Change REST base URL on the fly

Hi

I need to connect a REST driver to two different endpoints. One endpoint is the actual application where the users are created.
The other endpoint is where I fetch a session token to use when i want to communicate with the application.

According to the documentation it should be possible to have a url parameter in the operation data, but it does not seems to be used.
<request method="put" url="">172.16.0.0:XXXX/.../rest123">


Trace example, where the url parameter gets appended the base url.
[09/26/17 15:56:23.672]:SensumSSOTest ST:            Submitting document to subscriber shim:
[09/26/17 15:56:23.672]:SensumSSOTest ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<driver-operation-data class-name="Token" command="query" event-id="0" src-dn="">
<request method="POST" url="">https://THISISAUTHSITE">
<url-token/>
<header Accept="application/json" X-Version="1" content-type="application/json;charset=UTF-8"/>
<value>{}</value>
</request>
</driver-operation-data>
</input>
</nds>
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: sub-execute
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: queryHandler
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: queryHandler: class-name == 'Token'
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: Query: preparing POST to THISISAPPSITE/.../sessions
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: Setting the following HTTP request properties:
Authorization: <content suppressed>
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: content-type:application/json;charset=UTF-8
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: Accept:application/json
[09/26/17 15:56:23.673]:SensumSSOTest ST: SensumSSOTest: X-Version:1


Have tried with https:// in base url and then the rest of the url on the different resources, but that does not work either. The call actually seems ok.

  <source>
<product edition="Advanced" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<driver-operation-data class-name="Token" command="query" event-id="0" src-dn="">
<request method="post" url="">THISISAUTHSITE/.../sessions">
<url-token/>
<header Accept="application/json" X-Version="1" content-type="application/json;charset=UTF-8"/>
<value>{}</value>
</request>
</driver-operation-data>
</input>
</nds>
[09/26/17 14:31:18.304]:SensumSSOTest ST: SensumSSOTest: sub-execute
[09/26/17 14:31:18.304]:SensumSSOTest ST: SensumSSOTest: queryHandler
[09/26/17 14:31:18.304]:SensumSSOTest ST: SensumSSOTest: queryHandler: class-name == 'Token'
[09/26/17 14:31:18.304]:SensumSSOTest ST: SensumSSOTest: Query: preparing POST to THISISAUTHSITE/.../sessions
[09/26/17 14:31:18.305]:SensumSSOTest ST: SensumSSOTest: Setting the following HTTP request properties:
Authorization: <content suppressed>
[09/26/17 14:31:18.305]:SensumSSOTest ST: SensumSSOTest: content-type:application/json;charset=UTF-8
[09/26/17 14:31:18.305]:SensumSSOTest ST: SensumSSOTest: Accept:application/json
[09/26/17 14:31:18.305]:SensumSSOTest ST: SensumSSOTest: X-Version:1
[09/26/17 14:31:18.305]:SensumSSOTest ST: SubscriptionShim.execute() returned:
[09/26/17 14:31:18.306]:SensumSSOTest ST:
<nds dtdversion="3.0">
<source>
<product build="20170208_1048" version="1.0.0.1">Identity Manager REST Driver</product>
<contact>NetIQ Corporation.</contact>
</source>
<output>
<status event-id="0" level="fatal" type="app-authentication">ClientProtocolException: URI does not specify a valid host name: https:/</status>


Has anyone tried something similar ?

/Kristoffer
Parents
  • On 26.09.2017 21:04, kristoffer wrote:
    > I need to connect a REST driver to two different endpoints. One endpoint
    > is the actual application where the users are created.
    > The other endpoint is where I fetch a session token to use when i want
    > to communicate with the application.


    Does that token service implement OAuth 2 by chance? You could then use
    the build-in OAuth support of the driver.

    --
    Norbert
  • klasen;2467012 wrote:


    Does that token service implement OAuth 2 by chance? You could then use
    the build-in OAuth support of the driver.


    No, just a normal basic authentication endpoint which returns a token that I use as a header parameter when I call the application.
    I actually have 7 different application endpoints and one authentication endpoint which gives out tokens to all the application endpoints.
    I will build 7 almost identical drivers.

    So if the REST driver wont allow another base url my next attempts will be:

    An extra Auth driver which I can inject with a query when i need a token from some of the application drivers.
    Build some Ecma script to help out.
    Build a External jar.

    /Kristoffer
  • kristoffer;2467014 wrote:

    An extra Auth driver which I can inject with a query when i need a token from some of the application drivers.


    Got this working, but it seems that the REST driver caches some header information on a retry, so when my token expires and I fetch a new one it will not be used.
    Will test a bit more. Maybe a policy retry and not "http error code engine retry" will make a difference.

    Example of the new SESSION header not being used.
    <input>
    <driver-operation-data class-name="wsapi/workfunctions" command="query" event-id="0" src-dn="">
    <request>
    <url-token/>
    <header Accept="application/json" SESSION="20c791f8-15c7-40c3-a7fd-7cf16b5fe7cb" X-Version="2" content-type="application/json;charset=UTF-8"/>
    <value>{}</value>
    </request>
    </driver-operation-data>
    </input>
    </nds>
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: sub-execute
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: queryHandler
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: queryHandler: class-name == 'wsapi/workfunctions'
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Query: preparing GET to https://ANONYMIZED
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Setting the following HTTP request properties:
    Authorization: <content suppressed>
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: content-type:application/json;charset=UTF-8
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Accept:application/json
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: SESSION:e30eac52-22ce-4cf2-b7f1-860dd8cb1043
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: X-Version:2
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Did a HTTP GET with 0 bytes of data to https://ANONYMIZED
    [09/28/17 07:52:23.728]:SensumSSOTest ST: SensumSSOTest: Response code and message: 401 Unauthorized


    /Kristoffer
Reply
  • kristoffer;2467014 wrote:

    An extra Auth driver which I can inject with a query when i need a token from some of the application drivers.


    Got this working, but it seems that the REST driver caches some header information on a retry, so when my token expires and I fetch a new one it will not be used.
    Will test a bit more. Maybe a policy retry and not "http error code engine retry" will make a difference.

    Example of the new SESSION header not being used.
    <input>
    <driver-operation-data class-name="wsapi/workfunctions" command="query" event-id="0" src-dn="">
    <request>
    <url-token/>
    <header Accept="application/json" SESSION="20c791f8-15c7-40c3-a7fd-7cf16b5fe7cb" X-Version="2" content-type="application/json;charset=UTF-8"/>
    <value>{}</value>
    </request>
    </driver-operation-data>
    </input>
    </nds>
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: sub-execute
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: queryHandler
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: queryHandler: class-name == 'wsapi/workfunctions'
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Query: preparing GET to https://ANONYMIZED
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Setting the following HTTP request properties:
    Authorization: <content suppressed>
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: content-type:application/json;charset=UTF-8
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Accept:application/json
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: SESSION:e30eac52-22ce-4cf2-b7f1-860dd8cb1043
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: X-Version:2
    [09/28/17 07:52:23.630]:SensumSSOTest ST: SensumSSOTest: Did a HTTP GET with 0 bytes of data to https://ANONYMIZED
    [09/28/17 07:52:23.728]:SensumSSOTest ST: SensumSSOTest: Response code and message: 401 Unauthorized


    /Kristoffer
Children