Questions Tagged With authentication

REST API and JSESSIONID

Stelt0 — Mon, 30 Sep 2019 03:58:26 -0400

Hi Ivy Team,

Is there a way to get the JSESSIONID (or the whole cookie itself) of the logged in user ?

I want to build a rest method which is authenticating the user. I need to return the cookie, so that next requests are authenticated

BR, Yordan

Calling NTLM protected REST service with SSO

peters — Mon, 08 Oct 2018 05:45:55 -0400

In Ivy 7.1, is it possible to call a NTLM protected web service using the logged in user (therefore not configuring user/password in the REST client)?

How to verify username/password of user without logging in?

trungdv — Thu, 01 Feb 2018 06:00:58 -0500

Hi all

Normally when we want to check whether user is authenticated ivy user or not, we use this api:

Ivy.session().loginSessionUser(userName, password)

But this api will also change the current login user to new one.

Is there any other api to verify user/pass without logout current user?

Because my process is an ivy webservice then it's run with system permission, if i use above api to verify another user it will throw exception that i can't logout of system user.

Thanks

Can i turn on/off webservice authentication programmatically

trungdv — Thu, 01 Feb 2018 03:06:57 -0500

Hi all

We have a webservice which implemented on ivy. This service serve for many customer. As default it required basic-auth. Now some of customers dont want to be authenticated when calling it, so we intend to introduce the global var where admin can allow to turn on/off this feature.

Can we go with that way and how to turn off/on this authentication type programmatically?

Thanks

REST token authentication

Marco Klauenbösch — Mon, 23 Oct 2017 10:08:48 -0400

We’ve been setting up a REST client but failed at configure the authentication. The API requires you to authenticate with a token.

The documentation of the API tells you to pass the token through the «Authorization» header with its value being for example «Token: d2f763479f703d80de0ec15254237bc651f9cdc0». Doing this in the REST Client Activity element wasn’t successfully.

So, what’s the correct way to pass the token to the API for authentication

How to set information for logon IUser without permanently store to system?

thienqh — Tue, 25 Apr 2017 23:47:53 -0400

Hi,

I would like to implement a function to allow all user to share 1 common account for authenticating. That mean a user will have a token, storing his information such as Full Name, Email Address, etc. and he will use this token to login with the common account

IUser user = Ivy.session().getSecurityContext().findUser(COMMON_ACCOUNT);

To specify the information of logon user, I will use information from token.

user.setFullName(token.getFullName());
user.setEmailAddress(token.getEmailAddress());

I only want these information temporary store in the session, and would be wiped out after user logout. But, by calling these IUser APIs, these information are persisted to system. Is there any good way to do that? Thanks

Is there something managing user concurrent sessions?

RemiMorin — Fri, 09 Dec 2016 21:54:58 -0500

We need to implement a security enabling a user to be logged only in one session. We will either prevent him to log twice or kill any other session on login.

Is there already something to support that (aka sessiob listener or session filter).

Does AXon ivy support Login Register forms (register,forgot password,login) ?

AsilAbuHasan — Wed, 26 Oct 2016 09:34:54 -0400

hello,,,

i would like to know how Axon ivy do the encryption , Authentication for login form and register ? is there Already built in component or let us say is best practice or guide to do this in right short way ?

Thank you,,

Login page on Process Start with http-request link and 'Only wf users' set to true

tiago — Thu, 15 Oct 2015 10:37:30 -0400

Is there a way to configure a process start with a http link to show the login page if the caller is not logged in?

I defined the JsfWorkflowUi as 'Default Pages Implementor' but this didn't worked. Creating a process with a DefaultLoginPage.ivp start step didn't worked to.

Do I need to catch the 'Role Violation Exception' and redirect to a login page?

How to connect To SystemDB using Windows-Authentification

Alexis — Wed, 05 Aug 2015 14:35:29 -0400

How do I connect to Ivy System DB using the Windows-Authentification?

SSO on Apache: not logged in to Ivy but in tomcat?

Alexis — Wed, 13 May 2015 09:04:14 -0400

Hello Ivy-Comunity!

When logged in to Apache (and to Tomcat) the User is not taken by Ivy.

In a testing environment I have the following constellation:

Linux environment with Ivy 5.1.3 attached to AD
Apache Server with Kerberos Login attached to the same AD
Ajp-Connector to Ivy-Tomcat
A jsp testing Page in the Ivy-Environment (applicationHome on the Application-wf-Page)

So this Page shows me by asking request.getRemoteUser() that this User is logged in: Hans.Tester@TESTENV.LOCAL and a HTTP Session request.getSession().getId(). But getting the Ivy-User by ivySession.getSessionUser() returns null. Except when Logged in manualy the result Hans.Tester for the Ivy-Session.

So why is that? Or how can I make shure, that the Session is taken correctly by ivy?

First guess is, that the username comes with the Environment (TESTENV.LOCAL). If it is the Issue, how to shut that down?

With further investigation I found out more:

In a Windows-Environment under IIS the UserName of the Tomcat-Session is in this format: TESTENV\Alexis.Suter
The Ivy-Session is not saved into Tomcat-request. (When only logging in to Ivy)

Thanks in advance!

How can I call a secured 'Web Service Process' with a 'Web Service Call Element'

Dominik Regli — Thu, 04 Sep 2014 10:29:18 -0400

I want to provide a secured 'Web Service Process' (means, that it requires username and password) and call this 'Web Service Process' with a 'Web Service Call Element'?

Simply checking 'HTTP Basic' as authentication method on both (WS Process and WS Call) seems not to work.

Change Server Configuration From SQL Server Authetication to Windows Authentication

ralfraeber — Wed, 02 Jul 2014 10:27:54 -0400

Hello How can I change the login method in the Server Configuration from SQL Server Authentication to a Windows Server Account? I tried in User Name Domain\user, user@Domain.wan and Domain.wan\user. Every Method was without success. Thank's for your help Ralf

How to authenticate a user that is provided by a Single Sign On (SSO) proxy.

ahatius — Sat, 25 Jan 2014 15:28:14 -0500

We've got a SSO-Proxy for most of our web applications. I'd like to make use of the SSO-Proxy instead of requiring the user to login with his Windows credentials.

I've figured out how I can read the HTTP header containing the user-id. Now I'd like to authenticate as this user, but all provided methods require a password. Is there anyway I can authenticate a user only by his user-id?

This is what I've got to get the user-id:

package ch.company.ivy.security;

import java.util.Map;

import javax.faces.context.FacesContext;

public class Auth {
    Map<String, String> headers;
    String userId;

    public Auth() {
        headers = FacesContext.getCurrentInstance().getExternalContext().getRequestHeaderMap();
        userId = headers.get("UID").toString();
    }

    public String getUserId() {
        return this.userId;
    }
}

How can we change authentication scope?

anphunl — Wed, 15 Jan 2014 11:10:28 -0500

Panda team is developing a Web application to change the configuration of Ivy server.

We are creating the login step, so that just the Ivy Admin can access our page. Could you please tell us how to authenticate with the Ivy Administrator account (like the picture at the bottom)

Panda team tried to do :

public static AuthenticationException login(ISession session, String userName, String password) throws PersistencyException
{
    try
    {
        session.authenticateSessionUser(userName, new Password(password));
        return null;
    }
    catch(AuthenticationException ex)
    {
        return ex;
    }
}

The result is we just can login with the accounts (IUser) of our application, not the account to manage the server.

Please help us. Thank you very much

Is it possible to authentication an application user like a system administrator?

toantp — Wed, 15 Jan 2014 08:54:25 -0500

Hi there when I user method session.authenticateSessionUser like the way dialog login administrator used , I just authentication all user in this Application , can't found admin user of all Application the sample : when I setup Ivy server I create a user admin to login administrator (admin/admin) , but when I call session.authenticateSessionUser at my application in server I can't found admin user do we have a way to authenticate that user ? thanks a lot