Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

REST API oAuth2.0

Idea ID 1790366

REST API oAuth2.0

Hello,

Brief Description: Enable Micro Focus Operations Orchestration to leverage oAuth2.0 to authenticate against REST API.

Benefits/Value

  • oAuth2.0 provides a much stronger authentication /authorization model then Basic Auth
  • If a token gets compromised under oAuth2.0 and that tokens time to live is only set to a hour. The attacker has a limit window with that token. Unlike Basic Auth, the token (Base64) continues to be valid until the password is changed

Design details:

 

  • Have the ability to leverage cutomers identity provider, in our example Azure Active Directory
5 Comments
Micro Focus Contributor
Micro Focus Contributor
Status changed to: Waiting for Votes

This is a very good idea. Thank you for posting it!

Changing status to Waiting for Votes to get community support.

benwatt Super Contributor.
Super Contributor.

Voted this up. I had to abandon the out of the box HTTP Client options because of this, and use Powershell for REST API calls instead.

Micro Focus Expert
Micro Focus Expert

Hi Benwatt,

From the description and tag of the idea it looks like the enhancement is for OO REST API. 

From your comment above I understand you need enhancements in the HTTP Client OOTB operations as well? Can you detail a bit on this? Have you submitted any idea on the out of the box operations as well?

Thank you,

Lucian

Member.. asish
Member..

Hi Team,

 

We also , under a different project required OO application to leverage with OuthV2 authentication.

We have been updated to refer this ER  over Support ticket  SD02538439 raised for the feasibility of OuthV2.

We have an Incident flow setup with Service now and as per Company standards, all rest API integrations to configured with Outh V2, so to meet the standards, we need OO to support Outh V2 as well. Failing this , our OO application and existing integration will be marked as Non Complaint.

So expecting a quick review on this to have this prioritize.

Br,

Ashish Banyal

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Hi Ashish, 

Oauth2 protocol can be implemented in many different ways by the identity providers. Can you tell us what IDP do you use for your Oauth2? 

Regards,

Daniel

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.