-
15. Re: Passing username/password to webservice using from Teiid
sanjay_chaturvedi Apr 20, 2015 7:39 AM (in response to shawkins)Thankyou, could you please guid me with some example where sso token is being integerated before making any webservice call. Because that's what our requirement is.
-
16. Re: Passing username/password to webservice using from Teiid
rareddy Apr 20, 2015 2:55 PM (in response to sanjay_chaturvedi)Look at line 150-158 as to how it is being handled in the webservice call
-
17. Re: Passing username/password to webservice using from Teiid
sanjay_chaturvedi Apr 21, 2015 1:59 AM (in response to rareddy)So here am having two concerns:
1, They are not having anything sso related. Though they r attaching AUTHORIZATION header and we need to do something similar but:
2, we need to get sso token from "OUR service" first and then attaching sso token as header before making actual ds call i.e. invoke.
3. This class is final, so cannot override the behavior to plugin the code of calling sso service and then placing token as header before making actual call.
Any idea ?
Thanks.
-
18. Re: Passing username/password to webservice using from Teiid
rareddy Apr 21, 2015 9:32 AM (in response to sanjay_chaturvedi)To get a token from your service you need to write a "LoginModule" i mentioned before in this thread, where it negotiates a SSO header. You configure the login module aka "security-domain" in the data source configuration. If the class is final, you are welcome to submit us a patch that includes modifications that allow this.
For example login module see https://github.com/teiid/teiid/blob/master/jboss-security/src/main/java/org/teiid/jboss/oauth/OAuth20LoginModule.java
For configuration of security domain see Data Source Security - Teiid 8.11 (draft) - Project Documentation Editor and how it can be defined on data source configuration to be used in the case of SSO.
Ramesh..
-
19. Re: Passing username/password to webservice using from Teiid
sanjay_chaturvedi Apr 29, 2015 5:49 AM (in response to rareddy)Thanks for info Ramesh,
I agree that creating abstract login module will let you fetch username/password from security-domain and we can get sso token from our service.
But passing that sso token to ws connector and then adding that token in header is something which requires ws-connector to be changed i.e. final inner class
Will it be passing sso-token or credentials to ws connector? Before making a call we need to pass "sso-token" with actual token value as header just as it did with "Authorization"header.
One more question, can't I add this header in translator before actually calling invoke(ds) from BinaryWSProcedureExecution.
As I can extend this class to customize the behavior:
Inside execute method:
String ssotoken=getSSOToken("user","password","permission-area");
Map<String, List<String>> httpHeaders = (Map<String, List<String>>)dispatch.getRequestContext().get(MessageContext.HTTP_REQUEST_HEADERS);
httpHeaders.put("sso-token", Arrays.asList(new String[]{ssotoken}));
dispatch.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS, httpHeaders);
then
this.returnValue = dispatch.invoke(ds);
-
20. Re: Passing username/password to webservice using from Teiid
rareddy Apr 29, 2015 12:23 PM (in response to sanjay_chaturvedi)Sanjay,
For sure it would require the changes to the WS connector, to define a new security type in the ra.xml file and handling of it the connection class before invoke call is made. We are not opposed to changes, what I was saying before is, if you can work out the solution and contribute the solution to the Teiid, I am fine in accepting the contribution. Looks like you are making great progress.
Take look at the OAuth example I gave above, I suggest you follow the same pattern with yours to add the token or any other information needed to put together "authorization" header. We do not want mix the translator logic with connector logic thus the separation, and why we do not want to pass from translator.
Ramesh..
-
21. Re: Passing username/password to webservice using from Teiid
dajester2011 Apr 21, 2016 2:20 PM (in response to sanjay_chaturvedi)Sanjay,
Did you ever get this working? I'm needing to authenticate to SharePoint services, preferably through NTLM. For now I've enabled basic auth on the server to get the ball rolling, but I don't think I will have that luxury in a production environment. I did look at the Kerberos examples that Ramesh provided, and that was even more confusing.
-
22. Re: Passing username/password to webservice using from Teiid
rareddy Apr 22, 2016 6:42 PM (in response to dajester2011)I heard SharePoint 2010 also supports OData V2, if you have that option, that is another workaround to try as Teiid also has a OData V2 translator.