Single Point of Authentication and Rollbase

Posted by coates_aj on 25-Nov-2014 04:33

Hi,

I am trying to set up SPA with a private cloud installation of Rollbase 3.0.2.0. Firstly I have an OE Realm service which has been created using OE 11.3, and I believe to be set up correctly for SPA.

Within Rollbase I have changed the authentication settings to use authentication type OpenEdge, tested and saved ok. When I log into Rollbase I can see that the OE Realm appserver is being used successfully for authentication. So all seems good so far.


The problem comes when I try to create an Object based on an external OpenEdge Service. For the credentials I choose "Use Current User (if OpenEdge Authentication is enabled)".

When I try to view a list of records the grid just displays: "Error: Unauthorized", and within the Rollbase console the following message appears:

- basic authentication scheme selected
- No credentials available for BASIC 'REST Application'@localhost:8980

I don't really understand why I am getting this message as I selected "Use Current User" not "basic authentication".


The external OpenEdge REST service was also created using OpenEdge 11.3, and I believe it to be configured correctly for SPA. If I use my browser to go directly to the URL then I am prompted for a user name and password. I can also see this Username/Password is being authenticated against my OE Realm Service before some JSON is returned as expected.

Does anyone have any idea what I'm missing to be able to get this REST service functioning, within Rollbase, using the current user?

Thanks

Any suggestions welcome

https://www.youtube.com/watch?v=Hdko-w5Cfzo#sthash.8zXCYTNa.dpuf

All Replies

Posted by Bill Wood on 25-Nov-2014 04:39
Which 11.3.x service pack are you using? To use the OpenEdge Authentication SPA from Rollbase to create the authentication token for OpenEdge Service Objects, then you need to configure the REST adapter on OpenEdge to be able to take a Client-Principal in the HTTP Headers.

This is a feature of the REST Adapter in OpenEdge that was not added until OpenEdge 11.4. (However it was back ported to the 11.3.3 service pack).

This may be your problem. =
Posted by Bill Wood on 25-Nov-2014 06:13
To answer one of your detailed questions…
:
>>   - basic authentication scheme selected
>>   - No credentials available for BASIC 'REST Application'@localhost:8980
>>   
>>   I don't really understand why I am getting this message as I selected "Use Current User" not "basic authentication".
You selected “Use Current User” in Rollbase.
I believe this error is generated from the HTTP Request on the Server (in OpenEdge REST Adapter) which is configured to use BASIC-AUTH.
 
You further say that you CAN access the REST Adapter in OpenEdge from the Browser and it asks for the Username/Password.   This indicates that you do have the REST Adapter configured for BASIC-AUTH.
 
In 11.4 and 11.3.3, you can configure the REST Adapter to use a Sealed Client-Principal created in Rollbase and passed to the REST Adapter to authorize traffic.   This will NOT require an explicit Username/Password, and if you configure it to use the Client-Principal, then you would NOT be able to login to the REST Service with simple user/pwd.
This thread is closed