9 Replies Latest reply on Apr 10, 2013 8:57 AM by rschaller123

    SSO support for v3 API

      One of the things I do not have a good understanding of, is how the REST API plays with Authentication on SSO enabled systems.

      I know that the Outlook and Office Connectors use different endpoints for communication (and do seem to support SSO), so I'm wondering where that leaves us with the Core v3 API.

      Is it Basic Auth only, or can it work with SSO?

        • Re: SSO support for v3 API
          rschaller123

          This is mainly possible because of the Spring Filter mapping in the core product. The web-services and admin sections for example will be using basic authentication where as the rest of the application will be under the SSO filter.

           

          In a nutshell authentication is separate when SSO is enabled. Users will be using the site and normal functionality under SSO and more advanced webservices / admin remains in Basic Authentication.

           

          Let me know if that doesn't help clarify things.

            • Re: SSO support for v3 API

              Hey Ryan!

               

              That's what I suspected from the information I pieced together. Thanks for confirming it. I'm wondering how this will work in an SSO environment though. Users would not have a password that they can use for basic auth if their credentials came from SSO, unless the Jive system would be able to validate their credentials against and LDAP/AD system. Right?

                • Re: SSO support for v3 API
                  rschaller123

                  Hi Nils Heuer,

                   

                  I see, so your trying to allow them to invoke a web-service under the SSO context. Maybe easier to step back and talk more about what the end result. Did you want them to perform a specific task or site function?

                   

                  Ryan

                    • Re: SSO support for v3 API

                      So, we make a number of products that interact with Jive via webservices. The main one being our Social Connector for Notes (think Jive for Outlook....for Lotus Notes). In the past we have built specific plugins that provided specific webservices to Jive functionality for customers that had SSO for Jive and couldn't use basic auth.

                       

                      Currently we are thinking about two ways forward to get rid of the plugins:

                      • A solution similar to what Jive used for Jive for Outlook. I.e. Oauth support, which is provided by the Extended APIs plugin
                      • A way to consistently support basic auth for the standard core v3 web services even if the customer has SSO.
                        • Re: SSO support for v3 API
                          rschaller123

                          Right the same way the mobile invokes oauth.

                           

                          A custom plugin could do the trick where it leverages the same technology for Mobile and Jive for Outlook .

                           

                          You could have even a webservice on top of that and compare the oathpairing stored by jive for your against your users.

                           

                          Just a few thoughts off the top of my head

                            • Re: SSO support for v3 API
                              pradeepgm

                              Hi Ryan Schaller,

                               

                              How could we use oAuth for web services?

                               

                              In case of mobile, user generates the token from end user page and key it in mobile.

                               

                              Outlook/Office plugin - It opens up IE browser, authenticate the user and generates the token and saves it back.

                               

                              How could we achieve that with web services, since webservices means for silent auth.

                               

                              Also do you have any Jive API documentation which explains oAuth consumer registration with Jive (generating consumer key and secret) and user authentication process.

                               

                              Pradeep GM

                            • Re: SSO support for v3 API
                              pradeepgm

                              Hi Nils Heuer,

                               

                              "In the past we have built specific plugins that provided specific webservices to Jive functionality for customers that had SSO for Jive and couldn't use basic auth"


                              We are in a similar position and using SAML2.0 for SSO authentication. Now we have a requirement to support web services. Could you please let me know how can we achieve web services support on SSO enabled instances. We don't want to use a single username/password for all service calls, we don't want the user to key in username/password either. Please help

                               

                              Also some information about oAuth would be of great help.

                               

                              Pradeep GM