How to setup the HTTP API for session verification (get userID and authentication method)
Prerequisites
- PAS 2.7 installed
- Authenticator(s) pipe must store authentication method (session property auth_method) and userid (session property userid) in session. This is configured by adding these valves:
- SessionLoadValve
- SessionPropertyAddValve
- SessionPersistValve
Consult the valves documentation for usage examples.
Authentication
It is recommended to add authentication to the API. These authentication methods are supported:
- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.
- Basic authentication
Add valves to the pipes to perform basic authentication verification.
Add local http-api module
- Login to configuration manager
- Click the Advanced tab
- Open Modules (click on the pen)
- Add this module (if module is already added, only add tenant and/or allowedOperation):
{
"module": "com.phenixidentity~phenix-api-authenticate",
"enabled": "true",
"config": {
"tenant": [
{
"id": "t1",
"displayName": "Tenant1",
"allowedOperation": [
"verifyUser"
]
}
]
},
"id": "authapi_module"
}
- Click Stage Changes and Commit Changes
- Open NODE_GROUPS (click on the pen)
- Add id of the newly added module to module_refs. Example below. (You can skip this step if the module was already added)
{
"name": "WIN-DHB3ICNDG4E",
"description": "Default node (created automatically)",
"config": {
"module_refs": "authapi_module,sealapp,signapp_1,......"
},
"created": "2017-07-03T11:38:03.135Z",
"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
"modified": "2017-07-03T14:39:43.257Z"
}
- Click Stage Changes and Commit Changes
Add pipes to fetch authentication method and userid
In this example, no client certificate is used. Please read the Valves documentation on how to configure a client certificate to the pipe.
- Click the Advanced tab
- Open Pipes (click on the pen)
- Add this pipe.
{
"id": "verifyUser",
"valves": [
{
"name": "ItemCreateValve",
"config": {
"dest_id": "item"
}
},
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.access_token}}"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "userid",
"value": "{{session.userid}}"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "auth_method",
"value": "{{session.auth_method}}"
}
}
]
}
- Click Stage Changes and Commit Changes
Test
Use a HTTP rest client for testing and debugging. Follow the document Using HTTP API for session verification (get userID and authentication method) to structure the HTTP requests properly.