3 Replies Latest reply on Nov 11, 2013 10:09 AM by rareddy

    How to consume OAuth/SAML authenticated web service in Teiid

    tanmoypalit
    tanmoypalit Oct 31, 2013 9:31 AM

      Is there anyway to consume a OAuth/SAML authenticated REST/SOAP service in Teiid?

      • 399 Views
      • Tags:
        • 1. Re: How to consume OAuth/SAML authenticated web service in Teiid
          rareddy
          rareddy Oct 31, 2013 11:38 AM (in response to tanmoypalit)

          Teiid uses Apache CXF for 2.6.6 version for its web service interactions. Per http://cxf.apache.org/docs/security.html OAuth 1.0 and SAML are both supported.  For this work you would need to configure CXF configuration files as defined in Web Service Data Sources. I believe OAuth only works with REST (anybody correct me if I am wrong)

           

          In Teiid 8.4 we also started supporting pass-though security for SAML for SOAP based webservices, but again this is in early testing stage may need more tweaks.

           

          If you test your scenarios, please do post your configuration files for others.

           

          Ramesh..

            • Actions
          • 2. Re: How to consume OAuth/SAML authenticated web service in Teiid
            tanmoypalit
            tanmoypalit Nov 11, 2013 9:06 AM (in response to rareddy)

            Instead of creating a new question, I think I should continue this one. Actually I have requirement of consuming a REST service from Office 365 SharePoint which has a complex security model.

            After some work I was able to create a REST web service and deployed in EAP which silently performs the security authentication using the steps defined in http://allthatjs.com/2012/03/28/remote-authentication-in-sharepoint-online/ and provides the response XML. This new EAP published web service can then be consumed in Teiid very easily.

             

            For now this is fine. But my next step is to create a custom connector which will be capable of performing the security authentication. As this will be a new thing for me, any help will be appreciated. The authentication steps are very well documented in the above link.

             

            Regards

            Tanmoy

              • Actions
            • 3. Re: How to consume OAuth/SAML authenticated web service in Teiid
              rareddy
              rareddy Nov 11, 2013 10:09 AM (in response to tanmoypalit)

              Tanmoy,

               

              You would need to write custom security domain and use libraries from from Apache CXF or Picketlink for SAML authentication. The use this security-domain, as your data source security domain, where you define the <security-domain> in -ds.xml file. However, you would still need to extend the "web services" resource adapter, and modify it accept the pass the security credentials you negotiated in previous step, to send along with http call that is made in "web services" resource adapter. Now that is the work flow that should be followed. It is little involved, in my experience with different versions of libraries it could cumbersome.

               

              In [TEIID-2462] WS-Security payload flow through "ws" resource adapter we made some progress in this area, but this only available in Teiid 8 or Redhat's DV6. Even there you would need custom security domain. This JIRA involved SOAP based services, I have to double check the support for REST based services.


              Note that all the above is *only* needed when you want custom security model based on the subject logged into the system. Otherwise for static/common security model, you should be able configure cxf property files.


              Ramesh..

                • Actions