Commander
Commander
370 views

using cookie authentication in rest driver

Jump to solution

Hi ,

 

As part of development we have to build rest driver based on cookie authentication. Sample curl commands looks as follows. Please anyone suggest how to map -c cookie & -b cookie in our rest driver where remaining all parameters i am able to configure in driver parameters

Process from driver :

   1. First generate the cookie from driver

     2. call that generated cookie for further rest calls from driver to a user

To Generate Cookie Curl command looks as follows: 

curl -v https://xxxxx --proxy https://xxxxxx:8080 -H 'X-Requested-With: XMLHttpRequest' -H 'Content-type: application/json' -c cookie -d '{"username": "xxxxxxxxx", "password": "xxxxxxx"}'

 

After generating cookie from above command we have to call that in next get query using -b cookie [Please let me suggest how to include -b cookie in our rest driver]

Getting user details where calling the above generated cookie to proceed further:

curl -v "https://xxxxxxr<userid>" --proxy https://xxxxx:8080 -H 'X-Requested-With: XMLHttpRequest' -H 'Content-type: application/json' -b cookie

 

Note : 1 Please suggest me how to include cookie part (-c cookie / -b cookie) in our driver where i've done with all other parameters mentioned in above curl command

 

Note 2 : Hiding actual values with xxxxx. Please don't consider them as original .Need help only in cookie part

1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Set-Cookie headers are response headers, ie. they are the by the server. You cannot set them in your client on a request.

When doing the first request (the one with username/password in the body - lets call it login) from the driver, the server's response should include the Set-Cookie header. The HTTP client in the REST driver shim caches the cookie and automatically adds it to all outgoing requests - until the cookie expires.

So before doing the get user reqeust, you need to do a login request from the driver.

It's best do define a driver scope variable to keep track of your authentication state. If you're not authenticated, do the login request and update the state if this was successful. If later a request fails because of an expired cookie, set the state to false and retry the request.

--
Norbert

View solution in original post

4 Replies
Micro Focus Expert
Micro Focus Expert

I learned in my recent project with the REST driver, that it does actually handle cookies: If the server responds to a request with a Set-Cookie header, then the driver will include that cookie in subsequent request. It is not logged in the driver's trace though.

--
Norbert
Commander
Commander

Hi klasen,

Now i tried with below setting in driver parameter but getting error as "401 Unauthorized". Please suggest your findings too which will helpful to me

Step 1 :for setting cookie -- in driver parameters included the 

         Header Name : Set-Cookie

         Header Value : SSOcookie

 

Step 2 : Then to include cookie in next subsequent request i've included below header in driver parameters
        

         Header Name : Cookie

         Header Value : SSOcookie

 

Micro Focus Expert
Micro Focus Expert

Set-Cookie headers are response headers, ie. they are the by the server. You cannot set them in your client on a request.

When doing the first request (the one with username/password in the body - lets call it login) from the driver, the server's response should include the Set-Cookie header. The HTTP client in the REST driver shim caches the cookie and automatically adds it to all outgoing requests - until the cookie expires.

So before doing the get user reqeust, you need to do a login request from the driver.

It's best do define a driver scope variable to keep track of your authentication state. If you're not authenticated, do the login request and update the state if this was successful. If later a request fails because of an expired cookie, set the state to false and retry the request.

--
Norbert

View solution in original post

Commander
Commander

Thank You . It's Working

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.