Discussion:
TDI - ISIM REST API example with working auth
(too old to reply)
b***@bengtlord.se
2016-03-24 09:26:27 UTC
Permalink
Raw Message
Hi

Looking for a working example of how to use the ISIM REST API from within TDI 7.1.1.

Background:
I know how to use the TDI and I can use the REST API from a normal browser. We have a lot of TDI assembly lines which is using the older WS API. We would like to move away from the WS API and start using the REST instead.

My lack of knowledge regarding the HTTP connector and the REST API give me the following problems:

- The HTTP connector does not seem to understand a "redirect" nor handle "sessions" like a normal web browser do and I do understand the HTTP connector is not a "web browser". When trying to retrieve data through a HTTP GET http://<host>:<port>/itim/rest/people?uid=xxx as an "unauthenticated" request i get redirected to the logon URL and then I get stuck because i don't succeed in using the session data in another connector actually doing the data retrieval as authenticated.
Question - How do I solve the redirect and authentication required by the ISIM REST API from within the TDI?

- Can I solve this with one HTTP connector or do I need to use two? One for the auth and one for the data retrieval.


- I guess I can solve this by using a custom java class implementing the auth and session handling from within TDI but I would like to avoid building such "extension" if possible. There must be some TDI HTTP connector based solution on this?

Thanks in advance
Bengt Lord
Eddie Hartman
2016-03-24 18:29:28 UTC
Permalink
Raw Message
Post by b***@bengtlord.se
Hi
Looking for a working example of how to use the ISIM REST API from within TDI 7.1.1.
I know how to use the TDI and I can use the REST API from a normal browser. We have a lot of TDI assembly lines which is using the older WS API. We would like to move away from the WS API and start using the REST instead.
- The HTTP connector does not seem to understand a "redirect" nor handle "sessions" like a normal web browser do and I do understand the HTTP connector is not a "web browser". When trying to retrieve data through a HTTP GET http://<host>:<port>/itim/rest/people?uid=xxx as an "unauthenticated" request i get redirected to the logon URL and then I get stuck because i don't succeed in using the session data in another connector actually doing the data retrieval as authenticated.
Question - How do I solve the redirect and authentication required by the ISIM REST API from within the TDI?
- Can I solve this with one HTTP connector or do I need to use two? One for the auth and one for the data retrieval.
- I guess I can solve this by using a custom java class implementing the auth and session handling from within TDI but I would like to avoid building such "extension" if possible. There must be some TDI HTTP connector based solution on this?
Thanks in advance
Bengt Lord
Yes, the HTTP Client Connector is a bit dumb, Bengt. You need to handle re-direct yourself (checking the return code), and grab cookies in headers, and set them yourself in outgoing headers. I do this by using the Connector in CallReply mode, and using the Output Map to set up all my http headers:

Attribute Name Assignment
"http.SpecialHeader" return "xxxxxxxxx"

So doing stuff like OAuth requires a bit of your own legwork. If you look in some of the scripted connectors included with TDI (e.g. QRadar or ISIM Connectors) you'll see how this can be done entirely from script: loading the HTTP Client, setting parameters, initializing and making calls.

Break a leg!
-Eddie
p***@gmail.com
2016-05-31 14:49:05 UTC
Permalink
Raw Message
Post by Eddie Hartman
Post by b***@bengtlord.se
Hi
Looking for a working example of how to use the ISIM REST API from within TDI 7.1.1.
I know how to use the TDI and I can use the REST API from a normal browser. We have a lot of TDI assembly lines which is using the older WS API. We would like to move away from the WS API and start using the REST instead.
- The HTTP connector does not seem to understand a "redirect" nor handle "sessions" like a normal web browser do and I do understand the HTTP connector is not a "web browser". When trying to retrieve data through a HTTP GET http://<host>:<port>/itim/rest/people?uid=xxx as an "unauthenticated" request i get redirected to the logon URL and then I get stuck because i don't succeed in using the session data in another connector actually doing the data retrieval as authenticated.
Question - How do I solve the redirect and authentication required by the ISIM REST API from within the TDI?
- Can I solve this with one HTTP connector or do I need to use two? One for the auth and one for the data retrieval.
- I guess I can solve this by using a custom java class implementing the auth and session handling from within TDI but I would like to avoid building such "extension" if possible. There must be some TDI HTTP connector based solution on this?
Thanks in advance
Bengt Lord
Attribute Name Assignment
"http.SpecialHeader" return "xxxxxxxxx"
So doing stuff like OAuth requires a bit of your own legwork. If you look in some of the scripted connectors included with TDI (e.g. QRadar or ISIM Connectors) you'll see how this can be done entirely from script: loading the HTTP Client, setting parameters, initializing and making calls.
Break a leg!
-Eddie
Eddie , where can i find the Qradar and ISIM connectors to look at their code/script? I have a similar use case to establish an Oauth session with Salesforce and pass in some parameters to the initial POST call ( client_id, username , password, grant type and client_secret. I am using an HTTP client connector for this in call/reply mode and setting the http.body in the output map like this:

var oauth_string1 = "grant_type=password&client_id=xxxxxx1&username=";
var oauth_string2 ="&password=xxxxxx";
var uid = java.net.URLEncoder.encode("xxxxxx","UTF-8");
var httpBody=oauth_string1 + uid + oauth_string2;
return httpBody;


However when i run my AL, it keeps rejecting the initial login and saying grant_type_not supported. I checked some java code that does a similar oauth login to SFDC and it is doing something very similar although all java so hard to correlate exactly to TDI.

Is the javascript above the right way to pass POST parameters to a WS endpoint for authenticaiton? it seems I might not be passing the parms entirely correctly is why the login is getting rejected.
Eddie Hartman
2016-05-31 19:48:35 UTC
Permalink
Raw Message
Post by p***@gmail.com
Post by Eddie Hartman
Post by b***@bengtlord.se
Hi
Looking for a working example of how to use the ISIM REST API from within TDI 7.1.1.
I know how to use the TDI and I can use the REST API from a normal browser. We have a lot of TDI assembly lines which is using the older WS API. We would like to move away from the WS API and start using the REST instead.
- The HTTP connector does not seem to understand a "redirect" nor handle "sessions" like a normal web browser do and I do understand the HTTP connector is not a "web browser". When trying to retrieve data through a HTTP GET http://<host>:<port>/itim/rest/people?uid=xxx as an "unauthenticated" request i get redirected to the logon URL and then I get stuck because i don't succeed in using the session data in another connector actually doing the data retrieval as authenticated.
Question - How do I solve the redirect and authentication required by the ISIM REST API from within the TDI?
- Can I solve this with one HTTP connector or do I need to use two? One for the auth and one for the data retrieval.
- I guess I can solve this by using a custom java class implementing the auth and session handling from within TDI but I would like to avoid building such "extension" if possible. There must be some TDI HTTP connector based solution on this?
Thanks in advance
Bengt Lord
Attribute Name Assignment
"http.SpecialHeader" return "xxxxxxxxx"
So doing stuff like OAuth requires a bit of your own legwork. If you look in some of the scripted connectors included with TDI (e.g. QRadar or ISIM Connectors) you'll see how this can be done entirely from script: loading the HTTP Client, setting parameters, initializing and making calls.
Break a leg!
-Eddie
var oauth_string1 = "grant_type=password&client_id=xxxxxx1&username=";
var oauth_string2 ="&password=xxxxxx";
var uid = java.net.URLEncoder.encode("xxxxxx","UTF-8");
var httpBody=oauth_string1 + uid + oauth_string2;
return httpBody;
However when i run my AL, it keeps rejecting the initial login and saying grant_type_not supported. I checked some java code that does a similar oauth login to SFDC and it is doing something very similar although all java so hard to correlate exactly to TDI.
Is the javascript above the right way to pass POST parameters to a WS endpoint for authenticaiton? it seems I might not be passing the parms entirely correctly is why the login is getting rejected.
What you need is the Guardium Connector. It uses OAuth. As with all Scripted Connectors, look under the Connections tab 'Advanced' section for the 'Edit Script' button. This will give you access to the source. You can also step through the script in the Debugger.

https://ibm.biz/Bd4Qf6

Enjoy!
rpuggal
2016-05-31 19:56:41 UTC
Permalink
Raw Message
Eddie thanks will check it out. I see it installed as a connector in SDI !
s***@gmail.com
2016-08-22 14:02:06 UTC
Permalink
Raw Message
Hi Bengt,

We are also looking for the example of TDI HttpClient connection to use ISIM Rest APi over ssl.

Can you please share some information if you have already managed to build one.

Regards,
Dave
g***@gmail.com
2017-01-19 13:47:33 UTC
Permalink
Raw Message
Post by s***@gmail.com
Hi Bengt,
We are also looking for the example of TDI HttpClient connection to use ISIM Rest APi over ssl.
Can you please share some information if you have already managed to build one.
Regards,
Dave
Was anybody able to call the API over SSL.
I am able to call the rest apis for delete but not for create/modify as it requires payload and am getting 400 error.
If anybody has working code for creating/modifying a user/policy/anything please share .
Thanks
Gaurav
Eddie Hartman
2017-01-19 18:51:42 UTC
Permalink
Raw Message
Post by g***@gmail.com
Post by s***@gmail.com
Hi Bengt,
We are also looking for the example of TDI HttpClient connection to use ISIM Rest APi over ssl.
Can you please share some information if you have already managed to build one.
Regards,
Dave
Was anybody able to call the API over SSL.
I am able to call the rest apis for delete but not for create/modify as it requires payload and am getting 400 error.
If anybody has working code for creating/modifying a user/policy/anything please share .
Thanks
Gaurav
If you have the latest FPs for 7.1.1, or you have 7.2 (FP2) then you have the ISAM v2 Connector. Although it's a jar-file under jars/connectors in the install folder, it's still a scripted Connector. So this means if you debug an AL that contains it, you can step through the script itself and see how it works. You can also view the script under the Advanced tab. Yeah, it's not the ISIM API, but still - more learning materials :)
Loading...