How to use Rest API to authenticate for custom applications on CROWD

Hi,

We want to integrate Crowd SSO for our custom applications. I am exploring CROWD standalone application for testing purpose. Can anyone please tell me how i make authentication of custom application using Crowd and do i need to use JAVA API for this or REST API.

I am also having problem to call the rest API method whenever I hit the URL it prompt the user name password and if i give admin user credentials or any other user it failed to authenticate and not work.

Please help me on that.

Thanks

1 answer

1 accepted

3 votes
Accepted answer

Hi Norman,

I am also facing this adventure: Seems like CROWD and REST is quite suitable for authenticating users in a browser, but outside the browser becomes an adventure.

Basically, you need the token that CROWD has issued to the browser-client and WEB-applications store as a cookie. Outside the webbrowser, I am currently in the dark how to retrieve that already issued token to be used as your authentication for a non-web browser based application.

To give you a headstart on the REST API:

First create an application in CROWD. The user name, password and IP-address we'll be using lateron, the URL I found not relevant (currently)

The username/password will be used to do webpage authentication with.

The simplest test can be done right from your browser!

Enter in you browser:

http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/search?entity-type=user

When prompted username/password, enter the u/p defined as the APPLICATION in Crowd and you'll receive an XML page with all the users defined in Crowd.

http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/user?username=John+Smith&expand=attributes

will show details and attributes/values of user "John Smith"

For more sophisticated interaction with CROWD through REST, you will need to use the Linux application CURL (also available for Windows somewhere)

This will allow you to POST as well, actually changing password and so.

SESSION stuff
To obtain a token for user PIPO, create the following XML file and name it "get-token.xml":

<?xml version="1.0" encoding="UTF-8"?>
<authentication-context>
  <username>PIPO</username>
  <password>secret</password>
  <validation-factors>
    <validation-factor>
      <name>remote_address</name>
      <value>192.168.1.1</value>
    </validation-factor>
  </validation-factors>
</authentication-context>



Now issue the CURL command:

# curl -H "Accept: application/xml" -H "Content-Type: application/xml" -w "\nHTTP STATUS: %{http_code}\nTIME: %{time_total}\n" -X "POST" -v --basic -u "APP_USER:APP_PASSWD" -d @get-token.xml "http://192.168.1.1:8095/crowd/rest/usermanagement/latest/session"

CURL will return:
* upload completely sent off: 308out of 308 bytes
< HTTP/1.1 201 Created
< Server: Apache-Coyote/1.1
< X-Embedded-Crowd-Version: Crowd/2.5.2
< X-Crowd-User-Management-Version: 1.2
< Set-Cookie: JSESSIONID=1374917674DE24CA79348385CE1C0470; Path=/crowd; HttpOnly
< Cache-Control: no-cache, no-store, no-transform
< Location: http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/session/x7HXrLaHqyi9EMxM5m0H6w00
<
Content-Type: application/xml
< Content-Length: 382
< Date: Sun, 17 Feb 2013 12:21:44 GMT

The token URL is:

http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/session/x7HXrLaHqyi9EMxM5m0H6w00

AUTHENTICATION STUFF
How to authenticate a user

Create the following XML file and call it "auth-me.xml":

&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;password&gt;
  &lt;value&gt;SECRET&lt;/value&gt;
&lt;/password&gt;

Issue the CURL command:

# curl -H "Accept: application/xml" -H "Content-Type: application/xml" -w "\nHTTP STATUS: %{http_code}\nTIME: %{time_total}\n" -X "POST" -v --basic -u "APP_USER:APP_PASSWD" -d @auth-me.xml http://[CROWD_SERVER]:8095/crowd/rest/usermanagement/latest/authentication?username=PIPO

CURL will return:
* About to connect() to 192.168.250.122 port 8095 (#0)
* Trying 192.168.250.122... connected
* Server auth using Basic with user 'APP_USER'
> POST /crowd/rest/usermanagement/latest/authentication?username=PIPO HTTP/1.1
> Authorization: Basic cGV0ZXIwMToucGV0ZXIu
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: 192.168.1.1:8095
> Accept: application/xml
> Content-Type: application/xml
> Content-Length: 83
>
* upload completely sent off: 83out of 83 bytes
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-Embedded-Crowd-Version: Crowd/2.5.2
< X-Crowd-User-Management-Version: 1.2
< Set-Cookie: JSESSIONID=EE45DAFC9FA310C77818FEC3F9837A29; Path=/crowd; HttpOnly
< Content-Type: application/xml
< Content-Length: 670
< Date: Sun, 17 Feb 2013 12:34:32 GMT
<
* Connection #0 to host 192.168.250.122 left intact

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><user name="PIPO" expand="attributes"><link rel="self" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user?username=PIPO"/><first-name>PIPO</first-name><last-name>simple user</last-name><display-name>PIPO simple user</display-name><email>pipo@example.com</email><password><link rel="edit" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user/password?username=PIPO"/></password><active>true</active><attributes><link rel="self" href="http://192.168.1.1:8095/crowd/rest/usermanagement/latest/user/attribute?username=PIPO"/></attributes></user>

HTTP STATUS: 200
TIME: 0.186
* Closing connection #0

NOTE: HTTP STATUS: 200 signals the authentication went well.

This is as far as I got. Now I need some way to interconnect this with the already established session of jira and confluence from that workspace, but that's still a bit vague to me.

There ain't something like Kerberos klist, which shows you your grants.

Work in progress, but this might help you gain a week or two of searching...

Have fun!

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in Canada

Happy New Year - First AUG of the year - great success

Hi Everyone, Hope everyone had a great holiday season and is ready for an exciting 2019.  We had our first AUG last night featuring Tempo Timesheets.  A great presentation and lots of int...

18 views 0 1
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you