. Outside the webbrowser, I am currently in the dark how to retrieve that already issued token to be used as your authentication for a non-web browser based application.

To give you a headstart on the REST API:

First create an application in CROWD. The user name, password and IP-address we'll be using lateron, the URL I found not relevant (currently)

The username/password will be used to do webpage authentication with.

The simplest test can be done right from your browser!

Enter in you browser:

http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/search?entity-type=user

When prompted username/password, enter the u/p defined as the APPLICATION in Crowd and you'll receive an XML page with all the users defined in Crowd.

http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/user?username=John+Smith&expand=attributes

will show details and attributes/values of user "John Smith"

For more sophisticated interaction with CROWD through REST, you will need to use the Linux application CURL (also available for Windows somewhere)

This will allow you to POST as well, actually changing password and so.

SESSION stuff
To obtain a token for user PIPO, create the following XML file and name it "get-token.xml":

<?xml version="1.0" encoding="UTF-8"?>
<authentication-context>
  <username>PIPO</username>
  <password>secret</password>
  <validation-factors>
    <validation-factor>
      <name>remote_address</name>
      <value>192.168.1.1</value>
    </validation-factor>
  </validation-factors>
</authentication-context>



Now issue the CURL command:

# curl -H "Accept: application/xml" -H "Content-Type: application/xml" -w "\nHTTP STATUS: %{http_code}\nTIME: %{time_total}\n" -X "POST" -v --basic -u "APP_USER:APP_PASSWD" -d @get-token.xml "http://192.168.1.1:8095/crowd/rest/usermanagement/latest/session"

CURL will return:
* upload completely sent off: 308out of 308 bytes
< HTTP/1.1 201 Created
< Server: Apache-Coyote/1.1
< X-Embedded-Crowd-Version: Crowd/2.5.2
< X-Crowd-User-Management-Version: 1.2
< Set-Cookie: JSESSIONID=1374917674DE24CA79348385CE1C0470; Path=/crowd; HttpOnly
< Cache-Control: no-cache, no-store, no-transform
< Location: http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/session/x7HXrLaHqyi9EMxM5m0H6w00
<
Content-Type: application/xml
< Content-Length: 382
< Date: Sun, 17 Feb 2013 12:21:44 GMT

The token URL is:

http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/session/x7HXrLaHqyi9EMxM5m0H6w00

AUTHENTICATION STUFF
How to authenticate a user

Create the following XML file and call it "auth-me.xml":

&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;password&gt;
  &lt;value&gt;SECRET&lt;/value&gt;
&lt;/password&gt;

Issue the CURL command:

# curl -H "Accept: application/xml" -H "Content-Type: application/xml" -w "\nHTTP STATUS: %{http_code}\nTIME: %{time_total}\n" -X "POST" -v --basic -u "APP_USER:APP_PASSWD" -d @auth-me.xml http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/authentication?username=PIPO

CURL will return:
* About to connect() to 192.168.250.122 port 8095 (#0)
* Trying 192.168.250.122... connected
* Server auth using Basic with user 'APP_USER'
> POST /crowd/rest/usermanagement/latest/authentication?username=PIPO HTTP/1.1
> Authorization: Basic cGV0ZXIwMToucGV0ZXIu
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: 192.168.1.1:8095
> Accept: application/xml
> Content-Type: application/xml
> Content-Length: 83
>
* upload completely sent off: 83out of 83 bytes
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-Embedded-Crowd-Version: Crowd/2.5.2
< X-Crowd-User-Management-Version: 1.2
< Set-Cookie: JSESSIONID=EE45DAFC9FA310C77818FEC3F9837A29; Path=/crowd; HttpOnly
< Content-Type: application/xml
< Content-Length: 670
< Date: Sun, 17 Feb 2013 12:34:32 GMT
<
* Connection #0 to host 192.168.250.122 left intact

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><user name="PIPO" expand="attributes"><link rel="self" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user?username=PIPO"/><first-name>PIPO</first-name><last-name>simple user</last-name><display-name>PIPO simple user</display-name><email>pipo@example.com</email><password><link rel="edit" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user/password?username=PIPO"/></password><active>true</active><attributes><link rel="self" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user/attribute?username=PIPO"/></attributes></user>

HTTP STATUS: 200
TIME: 0.186
* Closing connection #0

NOTE: HTTP STATUS: 200 signals the authentication went well.

This is as far as I got. Now I need some way to interconnect this with the already established session of jira and confluence from that workspace, but that's still a bit vague to me.

There ain't something like Kerberos klist, which shows you your grants.

Work in progress, but this might help you gain a week or two of searching...

Have fun!

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Off-topic

Friday Fun: Virtual dance party!

Do dance parties help you relieve stress? How about *virtual dance parties*? My team holds virtual dance parties to brighten the mood of a tough day or celebrate an upcoming weekend.  Want t...

71 views 7 4
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you