Can I use cURL to run authenticated REST calls against MyIT server which is integrated with RSSO?

Version 2
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MyIT Digital Workplace


    COMPONENT:

    MyIT


    APPLIES TO:

    MyIT 3.2 (or above)



    QUESTION:

    Customers may wish to run REST commands (i.e. /ux/rest/test/ar-server etc. ) from a script. If these commands require authentication then additional calls are required to authenticate the user (login) and invalidate the session (logout). What calls are required?


    ANSWER:

    NOTE: The following was confirmed successful using cURL 7.29 on RedHat Linux 7 with MyIT 3.2 and RSSO.

    In this example case, the RSSO Server URL:Port was:-
        https://rssotest.bmc.com:8443

    The MyIT Server was reachable at:-
        http://myitrsso.bmc.com:9000/ux/myitapp


    1). Set environment variables - edit as required

    RSSO=https://rssotest.bmc.com
    RSSOPort=8443
    MYITSERVER=myitrsso.bmc.com
    MYITPORT=9000
    TENANT=myitrsso.bmc.com@015583
    YOURUSER=Allen
    YOURPWD=password



    2). Log into RSSO which returns SAML token:

    curl "$RSSO:$RSSOPort/rsso/start?goto=http%3A%2F%2F$MYITSERVER%3A9000%2Fux%2Fmyitapp%2F&tenant=$TENANT" -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8,es;q=0.6' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'Connection: keep-alive' --data "user-name=$YOURUSER&password=$YOURPWD&goto=http%3A%2F%2F$MYITSERVER%3A$MYITPORT%2Fux%2Fmyitapp%2F" --compressed --insecure -D header1;

    NOTE: File 'header1' contains sso-cookie to pass to next call.



    3). Log into MyIT which returns JSESSION:

    curl "$MYITSERVER:$MYITPORT/ux/restapi/users/sessions" -b header1 -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8,es;q=0.6' -H 'X-Requested-By: XMLHttpRequest' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' -H 'Connection: keep-alive' --data-binary '{"appName":"MyIT","apiVersion":3020000,"locale":"en-US","deviceToken":"dummyToken","os":"Mozilla/5.0","model":"Web Client"}' --compressed --insecure -D header2;

    NOTE: File 'header2' contains the JSESSION for MyIT and sso-cookie for RSSO



    4). Run required rest call - this one checks if MyIT can connect to AR Server:

    curl "$MYITSERVER:$MYITPORT/ux/rest/test/ar-server" -b header2 -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8,es;q=0.6' -H 'Upgrade-Insecure-Requests: 1'  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Connection: keep-alive' --insecure --compressed

    NOTE: We pass 'header2' to the above call



    5). Remove session in MyIT:

    curl "$MYITSERVER:$MYITPORT/ux/restapi/users/sessions/$YOURUSER" -X DELETE -b header2 -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8,es;q=0.6' -H 'Upgrade-Insecure-Requests: 1'  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Connection: keep-alive' --insecure --compressed

    NOTE: We pass 'header2' to the above call


    6). Log out of RSSO:

    curl "$MYITSERVER:$MYITPORT/ux/atssologout.html" -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8,es;q=0.6' -H 'Upgrade-Insecure-Requests: 1'  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H "Referer: $MYITSERVER:$MYITPORT/ux/myitapp/" -b header1 -H 'Connection: keep-alive' --compressed --insecure -L

    NOTE: We pass 'header1' to this call. The -L causes curl to use the token returned by this call and automatically make the call to RSSO, passing this token to invalidate it.



    NOTES
    =====
    While the above provides instruction on the calls required to login, run a command and logout from MyIT/RSSO, error handling would need to be added to determine if calls succeed or fail and react accordingly. Typically the "--output <FILE>" option would be used to direct the standard output (stdout) to a file for parsing to determine if the expected result was produced.

     


    Article Number:

    000123639


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles